Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: SANS IP data inconsistency SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SANS IP data inconsistency
My Azure VM in the WestUS2 data center (Washington State) was recently assigned an IP address of 51.143.101.191. This showed up in my flow reports as Country=GB. Delving further into it I found a discrepancy between two SANS utilities I often use.

IP Info - Shows Country=GB [0].
WhereIs [IP] - Shows Country=US [1].

FWIW, APNIC [2] shows Country=GB while Maxmind [3] shows Country=US.

[0] https://isc.sans.edu/ipinfo.html?ip=51.143.101.191
[1] https://isc.sans.edu/tools/whereis.html
[2] http://wq.apnic.net/static/search.html
[3] https://www.maxmind.com/en/geoip-demo
phbits

2 Posts

Sign Up for Free or Log In to start participating in the conversation!