Sophie

Sophie

distrib > Mageia > 7 > i586 > media > core-release > by-pkgid > e506c98250c5c8740d093be6354928f1 > files > 4

geoipgen-0.4-10.mga7.noarch.rpm

GeoIPgen - Country-to-IPs generator. Geographic IP generator for IPv4 networks.
By Andrew Horton aka urbanadventurer, MorningStar Security
Version : 0.3, 1st December 2009
Homepage: http://www.morningstarsecurity.com/research/geoipgen
License: BSD


INTRODUCTION
GeoIPgen is a country-to-IPs generator. It's a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country.


INSTALLATION
See the INSTALL file

VIDEO TUTORIAL
Vivek Ramachandran from www.securitytube.net has made an excellent video tutorial for geoipgen titled Geo Targeting Cyber Attacks using IP Addresses. http://www.securitytube.net/Geo-Targeting-Cyber-Attacks-using-IP-Addresses-video.aspx

USAGE
Usage: ./geoipgen [OPTION]... [COUNTRYCODE]...
Version 0.4 by Andrew Horton aka urbanadventurer, MorningStar Security
Homepage: http://www.morningstarsecurity.com/research/geoipgen

GeoIPgen is a country-to-IPs generator. It's a geographic IP generator for IPv4
networks that uses the MaxMind GeoLite Country database.
Features: Random or sorted order, unique or repeating IPs, skips
broadcast addresses, one, many or all countries.

Target:
 COUNTRYCODE	One or more country codes, delimited by spaces
 		       	Use 'all' to target all country codes. Use -l to see a list.
 -n NUM			Exits after NUM IPs have been generated

Unique or repeating:
 -u, --unique	Return each IP in the countries once only (default)
 --repeat		IPs can repeat with random order

Order:
 -s, --sorted	Order is sorted, ascending
 --random		Order is random (default)

Other:
 -h, --help		This message
 -l, --list-countries  List countries and their country codes
 -c DIRECTORY	Location of GeoIPCountryWhois.csv database
 				Default locations: ./, /home/user/.geoipgen/, /usr/local/share/
 -V, --version	Print version information. This version is 0.4

Example Usage:

How to generate random IPs for the whole world, enumerating each IP once only.
	$ geoipgen all

Find out how many IPs are allocated to Israel
	$ geoipgen --sorted il | wc -l

How to generate all IPs for New Zealand
	$ geoipgen nz

How to generate all IPs for New Zealand and Australia
	$ geoipgen nz au

How to generate 10000 IPs in Far East Asia
	$ geoipgen -n 10000 cn hk mn tw mo jp kr kp

How to continually generate IPs for the United States, with repeats
	$ geoipgen --repeat us



HOW TO REVERSE RESOLVE A COUNTRY
This can aid in testing the accuracy of the MaxMind location data by finding
ip blocks potentially attributed to the wrong country.
For example, an ip block could be attributed to New Zealand by Maxmind but when
each IP is resolved is found to have many hostnames ending in .sk indicates the
ip block belongs to Slovakia and MaxMind has misattributed the location data.


For fast DNS resolution, use an asynchronous resolver like adns.

How to install GNU adns
	Download and follow instructions from http://www.chiark.greenend.org.uk/~ian/adns/
	or
	$ sudo apt-get install libadns1-bin

Pipe IPs to adnsresfilter and only output resolved IPs 
	$ ./geoipgen  nz | adnsresfilter -w -a | egrep "\[.*\]"  

Example Output
	125-238-151-47.broadband-telecom.global-gateway.net.nz[125.238.151.47]
	161-65-114-241.ip.fx.net.nz[161.65.114.241]
	c0.d0.33.static.xlhost.com[209.51.208.192]
	203-114-177-78.dsl.sta.inspire.net.nz[203.114.177.78]
	ds7a04.cc.waikato.ac.nz[130.217.64.150]



PERFORMANCE
Geoipgen uses an algorithm to traverse the IP map returning each IP once only. This algorithm uses some randomness so the pattern should never repeat. This is a much more efficient and faster method than using a bitfield to track whether an IP has been returned.

The first time you generate a set of countries, the countrycode map files are created and saved in ~/.geoipgen/. Subsequent uses are faster because they reload the saved countrycode map.



RELATED INFO
Homepage of the MaxMind GeoLite database http://www.maxmind.com/app/geoip_country
There is an alternative geoIP database here http://software77.net/cgi-bin/ip-country/geo-ip.pl


CREDITS

Geoipgen is authored by Andrew Horton (urbanadventurer) andrew [at] morningstarsecurity.com. 
Thanks to MaxMind for making their GeoLite Country database freely available.

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional