MX Geo-filtering problems / Russian

SOLVED
NordOps
Getting noticed

MX Geo-filtering problems / Russian

We just had a couple customers that called in having problems to specbooks.com 

 

Nslookup reveals

 

Non-authoritative answer:
Name: specbooks.com
Address: 74.208.210.187
Aliases: www.specbooks.com

 

This tool classifies that IP block as Russian

https://www.maxmind.com/en/geoip-demo

NordOps_0-1647032092778.png

 

 

Other tools do not

NetRange:       74.208.0.0 - 74.208.255.255
CIDR:           74.208.0.0/16
NetName:        1AN1-NETWORK
NetHandle:      NET-74-208-0-0-1
Parent:         NET74 (NET-74-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS8560
Organization:   IONOS Inc. (11INT)
RegDate:        2006-11-22
Updated:        2017-08-09

 

Anyone experience false positives with the geo filtering?  Would be nice to have the Content Filtering take priority over the Geo-Filtering but wondering if anyone else is having problems with it today.  This seems to have just started today.  

 

1 ACCEPTED SOLUTION
DarrenOC
Kind of a big deal
Kind of a big deal

Yep, we’ve had this a few times happen to various customers.  It may just clear itself when those various datasets are updated but sometimes we’ve had to remove the geo filter.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

2 REPLIES 2
DarrenOC
Kind of a big deal
Kind of a big deal

Yep, we’ve had this a few times happen to various customers.  It may just clear itself when those various datasets are updated but sometimes we’ve had to remove the geo filter.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal
Kind of a big deal

The output from the second tool you show, whois, does not show where the IP block is in use.  It shows where the company that registered the IP block is based.  This is a very different thing.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels