SlideShare a Scribd company logo

(120303) #fitalk ip finder and geo ip for fun

INSIGHT FORENSIC
INSIGHT FORENSIC

F-INSIGHT TALK

Technology
1 of 11
Download to read offline
FORENSIC INSIGHT SEMINAR IP Finder & GeoIP for Fun 2012.3.3 FORENSIC INSIGHT Kevin Koo (kevinkoo001@gmail.com)
forensicinsight.org Page 2 / 11 개요  MaxMind  GeoIP  GeoIP API
forensicinsight.org Page 3 / 11 MaxMind 기본 1. The accuracy of the GeoIP Databases - 99.8% accurate on a country level - 90% accurate on a state level - 83% accurate for cities in the US within a 25 miles 2. How many IP addresses are in the database? (AS OF 2012.2.1) - http://www.maxmind.com/app/techinfo - Total number of IP Blocks on the country level (Database records): 153,821 - Total number of IP addresses: 3,431,032,465 - Total number of countries: 248 3. Free Download (AS OF 2012.2.7, Next update 2012.3.6) - http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip - http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz - http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity_20120207.zip
forensicinsight.org Page 4 / 11 MaxMind 활용 4. A1 = Anonymous Proxy Entries - IP addresses that belong to anonymous proxies or VPN services such as Anonymizer - Used by users to hide or to disguise their IP address 5. A2 = Satellite Providers - ISPs that offer Internet access to many countries through satellites 6. Proxy Detection Web Service - Perl, ASP and PHP with license key - http://www.maxmind.com/app/web_services_ipauth_usage
forensicinsight.org Page 5 / 11 MaxMind 활용 http://ipinfodb.com/ (1) IP Location API XML API: http://api.ipinfodb.com/v3/ip-city/?key=<key>&ip=74.125.45.100 JSON API: http://api.ipinfodb.com/v3/ip-city/?key=<key>&ip=74.125.45.100&format=json (2) Block IP by Country (3) Fraud Detection API http://api.ipinfodb.com/v2/fraud_query.php?key=<key>&ip=74.125.45.100&country_code=us { "statusCode" : "OK", "statusMessage" : "", "ipAddress" : "74.125.45.100", "countryCode" : "US", "countryName" : "UNITED STATES", "regionName" : "GEORGIA", "cityName" : "ATLANTA", "zipCode" : "30301", "latitude" : "33.809", "longitude" : "-84.3548", "timeZone" : "-05:00“ }
forensicinsight.org Page 6 / 11 GeoIP APIs GeoIP APIs C Library Perl Module PHP Module Apache Module (mod_geoip) Java Class Python Class C# Class Ruby Module MS COM Object (ASP, ColdFusion, Pascal, PHP, Perl, Python, and Visual Basic code) VB.NET (Only works with GeoIP Country) Pascal JavaScript
forensicinsight.org Page 7 / 11 GeoIP APIs GeoIP APIs with C Library (1) Installation # ./configure # make; make check; make install (2) Compilation # gcc -lGeoIP getip.c –o getip (3) Usage #include <GeoIP.h> int main (int argc, char *argv[]) { GeoIP * gi; gi = GeoIP_new(GEOIP_STANDARD); printf("code %sn“, GeoIP_country_code_by_name(gi, "yahoo.com")); }
forensicinsight.org Page 8 / 11 GeoIP APIs GeoIP APIs with Python (Pygeoip) https://github.com/appliedsec/pygeoip (1) Installation # wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity_20120207.zip # unzip -d GeoLiteCity_20120207.zip # wget http://pygeoip.googlecode.com/files/pygeoip-0.2.2.tar.gz # tar zxvf pygeoip-0.2.2.tar.gz # cd pygeoip-0.2.2 # python setup.py build # python setup.py install (2) Test # python >>> import pygeoip >>> gip = pygeoip.GeoIP(„GeoLiteCity.dat‟) >>> rec = gip.record_by_name(„yahoo.com‟) >>> for key,val in rec.items(): ... print “%s: %s” % (key,val) ... city: Sunnyvale region_name: CA area_code: 408 longitude: -122.0074 country_code3: USA latitude: 37.4249 postal_code: 94089 dma_code: 807 country_code: US country_name: United States
forensicinsight.org Page 9 / 11 Applied GeoIP APIs Generating Static Images with Matplotlib http://sourceforge.net/projects/matplotlib/files/matplotlib-toolkits/basemap-0.99.4/basemap-0.99.4.tar.gz (1) Installation # apt-get install python-tk python-numpy python-matplotlib python-dev # tar -xvzf basemap-0.99.4.tar.gz # cd basemap-0.99.4/geos-2.2.3 # ./configure; make; make install # cd .. # python setup.py build # python setup.py install (2) Test # python mapper.py –a 112.213.89.30,116.193.83.147,119.70.227.138,121.88.250.247,124.217.218.6
forensicinsight.org Page 10 / 11 What I did with GeoIP * EXCEL with GeoIPCountry.csv
forensicinsight.org Page 11 / 11 END QUESTIONS?

