While I was messing with bgp and slinging subnets around, the good people in the Route48 IPv6 discord were talking about geolocating north korean addresses.. This piqued my interest and wondered if I can also do the same. Obviously, I had to learn how can IPs be translated into geolocations.. Can’t be magic, right?

A quick peek into the geolocation world

IP addresses are just numbers.. They have no real property that says “This address is from X country, Y city and Z street”. For example if we take 2001:db8::b00b:5, there is no real identifier. It’s just a number. Likewise for IPv4, Looking at 192.0.2.1 reveals no real geo location identifier. So what gives?

Sure, you can look at the RIR IRR databases.. Some of them have a country attached to the prefix entry, but that’s also not how a website can geolocate you. The truth is, there’s a bunch of companies with databases on each prefix and its geolocation. They initially take their information from the IRR database, however, IP owners such as ISPs can contact the geolocation provider and ask them to correct the entry or make it more precise. But it’s a very tedious task to email them everytime you have a new group of IPs or want to change an entry. Fortunately, that’s where geofeeds come in.

Geofeeds

A geofeed is a .csv file hosted somewhere easily accessible by the geolocation providers, its purpose is to be polled every {Hour, Day, Week, Month} depending on the database and their policy. For example, my geofeed as of the time of writing is:

2a0a:6040:4900::/47,IQ,IQ-BG,Baghdad,,
2a0a:6040:4902::/48,LU,,Bissen,,
2a0a:6040:4903::/48,DE,DE-HE,Frankfurt,,
2a0a:6040:4904::/48,JP,JP-13,Tokyo,,
2a0a:6040:4905::/48,KP,KP-01,,,
2a06:a005:1275::/48,IQ,IQ-BG,Baghdad,,
104.167.230.0/24,IQ,IQ-BG,Baghdad,,

As you can see, the first entry is the prefix, then the country, region and city. You can get down to the postal code but that wasn’t necessary in my case. Anyhow, those of you with a keen eye may have noticed KP in there.. That’s the North Korean 2 letter code! Geolocation providers obviously won’t accept a North Korean entry manually so I had to send my geofeed without a KP entry first. After it got accepted and added to be polled regularly, I added the North Korean prefix. And what do you know, it works!

Speedtest.net shows the closest server is in Russia.. Guess North Korea has no speedtest servers. So that was fun! What now? Well I’ve learned a few things, including but not limited to:

• I’m now a North Korean.
• Addresses can actually be geolocated anywhere and it’s completely arbitrary.
• An IP address or a range has no technical connection to where it’s truly being used.
• Geofeeds exist. Providing an easy way for ISPs to update their geolocation info.