[Dshield] Integrating DSHIELD IP lookup database

Stephane Grobety security at admin.fulgan.com
Wed Mar 5 15:57:27 GMT 2003


JU> Try 'http://www.ipfinfo.php?ip=10.10.10.10

Is that a bad case of URL mangeling ? ;)


Anyway: If you try with
http://www.dshield.org/ipinfo.php?ip=10.10.10.10 it works...

Point is: if you want that info to be useful, you'd need either to
parse the HTML (yuk!) or change the server-side code to send back a
computer-formated answer (SOAP anyone ?)

I would love to see a DShield SOAP interface but I have some doubts:

1/ If we want that system to be usable, it should be secured using
SSL and that takes time and money (to buy the key). Alternatively, the
SOAP message could be signed using PGP or similar but that makes it
much more difficult to verify (and it just makes the speed problem
worse).

2/ The DB is currently extremely slow: it takes about 20-30 seconds
now to get a result page for the "most wanted" IP. It seems to be
faster for unmatched IPs, but I wonder how slow it will be if it
starts getting hundreds of requests per minute (likely scenario there
is a working SOAP interface to that query).

3/ The queries should be more varied: one should be able to get infor
for a whole range of IPs, or to get info about a specific IP but with
an indirection (like "the most wanted IP ranking 4", etc.).

Good luck,
Stephane



More information about the list mailing list