[Dshield] IP Address --> Country Script

Brian Dessent brian at dessent.net
Tue Dec 16 03:11:15 GMT 2003


Allan Liska wrote:

> Does anyone have a script that will identify the country of origin of
> an IP Address (realizing, of course, that this is not an exact
> science).  I would prefer something that can be run from the command
> line, so I can enter in large numbers of IP Addresses -- or even
> better -- something that can query a file.

There's NetGeo, but I've found it to be wildly inaccurate.  Still, if
you're only trying to narrow it down to country then it shouldn't be
that hard.  They have a perl module interface, as well as others I
think.  http://www.caida.org/tools/utilities/netgeo/

You could also probably hack something together to query the
ARIN/RIPE/APNIC whois database for the given IP or subnet and get the
country from that.  There's probably a perl module for this, too, tucked
away in CPAN somewhere.  (In fact this is probably the base level of
what NetGeo does, before it applies any additional knowledge that it
might have been told about.)

Brian




More information about the list mailing list