Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Recent Phishing Uptick

From: Mike Iglesias <iglesias () UCI EDU>
Date: Fri, 21 Feb 2014 06:36:53 -0800
On 02/21/2014 06:32 AM, Frank Barton wrote:

Thank you for the link/steps David. I was able to get in, and by using it find
out that one of our users that had their password compromised accounts was
logged into both from Nigeria and India.

I saw that some of these logins were flagged as suspicious. (I wish I knew more
about Google's definition of suspicious) but I got to thinking that it would be
relatively simple to write up something that checks using the API on a regular
basis, and checks unknown IP addresses against a geolocation service (and that
caches this geolocation data to save on future lookups).

before I start writing code, does anybody know if such a system already exists?
what geolocation services have people used that they are happy with?


If you're using perl, you can use the Geo::IP::PurePerl package to get country
codes for an IP address.  You do need to update the data that it uses, but
that's a pretty simple shell script that you can run weekly.


-- 
Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270
Previous By Date Next
Previous By Thread Next

Current thread: