IP addresses to countries

30/07/2007, 01h06

I have a file full of unique IP addresses, one per line, from
machines that I block access to my server. At present I use a
script to add each individual IP to an iptables ruleset.

I've collected over a hundred, and I am interested in the
statistics of what countries they are commonly from. I know I
could manually check each one but would prefer, obviously, to use
a simple script to do the job as the list grows.

What I would like the script to do is check each IP address, get
the IP block/range it belongs to along with what country it's
from. Would you use whois $IP_ADDR, grep 'inetnum' and
'country'? When I tried manually on a couple, I got "Unknown AS
number or IP network. Please upgrade this program."

Any ideas/pointers?

--
Troy Piggins | http://piggo.com/~troy
RLU#415538 ,-O (o- O
O ) //\ O
`-O V_/_ OOO

30/07/2007, 04h21

On Mon, 30 Jul 2007 10:06:33 +1000
Troy Piggins <usenet-0707@piggo.com> wrote:

> What I would like the script to do is check each IP address,
> get the IP block/range it belongs to along with what country
> it's from. Would you use whois $IP_ADDR, grep 'inetnum' and
> 'country'? When I tried manually on a couple, I got "Unknown
> AS number or IP network. Please upgrade this program."

Well, its a little more complicated than that. You have to use
whois (with -a option) to index into the known set of databases
to
search (ie., ARIN, RIPE, LACNIC etc.)

Its easier to go to an ip2country compiled database to search,
like the one I indicate below. The problem then is that the ip
ranges for a country are given in decimal. And note that
sometimes the data is in quotes, so you need to strip those.

It sure would be nice if a file like ip2country existed already
in dotted IPAddress format. But have not found one, only the
decimal one.

I wrote several pipeable scripts that do the conversion from
decimal -> hex -> dotted IPAdress:

cat or grep something | dec2hex | hex2ip

There are several World IP databases, for example, those
available at
http://software77.net/geoip-software.htm

the linuxTheTools conversion utils are available at
http://www.sysdev.org/site

or better still, just browse and pick from
ftp://ftp.sysdev.org/pub/lintools/LT...urrent/usr/bin

TonyB

There are 10 types of people in this world, those that read
binary and those who don't!

--
__ __ _ I N C. http://www.sysdev.org
/ __|\\// __|| \ __ __ / tonyb@sysdev.org
\__ \ \/\__ \||)|/ O_)\/ / \/ System Tools / Utilities
|___/ || ___/|_ /\___|\_/ WIntel / Linux Device Drivers

30/07/2007, 05h02

* Tony Borras is quoted & my replies are inline below :
> On Mon, 30 Jul 2007 10:06:33 +1000 Troy Piggins
> <usenet-0707@piggo.com> wrote:
>
>> What I would like the script to do is check each IP address,
>> get the IP block/range it belongs to along with what country
>> it's from. Would you use whois $IP_ADDR, grep 'inetnum' and
>> 'country'? When I tried manually on a couple, I got "Unknown
>> AS number or IP network. Please upgrade this program."
>
> Well, its a little more complicated than that. You have to use
> whois (with -a option) to index into the known set of databases
> to search (ie., ARIN, RIPE, LACNIC etc.)
>
> Its easier to go to an ip2country compiled database to search,
> like the one I indicate below. The problem then is that the ip
> ranges for a country are given in decimal. And note that
> sometimes the data is in quotes, so you need to strip those.
>
> It sure would be nice if a file like ip2country existed already
> in dotted IPAddress format. But have not found one, only the
> decimal one.
>
> I wrote several pipeable scripts that do the conversion from
> decimal -> hex -> dotted IPAdress:
>
> cat or grep something | dec2hex | hex2ip

Ok, I'll look into something like that.

> There are several World IP databases, for example, those
> available at http://software77.net/geoip-software.htm
>
> the linuxTheTools conversion utils are available at
> http://www.sysdev.org/site
>
> or better still, just browse and pick from
> ftp://ftp.sysdev.org/pub/lintools/LT...urrent/usr/bin

sysdev.org seems to be down :-(

--
Troy Piggins | http://piggo.com/~troy
RLU#415538 ,-O (o- O
O ) //\ O
`-O V_/_ OOO

30/07/2007, 06h12

Tony Borras wrote:
>
> There are several World IP databases, for example, those
> available at
> http://software77.net/geoip-software.htm

I went to the download page for that database and they incorrectly identified
me as being in the USA so I wonder how good it is?

