|
Author: B.Wan Kenobi (22 Feb 12 3:27am)
Hi, it sounds like sometimes the country mapping for IPs isn't working properly; for example. the entry related to 141.105.65.156, that is
http://www.projecthoneypot.org/ip_141.105.65.156
lists the country as "unknown"; now, I don't know how you implemented the country detection, but a relatively easy way to implement it would be using the CYMRU DNS lists; basically, you start by issuing a TXT query like
dig 156.65.105.141.origin.asn.cymru.com. TXT
which will result in the following infos
"49335 | 141.105.64.0/21 | RU | ripencc | 2011-06-27"
then willing to collect some more data (the above already lists the AS number and the country to which the IP block is assigned to) you may go on using the returned AS number to run a second query like
dig as49335.asn.cymru.com. TXT
which in turn will return the following
"49335 | CZ | ripencc | 2009-05-20 | NCONNECT-AS Navitel Rusconnect Ltd"
so, now we know that the AS number is allocated to CZ but that the IP (the netblock) is a Russian one; for furter infos you may look at
http://www.team-cymru.org/Services/ip-to-asn.html
but in any case, I think that the above will avoid listing IP countries as "unknown"
my 2 cents
|
Welcome to Project Honey Pot | Login