[Dshield] IP Address --> Country Script

Justin Stephen justin at jfoobar.com
Wed Dec 17 18:10:54 GMT 2003

At 08:51 AM 12/17/2003 -0600, Samantha Fetter wrote:

>you can also do it as
>whois | grep -i "country:"
>as the -i will force it to ignore case.

True, true.

I have noticed that often a whois for an IP generates multiple lines of 
"country" output and these countries do not always match up.  It is usually 
pretty easy to pick the correct country (by examining the data associated 
with the most narrow IP allocation range) within the whois 
output.  However, only seeing the country lines returned via grep will not 
afford one that opportunity (nor would they want it since this is supposed 
to be scripted, dang it :)).

Is it consistent that the first return (i.e. the data at the top of whois 
output) is the most narrow range and therefore the most accurate?

Also, there are some countries (Japan comes immediately to mind) where the 
whois output often does not contain a country line at all.


-------------- next part --------------

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003

More information about the list mailing list