This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ED
Advisor
‎2020-08-13 12:05 AM

Geopolicy blocks 8.8.8.8 (India)

Hi everyone,

 

If you have geo policy enabled and blocking to and from India your DNS request for Google 8.8.8.8 will be blocked. 

Checking IP 8.8.8.8 now shows India.

 

Anyone else seeing this?

 

0 Kudos
7 Replies
_Val_
Admin
Admin
‎2020-08-13 12:18 AM

Please go to https://ipstack.com/ and show output you have for 8.8.8.8

0 Kudos
ED
Advisor
‎2020-08-13 12:20 AM
In response to _Val_

The output shows US but I believe Check Point is using Maxmind? 

Maxmind shows India.

 

You can check yourself https://www.maxmind.com/en/geoip-demo

 

Thanks for the quick reply.

0 Kudos
_Val_
Admin
Admin
‎2020-08-13 12:26 AM
In response to ED

You are correct, it does how India. I would suggest TAC case, if you believe this info is incorrect. You can also send a correction directly to the service via the online form.Not sure, how effective that would be.

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2020-08-13 05:42 AM

Running a traceroute to 8.8.8.8 from the USA and looking at the hops leading up to the final 8.8.8.8 destination and the relatively low latencies at each hop (15 ms or less), my opinion is the India classification for that address is not correct.

Also when blocking countries with Geo Policy it is usually a good idea to create an exception for all domain-udp and domain-tcp traffic to avoid what I call "Indirect DNS blocks" in my book, which can cause seemingly random failures accessing certain sites whose server location and/or DNS service happen to load-balance into a blocked country.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Steve_Spohn
Participant
‎2020-08-13 06:14 AM
In response to Timothy_Hall

I saw the same behavior this morning w/ 8.8.8.8 being classified in India. Thanks for the best practice suggestion, makes sense to me, was an easy fix!

0 Kudos
HristoGrigorov
MVP Gold
MVP Gold
‎2020-08-13 09:01 PM
In response to Steve_Spohn

I went hardcore and blocked some countries using fwaccel dos rate command 😀 As I am using upstream DNS as forwarder, that seems to take care of the problem with accessing sites, etc.

0 Kudos
Tobias_Moritz
Advisor
‎2020-08-14 05:45 AM

Well, locating the well known Google DNS server 8.8.8.8 in India is right and wrong at the same time.

Google uses anycast routing to give you the nearest operational server, depending on your source network.

See Wikipedia article about Google Public DNS.

Geolocation databases cannot show the right info here, as these adresses cannot be assigned to a fixed location.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events