Recommended

Comb filter
Comb filterComb filter
Comb filterHoopeer Hoopeer
 
Extension of RTKLIB for the calculation and validation of protection levels
Extension of RTKLIB for the calculation and validation of protection levelsExtension of RTKLIB for the calculation and validation of protection levels
Extension of RTKLIB for the calculation and validation of protection levelsZoltan Siki
 
Intro to R and H2O with Spencer Aiello
Intro to R and H2O with Spencer AielloIntro to R and H2O with Spencer Aiello
Intro to R and H2O with Spencer AielloSri Ambati
 
Illustrator_Sample
Illustrator_SampleIllustrator_Sample
Illustrator_SampleSaeid Saadatmand
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveNaoto MATSUMOTO
 
Cerpen Pahlawan Buntong
Cerpen Pahlawan BuntongCerpen Pahlawan Buntong
Cerpen Pahlawan BuntongAzwira Ariwana
 
Novel Sutera dalam Lukisan
Novel Sutera dalam LukisanNovel Sutera dalam Lukisan
Novel Sutera dalam LukisanAzwira Ariwana
 
(130608) #fitalk pfp (portable forensic plaform)
(130608) #fitalk pfp (portable forensic plaform)(130608) #fitalk pfp (portable forensic plaform)
(130608) #fitalk pfp (portable forensic plaform)INSIGHT FORENSIC
 

Recommended

Comb filter
Comb filterComb filter
Comb filterHoopeer Hoopeer
 
Extension of RTKLIB for the calculation and validation of protection levels
Extension of RTKLIB for the calculation and validation of protection levelsExtension of RTKLIB for the calculation and validation of protection levels
Extension of RTKLIB for the calculation and validation of protection levelsZoltan Siki
 
Intro to R and H2O with Spencer Aiello
Intro to R and H2O with Spencer AielloIntro to R and H2O with Spencer Aiello
Intro to R and H2O with Spencer AielloSri Ambati
 
Illustrator_Sample
Illustrator_SampleIllustrator_Sample
Illustrator_SampleSaeid Saadatmand
 
BeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveBeautifulSoup / selenium Deep dive
BeautifulSoup / selenium Deep diveNaoto MATSUMOTO
 
Cerpen Pahlawan Buntong
Cerpen Pahlawan BuntongCerpen Pahlawan Buntong
Cerpen Pahlawan BuntongAzwira Ariwana
 
Novel Sutera dalam Lukisan
Novel Sutera dalam LukisanNovel Sutera dalam Lukisan
Novel Sutera dalam LukisanAzwira Ariwana
 
(130608) #fitalk pfp (portable forensic plaform)
(130608) #fitalk pfp (portable forensic plaform)(130608) #fitalk pfp (portable forensic plaform)
(130608) #fitalk pfp (portable forensic plaform)INSIGHT FORENSIC
 
Crisis Communications
Crisis CommunicationsCrisis Communications
Crisis CommunicationsNora Carr, Ed.D., APR, Fellow PRSA
 
Red Door Events - Rugby Activations
Red Door Events - Rugby Activations Red Door Events - Rugby Activations
Red Door Events - Rugby Activations Red Door Events Porter
 
(120429) #fitalk case studyk-masked file
(120429) #fitalk case studyk-masked file(120429) #fitalk case studyk-masked file
(120429) #fitalk case studyk-masked fileINSIGHT FORENSIC
 
Cerpen Tanggar Amanat
Cerpen Tanggar AmanatCerpen Tanggar Amanat
Cerpen Tanggar AmanatAzwira Ariwana
 
App Circus - Properati
App Circus - ProperatiApp Circus - Properati
App Circus - ProperatiProperati
 
makalah cryptography
makalah cryptographymakalah cryptography
makalah cryptographyRenwarin
 
Swift2.x を Scala からみる
Swift2.x を Scala からみるSwift2.x を Scala からみる
Swift2.x を Scala からみるYuichi Adachi
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trendINSIGHT FORENSIC
 
Uses of computer in space
Uses of computer in spaceUses of computer in space
Uses of computer in spaceAbdul Hadi
 
Properati Company Presentation
Properati Company Presentation Properati Company Presentation
Properati Company Presentation Gabriel Gruber
 
Kata Sendi Nama
Kata Sendi NamaKata Sendi Nama
Kata Sendi NamaMegawati Jalaludin
 
Hilll School Master Plan 2013
Hilll School Master Plan 2013Hilll School Master Plan 2013
Hilll School Master Plan 2013Geoffrey Richards
 
Instalação geo ip
Instalação geo ipInstalação geo ip
Instalação geo ipCarlos Eduardo
 
Who moved my pixels?!
Who moved my pixels?!Who moved my pixels?!
Who moved my pixels?!Mikhail Sosonkin
 
Spatial Statistics on the Geospatial Web
Spatial Statistics on the Geospatial WebSpatial Statistics on the Geospatial Web
Spatial Statistics on the Geospatial WebMatthias Hinz
 
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPFCynthia Thomas
 
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFDocker, Inc.
 
GITA PNW keynote presentation: Openness in Geospatial
GITA PNW keynote presentation: Openness in GeospatialGITA PNW keynote presentation: Openness in Geospatial
GITA PNW keynote presentation: Openness in GeospatialPeter Batty
 
Griffon Topic2 Presentation (Tia)
Griffon Topic2 Presentation (Tia)Griffon Topic2 Presentation (Tia)
Griffon Topic2 Presentation (Tia)Nat Weerawan
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsCisco Canada
 
Python gis
Python gisPython gis
Python gisJohn Zhou
 

More Related Content

Viewers also liked

(120429) #fitalk case studyk-masked file
(120429) #fitalk case studyk-masked file(120429) #fitalk case studyk-masked file
(120429) #fitalk case studyk-masked fileINSIGHT FORENSIC
 
App Circus - Properati
App Circus - ProperatiApp Circus - Properati
App Circus - ProperatiProperati
 
makalah cryptography
makalah cryptographymakalah cryptography
makalah cryptographyRenwarin
 
Swift2.x を Scala からみる
Swift2.x を Scala からみるSwift2.x を Scala からみる
Swift2.x を Scala からみるYuichi Adachi
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trendINSIGHT FORENSIC
 
Uses of computer in space
Uses of computer in spaceUses of computer in space
Uses of computer in spaceAbdul Hadi
 
Properati Company Presentation
Properati Company Presentation Properati Company Presentation
Properati Company Presentation Gabriel Gruber
 
Hilll School Master Plan 2013
Hilll School Master Plan 2013Hilll School Master Plan 2013
Hilll School Master Plan 2013Geoffrey Richards
 

Viewers also liked (13)

Crisis Communications
Crisis CommunicationsCrisis Communications
Crisis Communications
 
Red Door Events - Rugby Activations
Red Door Events - Rugby Activations Red Door Events - Rugby Activations
Red Door Events - Rugby Activations
 
(120429) #fitalk case studyk-masked file
(120429) #fitalk case studyk-masked file(120429) #fitalk case studyk-masked file
(120429) #fitalk case studyk-masked file
 
Cerpen Tanggar Amanat
Cerpen Tanggar AmanatCerpen Tanggar Amanat
Cerpen Tanggar Amanat
 
App Circus - Properati
App Circus - ProperatiApp Circus - Properati
App Circus - Properati
 
makalah cryptography
makalah cryptographymakalah cryptography
makalah cryptography
 
Swift2.x を Scala からみる
Swift2.x を Scala からみるSwift2.x を Scala からみる
Swift2.x を Scala からみる
 
(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation(130727) #fitalk anonymous network concepts and implementation
(130727) #fitalk anonymous network concepts and implementation
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
 
Uses of computer in space
Uses of computer in spaceUses of computer in space
Uses of computer in space
 
Properati Company Presentation
Properati Company Presentation Properati Company Presentation
Properati Company Presentation
 
Kata Sendi Nama
Kata Sendi NamaKata Sendi Nama
Kata Sendi Nama
 
Hilll School Master Plan 2013
Hilll School Master Plan 2013Hilll School Master Plan 2013
Hilll School Master Plan 2013
 

Similar to (120303) #fitalk ip finder and geo ip for fun

Spatial Statistics on the Geospatial Web
Spatial Statistics on the Geospatial WebSpatial Statistics on the Geospatial Web
Spatial Statistics on the Geospatial WebMatthias Hinz
 
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPFCynthia Thomas
 
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFDocker, Inc.
 
GITA PNW keynote presentation: Openness in Geospatial
GITA PNW keynote presentation: Openness in GeospatialGITA PNW keynote presentation: Openness in Geospatial
GITA PNW keynote presentation: Openness in GeospatialPeter Batty
 
Griffon Topic2 Presentation (Tia)
Griffon Topic2 Presentation (Tia)Griffon Topic2 Presentation (Tia)
Griffon Topic2 Presentation (Tia)Nat Weerawan
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsCisco Canada
 
Android Development w/ ArcGIS Server - Esri Dev Meetup - Charlotte, NC
Android Development w/ ArcGIS Server - Esri Dev Meetup - Charlotte, NCAndroid Development w/ ArcGIS Server - Esri Dev Meetup - Charlotte, NC
Android Development w/ ArcGIS Server - Esri Dev Meetup - Charlotte, NCJim Tochterman
 
Android is not just mobile
Android is not just mobileAndroid is not just mobile
Android is not just mobileKevin McDonagh
 
Web Machine Learning (ML) API POC march update
Web Machine Learning (ML) API POC march updateWeb Machine Learning (ML) API POC march update
Web Machine Learning (ML) API POC march updatehuningxin
 
Building Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsBuilding Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsSergi Almar i Graupera
 
Android 5.0 Lollipop platform change investigation report
Android 5.0 Lollipop platform change investigation reportAndroid 5.0 Lollipop platform change investigation report
Android 5.0 Lollipop platform change investigation reporthidenorly
 
The GPS Architecture on Android
The GPS Architecture on AndroidThe GPS Architecture on Android
The GPS Architecture on AndroidPing-Chin Huang
 
Øredev2013 - FirefoxOS - the platform HTML5 deserves
Øredev2013 - FirefoxOS - the platform HTML5 deservesØredev2013 - FirefoxOS - the platform HTML5 deserves
Øredev2013 - FirefoxOS - the platform HTML5 deservesChristian Heilmann
 
Henry s software_engineer__resume _07_15_new
Henry s software_engineer__resume _07_15_newHenry s software_engineer__resume _07_15_new
Henry s software_engineer__resume _07_15_newHenry Sun
 
The Next Leap in JavaScript Performance
The Next Leap in JavaScript PerformanceThe Next Leap in JavaScript Performance
The Next Leap in JavaScript PerformanceIntel® Software
 

Similar to (120303) #fitalk ip finder and geo ip for fun (20)

Instalação geo ip
Instalação geo ipInstalação geo ip
Instalação geo ip
 
Who moved my pixels?!
Who moved my pixels?!Who moved my pixels?!
Who moved my pixels?!
 
Spatial Statistics on the Geospatial Web
Spatial Statistics on the Geospatial WebSpatial Statistics on the Geospatial Web
Spatial Statistics on the Geospatial Web
 
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
 
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPFCilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
 
GITA PNW keynote presentation: Openness in Geospatial
GITA PNW keynote presentation: Openness in GeospatialGITA PNW keynote presentation: Openness in Geospatial
GITA PNW keynote presentation: Openness in Geospatial
 
Griffon Topic2 Presentation (Tia)
Griffon Topic2 Presentation (Tia)Griffon Topic2 Presentation (Tia)
Griffon Topic2 Presentation (Tia)
 
Model-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data AnalyticsModel-driven Telemetry: The Foundation of Big Data Analytics
Model-driven Telemetry: The Foundation of Big Data Analytics
 
Python gis
Python gisPython gis
Python gis
 
Android Development w/ ArcGIS Server - Esri Dev Meetup - Charlotte, NC
Android Development w/ ArcGIS Server - Esri Dev Meetup - Charlotte, NCAndroid Development w/ ArcGIS Server - Esri Dev Meetup - Charlotte, NC
Android Development w/ ArcGIS Server - Esri Dev Meetup - Charlotte, NC
 
There is more to C
There is more to CThere is more to C
There is more to C
 
Android is not just mobile
Android is not just mobileAndroid is not just mobile
Android is not just mobile
 
Web Machine Learning (ML) API POC march update
Web Machine Learning (ML) API POC march updateWeb Machine Learning (ML) API POC march update
Web Machine Learning (ML) API POC march update
 
Building Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsBuilding Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSockets
 
Android 5.0 Lollipop platform change investigation report
Android 5.0 Lollipop platform change investigation reportAndroid 5.0 Lollipop platform change investigation report
Android 5.0 Lollipop platform change investigation report
 
The GPS Architecture on Android
The GPS Architecture on AndroidThe GPS Architecture on Android
The GPS Architecture on Android
 
Øredev2013 - FirefoxOS - the platform HTML5 deserves
Øredev2013 - FirefoxOS - the platform HTML5 deservesØredev2013 - FirefoxOS - the platform HTML5 deserves
Øredev2013 - FirefoxOS - the platform HTML5 deserves
 
Sudheer
SudheerSudheer
Sudheer
 
Henry s software_engineer__resume _07_15_new
Henry s software_engineer__resume _07_15_newHenry s software_engineer__resume _07_15_new
Henry s software_engineer__resume _07_15_new
 
The Next Leap in JavaScript Performance
The Next Leap in JavaScript PerformanceThe Next Leap in JavaScript Performance
The Next Leap in JavaScript Performance
 

More from INSIGHT FORENSIC

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensicsINSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)INSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)INSIGHT FORENSIC
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fsINSIGHT FORENSIC
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안INSIGHT FORENSIC
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifactsINSIGHT FORENSIC
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식INSIGHT FORENSIC
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatchINSIGHT FORENSIC
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석INSIGHT FORENSIC
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석INSIGHT FORENSIC
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법INSIGHT FORENSIC
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysisINSIGHT FORENSIC
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur lsINSIGHT FORENSIC
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)INSIGHT FORENSIC
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threatINSIGHT FORENSIC
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensicsINSIGHT FORENSIC
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threatINSIGHT FORENSIC
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recoveryINSIGHT FORENSIC
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
 
(130105) #fitalk criminal civil judicial procedure in korea
(130105) #fitalk criminal civil judicial procedure in korea(130105) #fitalk criminal civil judicial procedure in korea
(130105) #fitalk criminal civil judicial procedure in koreaINSIGHT FORENSIC
 

More from INSIGHT FORENSIC (20)

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threat
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)
 
(130105) #fitalk criminal civil judicial procedure in korea
(130105) #fitalk criminal civil judicial procedure in korea(130105) #fitalk criminal civil judicial procedure in korea
(130105) #fitalk criminal civil judicial procedure in korea
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

(120303) #fitalk ip finder and geo ip for fun

  • 1. FORENSIC INSIGHT SEMINAR IP Finder & GeoIP for Fun 2012.3.3 FORENSIC INSIGHT Kevin Koo (kevinkoo001@gmail.com)
  • 2. forensicinsight.org Page 2 / 11 개요  MaxMind  GeoIP  GeoIP API
  • 3. forensicinsight.org Page 3 / 11 MaxMind 기본 1. The accuracy of the GeoIP Databases - 99.8% accurate on a country level - 90% accurate on a state level - 83% accurate for cities in the US within a 25 miles 2. How many IP addresses are in the database? (AS OF 2012.2.1) - http://www.maxmind.com/app/techinfo - Total number of IP Blocks on the country level (Database records): 153,821 - Total number of IP addresses: 3,431,032,465 - Total number of countries: 248 3. Free Download (AS OF 2012.2.7, Next update 2012.3.6) - http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip - http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz - http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity_20120207.zip
  • 4. forensicinsight.org Page 4 / 11 MaxMind 활용 4. A1 = Anonymous Proxy Entries - IP addresses that belong to anonymous proxies or VPN services such as Anonymizer - Used by users to hide or to disguise their IP address 5. A2 = Satellite Providers - ISPs that offer Internet access to many countries through satellites 6. Proxy Detection Web Service - Perl, ASP and PHP with license key - http://www.maxmind.com/app/web_services_ipauth_usage
  • 5. forensicinsight.org Page 5 / 11 MaxMind 활용 http://ipinfodb.com/ (1) IP Location API XML API: http://api.ipinfodb.com/v3/ip-city/?key=<key>&ip=74.125.45.100 JSON API: http://api.ipinfodb.com/v3/ip-city/?key=<key>&ip=74.125.45.100&format=json (2) Block IP by Country (3) Fraud Detection API http://api.ipinfodb.com/v2/fraud_query.php?key=<key>&ip=74.125.45.100&country_code=us { "statusCode" : "OK", "statusMessage" : "", "ipAddress" : "74.125.45.100", "countryCode" : "US", "countryName" : "UNITED STATES", "regionName" : "GEORGIA", "cityName" : "ATLANTA", "zipCode" : "30301", "latitude" : "33.809", "longitude" : "-84.3548", "timeZone" : "-05:00“ }
  • 6. forensicinsight.org Page 6 / 11 GeoIP APIs GeoIP APIs C Library Perl Module PHP Module Apache Module (mod_geoip) Java Class Python Class C# Class Ruby Module MS COM Object (ASP, ColdFusion, Pascal, PHP, Perl, Python, and Visual Basic code) VB.NET (Only works with GeoIP Country) Pascal JavaScript
  • 7. forensicinsight.org Page 7 / 11 GeoIP APIs GeoIP APIs with C Library (1) Installation # ./configure # make; make check; make install (2) Compilation # gcc -lGeoIP getip.c –o getip (3) Usage #include <GeoIP.h> int main (int argc, char *argv[]) { GeoIP * gi; gi = GeoIP_new(GEOIP_STANDARD); printf("code %sn“, GeoIP_country_code_by_name(gi, "yahoo.com")); }
  • 8. forensicinsight.org Page 8 / 11 GeoIP APIs GeoIP APIs with Python (Pygeoip) https://github.com/appliedsec/pygeoip (1) Installation # wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity_20120207.zip # unzip -d GeoLiteCity_20120207.zip # wget http://pygeoip.googlecode.com/files/pygeoip-0.2.2.tar.gz # tar zxvf pygeoip-0.2.2.tar.gz # cd pygeoip-0.2.2 # python setup.py build # python setup.py install (2) Test # python >>> import pygeoip >>> gip = pygeoip.GeoIP(„GeoLiteCity.dat‟) >>> rec = gip.record_by_name(„yahoo.com‟) >>> for key,val in rec.items(): ... print “%s: %s” % (key,val) ... city: Sunnyvale region_name: CA area_code: 408 longitude: -122.0074 country_code3: USA latitude: 37.4249 postal_code: 94089 dma_code: 807 country_code: US country_name: United States
  • 9. forensicinsight.org Page 9 / 11 Applied GeoIP APIs Generating Static Images with Matplotlib http://sourceforge.net/projects/matplotlib/files/matplotlib-toolkits/basemap-0.99.4/basemap-0.99.4.tar.gz (1) Installation # apt-get install python-tk python-numpy python-matplotlib python-dev # tar -xvzf basemap-0.99.4.tar.gz # cd basemap-0.99.4/geos-2.2.3 # ./configure; make; make install # cd .. # python setup.py build # python setup.py install (2) Test # python mapper.py –a 112.213.89.30,116.193.83.147,119.70.227.138,121.88.250.247,124.217.218.6
  • 10. forensicinsight.org Page 10 / 11 What I did with GeoIP * EXCEL with GeoIPCountry.csv
  • 11. forensicinsight.org Page 11 / 11 END QUESTIONS?