topic Re: IP address to Country in Operating System - HP-UX

IP address to Country

Allanm — Thu, 24 Sep 2009 05:32:46 GMT

Based on the security issue we had recently, we want to take a proactive approach to it.

What we have thought is that get the IP address of a customer and see a pattern of his activity as to what IP he/she generally uses to login into our site and if its from a certain Country for a consistent period of time and it suddenly changes from lets say from Germany to Sudan then it should alert us.

How to implement this.Can someone suggest a wget/curl type of solution for this.

Has someone implemented something like this for their website. Something like an internet surveillance.

Please share thoughts...

Thanks,
Allan.

Re: IP address to Country

Matti_Kurkela — Thu, 24 Sep 2009 05:50:58 GMT

Mapping from IP address to a country is not very simple, as the IP address blocks are generally assigned to organizations, not countries. A multi-national company may easily have servers in multiple countries in the same IP address block, connected together by the internal network of the company.

There are "GeoIP" services in the Internet that can map IP addresses to countries, but they are not necessarily free to use... and their results are not guaranteed always 100% up-to-date, so some results may be false.

Google for "geolocation", "geotargeting" or "GeoIP".

MK

Re: IP address to Country

Steven E. Protter — Thu, 24 Sep 2009 11:30:02 GMT

Shalom Allan,

Please take not of the fact that IP addreses can be faked and forged.

Hiding the IP address one is connecting to your system is from is a reasonably easy thing to do.

As noted above you can get a general geographic idea from the IP address if it is not forged. There are a number of websites that provide this data but they require interactive use, and generally won't work with a script.

SEP

Re: IP address to Country

Allanm — Thu, 24 Sep 2009 19:12:11 GMT

Any other ideas will be most welcome.

Re: IP address to Country

Allanm — Thu, 24 Sep 2009 19:23:20 GMT

My question is how to immunize customers ....

What technology is available to make sure that only legitimate customers login into a website...

I am talking about 250k users, so a scalable solution would be required.

Re: IP address to Country

TwoProc — Thu, 24 Sep 2009 19:39:23 GMT

Re: "only legitimate customers" ... that's funny, and practically impossible-> practically speaking...

As soon as you've got that little "ONLY" part figured out - you would make MILLIONS!!!
:-)

Re: IP address to Country

Steven Schweda — Thu, 24 Sep 2009 21:48:30 GMT

> What technology is available to make sure
> that only legitimate customers login into a
> website...

Are they really logging into the Web site,
like with a user name and password, or are
you talking about plain-old (unauthenticated)
Web server access?

You could use Wget/cURL to send queries to
Web forms at places like
http://ws.arin.net/whois/
http://www.db.ripe.net/whois
http://wq.apnic.net/apnic-bin/whois.pl
and so on (or use "whois" to their "whois"
servers), but it might not be very simple,
fast, or reliable.

> [...] suddenly changes [...]

If you keep good records, then it should be
possible to look for changes in the usage
patterns.

> [...] the security issue we had recently
> [...]

Knowing nothing about the incident, it's hard
to say if what you wish to do makes any
sense.