1 / 8

country2ip

country2ip. mapping entire country netblocks. Done already publicly? . Probably not (according to Google) We found many “ip2country” services, but NOT “country2ip”. Registry DBs (whois). Interesting fields “country:” “ inetnum:” “ NetRange:”. Mapping Methodology.

saima
Download Presentation

country2ip

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. country2ip mapping entire country netblocks

  2. Done already publicly? • Probably not (according to Google) • We found many “ip2country” services, but NOT “country2ip”

  3. Registry DBs (whois) • Interesting fields • “country:” • “ inetnum:” • “ NetRange:”

  4. Mapping Methodology • Generate random IP address every X seconds (bash bots?) • Make whois lookup to random IP address • Grab netblock and country code and write to a database • Simply query a geoip DB

  5. Problems • Country to which a netblock is registered is NOT necessarily the location of the servers using IP addresses in that netblock • Many others!!!

  6. Applications for this data • Electronic warfare • Legal port-scanning • Exploitation of international politics for crackers when breaking into computers (finding hopping point in Cuba to attack a machine in the US?) • Any other ideas? 

  7. Open source geoip DBs • http://www.maxmind.com/download/geoip/database/ • http://tqmcube.com/worldcidr.php

  8. Lame PoC • http://ikwt.com/projects/country2ip • Security monkeys that researched this topic: • pdp [http://gnucitizen.org/] • pagvac [http://ikwt.com/]

More Related