Re: [logs] ip mapping software

From: Russell Fulton (R.FULTONat_private)
Date: Wed Jan 09 2002 - 14:38:16 PST

  • Next message: Tina Bird: "[logs] FW: New Incident Response book: Hacker's Challenge"

    On Thu, 2002-01-10 at 04:21, Andrew Hilborne wrote:
    > Jose Nazario <joseat_private> writes:
    > 
    > > On Wed, 9 Jan 2002, Ganu Skop wrote:
    > > 
    > > > does anyone know if there's any tools that would be able to generate
    > > > world mapping by keyin ip say that my location is thailand.  the ip
    > > > x.x.x.x is from singapore. then when i keyin that particular ip
    > > > (x.x.x.x ) it will generate a line from singapore to thailand over the
    > > > world map
    > > 
    > > several tools can do this. Xtraceroute, in UNIX/X, can do this, for
    > > example.
    > 
    > BUT, none of them can do it well, because this information just isn't available
    > for IP addresses. For example, a large block of addresses may be allocated to
    > UUNET, with appropriate addresses in the US, but they may well be used all
    > over the world. The registered snail-mail addresses are virtually the only
    > information such a tool can use.
    > 
    
    I agree. For many years we (or more precisely the folk at University of 
    Waikato who used to operate the first international Internet gateway and 
    later the first exchange point in NZ) tracked IP addressess in NZ.  We did
    this so we could bill NZ traffic at a different rate to International traffic.
    They got the information from the routing tables rather than from the
    NIC data bases.  What we found was that as soon as the big ISPs go
    involved we started seeing /30, /31 and /32 bits of addresses that were
    supposedly in Australia and US popping up here.  These addresses were
    often allocated to routers and the likes so the graphical tools would
    show traceroutes between two NZ addresses going via the US.
    
    BTW we have given up trying to track down 'local' address blocks now,
    they are just to fragmented and there is nolonger any single place where
    everone peers.  
    
    -- 
    Russell Fulton, Computer and Network Security Officer
    The University of Auckland,  New Zealand
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 15:22:49 PST