[Dshield] Integrating DSHIELD IP lookup database

Wayne Larmon wlarmon at dshield.org
Wed Mar 5 16:45:22 GMT 2003


> JU> Try 'http://www.ipfinfo.php?ip=10.10.10.10
>
> Is that a bad case of URL mangeling ? ;)

Try http://www.dshield.org/ipinfo_ascii.php?ip=10.10.10.10

This looks like what Johannes was working on.

These are nice key=value pairs that are easy to parse.  We like KISS
approaches.

Wayne Larmon
DShield.org> Anyway: If you try with
> http://www.dshield.org/ipinfo.php?ip=10.10.10.10 it works...
>
> Point is: if you want that info to be useful, you'd need either to
> parse the HTML (yuk!) or change the server-side code to send back a
> computer-formated answer (SOAP anyone ?)
>
> I would love to see a DShield SOAP interface but I have some doubts:
>
> 1/ If we want that system to be usable, it should be secured using
> SSL and that takes time and money (to buy the key). Alternatively, the
> SOAP message could be signed using PGP or similar but that makes it
> much more difficult to verify (and it just makes the speed problem
> worse).
>
> 2/ The DB is currently extremely slow: it takes about 20-30 seconds
> now to get a result page for the "most wanted" IP. It seems to be
> faster for unmatched IPs, but I wonder how slow it will be if it
> starts getting hundreds of requests per minute (likely scenario there
> is a working SOAP interface to that query).
>
> 3/ The queries should be more varied: one should be able to get infor
> for a whole range of IPs, or to get info about a specific IP but with
> an indirection (like "the most wanted IP ranking 4", etc.).
>
> Good luck,
> Stephane




More information about the list mailing list