[9fans] IP geolocation bug

[9fans] IP geolocation bug

[Alex Kritikos]

Hello,

I have a fresh install of Plan 9 on QEMU, and networking (hget, ssh) works.

When I do a "9fs sources", I get:

  srv tcp!sources.cs.bell-labs.com!9fs: mount failed: restricted remote access

Looking at sys/src/cmd/fossil/9p.c, this error occurs when the IP
address maps to a country where cryptography export is prohibited by
U.S. law.  However, I am in Kansas.

For reference, my IP is currently 66.45.153.204, and my ISP only
changes it once every couple months.

If I am correct, can the /mnt/ipok at sources.cs.bell-labs.com be
changed to allow connections from Kansas?

If I not correct, this will be a very silly email.

Thanks,
Alex Kritikos

Re: [9fans] IP geolocation bug

[Russ Cox]

>   srv tcp!sources.cs.bell-labs.com!9fs: mount failed: restricted remote access

Fixed, sorry.  The DNS process had died and been restarted,
but the external program that checks IP addresses still had the
old one in its name space.

Russ

Re: [9fans] IP geolocation bug

[Lyndon Nerenberg]

On Apr 2, 2007, at 9:00 PM, Russ Cox wrote:

> Fixed, sorry.  The DNS process had died and been restarted,
> but the external program that checks IP addresses still had the
> old one in its name space.

Out of idle curiosity, what is the algorithm for determining the  
country of origin?

Re: [9fans] IP geolocation bug

[Bruce Ellis]

the code is very cool.  presto wrote it.  not sure if it's public
tho i have a limbo version.

brucee

On 4/3/07, Lyndon Nerenberg <lyndon@orthanc.ca> wrote:
>
> On Apr 2, 2007, at 9:00 PM, Russ Cox wrote:
>
> > Fixed, sorry.  The DNS process had died and been restarted,
> > but the external program that checks IP addresses still had the
> > old one in its name space.
>
> Out of idle curiosity, what is the algorithm for determining the
> country of origin?
>

Re: [9fans] IP geolocation bug

[Lyndon Nerenberg]

On Apr 2, 2007, at 11:29 PM, Bruce Ellis wrote:

> the code is very cool.  presto wrote it.  not sure if it's public
> tho i have a limbo version.

I guess I'm more curious about how to validate the database of source  
IP addresses in the face of tunneling.  The Nanog crowd simply foams  
at the mouth when this subject comes up.

Has someone come up with a way to characterize packet flows through  
tunnels in a way that makes it possible to fingerprint the origin?   
That can fingerprint the client on the far end of Tor a pipe?

--lyndon

Re: [9fans] IP geolocation bug

[Bruce Ellis]

it scrounges around, as would the author, and makes a good guess.
the ozinferno http service uses the algorithm.  it blocks kansas
(only kidding).

brucee

On 4/3/07, Lyndon Nerenberg <lyndon@orthanc.ca> wrote:
>
> On Apr 2, 2007, at 11:29 PM, Bruce Ellis wrote:
>
> > the code is very cool.  presto wrote it.  not sure if it's public
> > tho i have a limbo version.
>
> I guess I'm more curious about how to validate the database of source
> IP addresses in the face of tunneling.  The Nanog crowd simply foams
> at the mouth when this subject comes up.
>
> Has someone come up with a way to characterize packet flows through
> tunnels in a way that makes it possible to fingerprint the origin?
> That can fingerprint the client on the far end of Tor a pipe?
>
> --lyndon
>

Re: [9fans] IP geolocation bug

[Lyndon Nerenberg]

On Apr 3, 2007, at 12:41 AM, Bruce Ellis wrote:

> it blocks kansas

That's easy -- there's nobody there.