Wrong Country on Threat Management
Hello
I see there is threat detail from the island of Mauritius
However this IP comes UP from AS from China. Please clarify. I have blocked China. This is no good because it is allowing traffic from China.
Please provide fix ASAP
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Vincent-TP I am using the software controller on a Ubuntu 24.04 VM.
I have the latest version 6.2.0.17 is up to date.
So I have blocked all countries at the ACL level as well as the Map GeoBlock Thing. I havent seen a report like the one for Mauritania again, meaning I have not seen another case where IP shows mixed Countries.
I am unable to upload the screenshot now because i realize my logs have limits so is not stored any longer.
I will report again if I see this case happening again. Thank you very much for your attention Mr Vincent, I hope you have a nice rest of your week
- Copy Link
- Report Inappropriate Content
Hi @maurirope
Thanks for posting here.
To understand the situation better, please give us the following info:
1. Which country is the router installed in?
2. What's the hardware version and firmware version of the ER7206?
3. I have blocked China.
>>>Please share the related config screenshots, is it WAN-in ACL? Please also include the selected country/region, cause we have a separate option for HK.
- Copy Link
- Report Inappropriate Content
The geoblock lists are not 100% foolproof and cant be as IPs, BGP, VPNs routing all sorts of things can reorder packets all over the world sometimes. Also, ISP stuff like CGNAT can effect where an IP shows up as, it depends where the public IP terminates and the internal ISP routing begins, as well as websites that attempt to tell you where an IP actually is can also be wrong - my ISP static public always lists as a different country in the UK as thats where their datacentre is.
- Copy Link
- Report Inappropriate Content
@Vincent-TP
1- This is installed in Uruguay 2- The ER7206 is v2.0 with hardware v2.2.3 3- I have blocked China from Geomap page in security under global view, I tried to upload the screenshot, but somehow this forum wont allow to update screenshot, didnt allow me to update the post either as it says can only post 1 post per day. I will try to show screenshot
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@maurirope This is more misleading now for Hong Kong because it shows as blocked as whole china but it is not, now I understand why I still see the 1 thing hitting my IPS from hong Kong.
Anyway that is a separate issue, the issue was that traffic showing on MAP from Mauritania is actually a Hong Kong ASN ISP
I am unable to upload the screenshot for that right now because I uploaded the hong kong screenshot, that is a bit silly
- Copy Link
- Report Inappropriate Content
sorry I do get that IP Blocks change from time to time but you should be able to tell to what COUNTRY the IP belongs.
Its not like a difference of COUNTIES or provinces or whatever i could understand that, but either there is no mechanism for country lists updates, or is so behind that is not keeping up with ICANN normal operations.
i dont think it is that common for a whole network to be transferred from mauritania to hong kong that often. I get that IP is scarce and to guarantee efficiency they have to reassign administer but under the same pretense one would think mauritania holds their ips most they can as well.
so this thing is based on trust you should be able to continue trusting it can get country right
- Copy Link
- Report Inappropriate Content
Hi @maurirope
Thanks for the reply.
One more info we want to confirm, what kind of controller are you using? And what's the firmware version?
Sometimes, to upload pictures on the forum, you need to click Enter after copying and pasting them. Please try again.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Vincent-TP I am using the software controller on a Ubuntu 24.04 VM.
I have the latest version 6.2.0.17 is up to date.
So I have blocked all countries at the ACL level as well as the Map GeoBlock Thing. I havent seen a report like the one for Mauritania again, meaning I have not seen another case where IP shows mixed Countries.
I am unable to upload the screenshot now because i realize my logs have limits so is not stored any longer.
I will report again if I see this case happening again. Thank you very much for your attention Mr Vincent, I hope you have a nice rest of your week
- Copy Link
- Report Inappropriate Content
Hi @maurirope
Thanks for your reply.
We will also reconfirm and update our database to ensure that this mixed-countries phenomenon does not happen again.
If you have any questions, please feel free to contact us.
maurirope wrote
@Vincent-TP I am using the software controller on a Ubuntu 24.04 VM.
I have the latest version 6.2.0.17 is up to date.
So I have blocked all countries at the ACL level as well as the Map GeoBlock Thing. I havent seen a report like the one for Mauritania again, meaning I have not seen another case where IP shows mixed Countries.
I am unable to upload the screenshot now because i realize my logs have limits so is not stored any longer.
I will report again if I see this case happening again. Thank you very much for your attention Mr Vincent, I hope you have a nice rest of your week
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 259
Replies: 10
Voters 0
No one has voted for it yet.