in reply to Re: Help with Geo::IP output
in thread Help with Geo::IP output
I agree that geographical location is informative only, but the registrar data is definitive. If I have an intrusion detection system for a voting system in the US, and you see repeated intrusion attempts from an IP that is registered in Russia, it is highly likely *not* a local registered voter. (swap any of the two countries with random other two countries)
You don't need an exact location for that.
And yes, that is one of the experiments I am doing. Nothing is automatic (yet), but reports are quite informative this way: I have my blocking and detection systems report the IP's to an analyser that expands them with Geographical location and registrar data.
Fun facts: North Korea has only one registered CIDR of 1024 IP's. The Vatican has 321 CIDR's with a total of 13056 IP's.
Enjoy, Have FUN! H.Merijn
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^3: Help with Geo::IP output
by hippo (Bishop) on Jun 30, 2020 at 09:01 UTC | |
by choroba (Cardinal) on Jul 01, 2020 at 15:10 UTC |