John
--
Perl isn't a toolbox, but a small machine shop where you
can special-order certain sorts of tools at low cost and
in short order. -- Larry Wall

30/07/2007, 01h06	#1
Troy Piggins Messages: n/a Hébergeur:	IP addresses to countries I have a file full of unique IP addresses, one per line, from machines that I block access to my server. At present I use a script to add each individual IP to an iptables ruleset. I've collected over a hundred, and I am interested in the statistics of what countries they are commonly from. I know I could manually check each one but would prefer, obviously, to use a simple script to do the job as the list grows. What I would like the script to do is check each IP address, get the IP block/range it belongs to along with what country it's from. Would you use whois $IP_ADDR, grep 'inetnum' and 'country'? When I tried manually on a couple, I got "Unknown AS number or IP network. Please upgrade this program." Any ideas/pointers? -- Troy Piggins \| http://piggo.com/~troy RLU#415538 ,-O (o- O O ) //\ O `-O V_/_ OOO

30/07/2007, 04h21	#2
Tony Borras Messages: n/a Hébergeur:	Re: IP addresses to countries On Mon, 30 Jul 2007 10:06:33 +1000 Troy Piggins <usenet-0707@piggo.com> wrote: > What I would like the script to do is check each IP address, > get the IP block/range it belongs to along with what country > it's from. Would you use whois $IP_ADDR, grep 'inetnum' and > 'country'? When I tried manually on a couple, I got "Unknown > AS number or IP network. Please upgrade this program." Well, its a little more complicated than that. You have to use whois (with -a option) to index into the known set of databases to search (ie., ARIN, RIPE, LACNIC etc.) Its easier to go to an ip2country compiled database to search, like the one I indicate below. The problem then is that the ip ranges for a country are given in decimal. And note that sometimes the data is in quotes, so you need to strip those. It sure would be nice if a file like ip2country existed already in dotted IPAddress format. But have not found one, only the decimal one. I wrote several pipeable scripts that do the conversion from decimal -> hex -> dotted IPAdress: cat or grep something \| dec2hex \| hex2ip There are several World IP databases, for example, those available at http://software77.net/geoip-software.htm the linuxTheTools conversion utils are available at http://www.sysdev.org/site or better still, just browse and pick from ftp://ftp.sysdev.org/pub/lintools/LT...urrent/usr/bin TonyB There are 10 types of people in this world, those that read binary and those who don't! -- __ __ _ I N C. http://www.sysdev.org / __\|\\// __\|\| \ __ __ / tonyb@sysdev.org \__ \ \/\__ \\|\|)\|/ O_)\/ / \/ System Tools / Utilities \|___/ \|\| ___/\|_ /\___\|\_/ WIntel / Linux Device Drivers

30/07/2007, 05h02	#3
Troy Piggins Messages: n/a Hébergeur:	Re: IP addresses to countries * Tony Borras is quoted & my replies are inline below : > On Mon, 30 Jul 2007 10:06:33 +1000 Troy Piggins > <usenet-0707@piggo.com> wrote: > >> What I would like the script to do is check each IP address, >> get the IP block/range it belongs to along with what country >> it's from. Would you use whois $IP_ADDR, grep 'inetnum' and >> 'country'? When I tried manually on a couple, I got "Unknown >> AS number or IP network. Please upgrade this program." > > Well, its a little more complicated than that. You have to use > whois (with -a option) to index into the known set of databases > to search (ie., ARIN, RIPE, LACNIC etc.) > > Its easier to go to an ip2country compiled database to search, > like the one I indicate below. The problem then is that the ip > ranges for a country are given in decimal. And note that > sometimes the data is in quotes, so you need to strip those. > > It sure would be nice if a file like ip2country existed already > in dotted IPAddress format. But have not found one, only the > decimal one. > > I wrote several pipeable scripts that do the conversion from > decimal -> hex -> dotted IPAdress: > > cat or grep something \| dec2hex \| hex2ip Ok, I'll look into something like that. > There are several World IP databases, for example, those > available at http://software77.net/geoip-software.htm > > the linuxTheTools conversion utils are available at > http://www.sysdev.org/site > > or better still, just browse and pick from > ftp://ftp.sysdev.org/pub/lintools/LT...urrent/usr/bin sysdev.org seems to be down :-( -- Troy Piggins \| http://piggo.com/~troy RLU#415538 ,-O (o- O O ) //\ O `-O V_/_ OOO

30/07/2007, 06h12	#4
John W. Krahn Messages: n/a Hébergeur:	Re: IP addresses to countries Tony Borras wrote: > > There are several World IP databases, for example, those > available at > http://software77.net/geoip-software.htm I went to the download page for that database and they incorrectly identified me as being in the USA so I wonder how good it is? John -- Perl isn't a toolbox, but a small machine shop where you can special-order certain sorts of tools at low cost and in short order. -- Larry Wall

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email