Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IP based geolocation and the [NSE] ip-geolocation

From: "Michael" <mpattrick () rhinovirus org>
Date: Tue, 31 May 2011 16:44:56 -0400
+1 on using multiple services, I've recently run into a Geo-IP database
that was ~5 years out of date on select IPs. Using multiple services
could potentially expose inaccurate data. I wonder if you could
incorporate the numbers authority's stats
files[ftp://ftp.arin.net/pub/stats/], they are large and only give
country but it's as up to date as you can get thus a good way to sanity
check the results of another service.

I'd advise against using a reverse engineered Microsoft protocol. It
would be very easy for Microsoft to break your script by changing the
protocol slightly, resulting in wasted effort.

-M

On Tue, 31 May 2011 14:15 +0300, "Toni Ruottu" <toni.ruottu () iki fi>
wrote:

One thing I am unsure of is, whether one script here is better than
multiple. You could decide to have one script for each location
service. That way you could decide to use only one of them by calling
the one on the command line.

On Mon, May 30, 2011 at 6:29 PM, Gorjan Petrovski <mogi57 () gmail com>
wrote:

Hi,

I'm currently researching methods of IP-based geolocation, so after a
couple of days of browsing I've decided to consult this list.

Apart from a lookup in a geolocation database (Google Geolocation
API[1]), I haven't found anything that would be as useful as that
method. But I really want this to be an awesome script, so if anyone
has more info on other methods, I'd be pleased to hear it.
There is also the Microsoft Geolocation API[2] which IE9 uses, but I
haven't been able to find direct access to the API, so I guess in
order to use that I'd have to emulate the protocol that IE9 uses.

I've also ran into a useful book I'm going through these days[3].

On the second NSE meeting two weeks ago, there was talk about the
needed execution parallelism of this script (for ex. if a range of IPs
is selected). But if I'm using the Google Geolocation API through the
http library and pipeline the requests, there would be no need for
implementing additional parallelism, right?

1. http://code.google.com/apis/gears/geolocation_network_protocol.html
2. http://msdn.microsoft.com/en-us/library/gg589513(v=vs.85).aspx
3. http://books.google.com/books?id=OOjII_9BA0cC&lpg=PP1&dq=isbn%3A0072263776&pg=PA14#v=onepage&q&f=false

Cheers,
Gorjan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: