Using GeoIP to monitor break-in attempts

H.Merijn Brand — 20 minutes 🐪

Access to sites or applications that are (very) region specific, like elections, might well want to block regions that try to break-in and/or corrupt the data. When a firewall or similar monitor reports break-in attempts, it might be useful to see the region the attempt comes from.

Now that (most of) the GeoIP data is publicly available as GeoLite2, and sites that show you WhoIs information are not longer the only way to get to that data, you might want to automate monitor-report analysis.

This talk will show you two sites that report properties of a CIDR based on an IP, where the new databases can be fetched, what is in those databases, how to convert the content of these ZIP's to PostgreSQL or SQLite and then use it to report the available data based on a host name or its IP.

This talk will only show IPv4, even though IPv6 is now available in the dataset

Talk tags
geoip cidr
Perl versions
🐪 Perl 5
Target audience
Talk duration
20 minutes
Talk status