Re: [NSE] ip-geolocation

[Jacob Appelbaum <jacob () appelbaum net>]

On Fri, Jun 10, 2011 at 8:34 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
> Hello Jacob,
>
> Thanks for your reply.

Sure thing!

> Your program is very cool indeed. I like how instead of relying on
> external services it gathers data directly from the sources, like a
> fast localized whois, and the parsing is really truly fast.

That's the idea but the reverse lookup is of course meant to be a very
specific kind of whois.

> Unfortunately because it stores the data locally(and it's a lot of
> data) I'm afraid it won't be a fitting addition for Nmap.

I actually started writing it specifically for use with nmap.

> Apart from
> that I can see that it relies on the Maxmind databases for
> geolocation, and I've already implemented that. As I mentioned in my
> first email, my implementation for parsing the Maxmind databases is
> likely to be dropped because of unneeded redundancy and the fact that
> the user has to download the databases.

We can easily modify blockfinder to use a GeoIP database already on the system.

> Nevertheless I'll discuss your
> method of whois with the NSE mentors.

Neato.

> Hopefully, someone will answer these posts too.
>
> As for me, I'm totally keeping the program for future use :)

The main area where it needs to be expanded is with regard to how it
handles (or doesn't really handle) BGP. It would be awesome to really
confirm allocation information. For example, I have a netblock that
reports as being in one country and it's actually routed from another.
It is possible to confirm this via BGP but not from LIR/RIR data...

All the best,
Jacob
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/