Date: Wed, 29 Dec 2021 23:16:45 -0800 From: Michael Sierchio <kudzu@tenebras.com> To: "Steve O'Hara-Smith" <steve@sohara.org> Cc: Kurt Hackenberg <kh@panix.com>, "questions@FreeBSD.org" <questions@freebsd.org> Subject: Re: ipfw syntax clarification Message-ID: <CAHu1Y73puvD4kNDonRYv1sDujVyFh3ncF2OVs9eF35K04O3Jmw@mail.gmail.com> In-Reply-To: <20211230070529.9dba7412d68b6c417251058d@sohara.org> References: <8b2c341d-10e6-51a2-0654-86f4394865c7@tundraware.com> <Yc1MxCxJ6Mk6bsdf@rain.home> <CAHu1Y72AgMjVhv_qE1C529NcQbGOi0O-4vRTKNeO2PHK=_t%2BVQ@mail.gmail.com> <20211230070529.9dba7412d68b6c417251058d@sohara.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000005e646905d457d872 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Dec 29, 2021 at 11:05 PM Steve O'Hara-Smith <steve@sohara.org> wrote: > On Wed, 29 Dec 2021 22:32:20 -0800 > Michael Sierchio <kudzu@tenebras.com> wrote: > > > Actual location of IP addresses > > is something known to the CDNs (Akamai, Cloudflare, AWS, etc.) and is > > somewhat proprietary. > > Even they only guess based on what they can find out about who > controls which block, Not so =E2=80=93 the location DB used by the large CDNs are empirical, and = based on RTT of probes which happen all the time from many different geo locations. It's pretty easy to infer where the targets are. These are usually ICMP PINGs in groups of 3 =E2=80=93 sometimes they are TCP to a presumably close= d port, expecting a RST. > > -- > Steve O'Hara-Smith <steve@sohara.org> > --0000000000005e646905d457d872 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Wed, Dec 29, 2021 at 11:05 PM Stev= e O'Hara-Smith <<a href=3D"mailto:steve@sohara.org">steve@sohara.org= </a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:= 0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">= On Wed, 29 Dec 2021 22:32:20 -0800<br> Michael Sierchio <<a href=3D"mailto:kudzu@tenebras.com" target=3D"_blank= ">kudzu@tenebras.com</a>> wrote:<br> <br> > Actual location of IP addresses<br> > is something known to the CDNs (Akamai, Cloudflare, AWS, etc.) and is<= br> > somewhat proprietary.<br> <br> =C2=A0 =C2=A0 =C2=A0 =C2=A0 Even they only guess based on what they can fin= d out about who<br> controls which block, </blockquote><div><br></div><div>Not so =E2=80=93 the= location DB used by the large CDNs are empirical, and based on RTT of prob= es which happen all the time from many different geo locations.=C2=A0 It= 9;s pretty easy to infer where the targets are.=C2=A0 These are usually ICM= P PINGs in groups of 3 =E2=80=93 sometimes they are TCP to a presumably clo= sed port, expecting a RST.=C2=A0 =C2=A0</div><div>=C2=A0<br></div><blockquo= te class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px = solid rgb(204,204,204);padding-left:1ex"> <br> -- <br> Steve O'Hara-Smith <<a href=3D"mailto:steve@sohara.org" target=3D"_b= lank">steve@sohara.org</a>><br> </blockquote></div></div> --0000000000005e646905d457d872--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y73puvD4kNDonRYv1sDujVyFh3ncF2OVs9eF35K04O3Jmw>