Re: [logs] ip mapping software

From: Russell Fulton (R.FULTONat_private)
Date: Wed Jan 09 2002 - 14:38:16 PST

Next message: Tina Bird: "[logs] FW: New Incident Response book: Hacker's Challenge"

Previous message: Jason Lewis: "RE: [logs] Log Analysis"
In reply to: Andrew Hilborne: "Re: [logs] ip mapping software"
Next in thread: Dawson, Greg: "RE: [logs] ip mapping software"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2002-01-10 at 04:21, Andrew Hilborne wrote:
> Jose Nazario <joseat_private> writes:
> 
> > On Wed, 9 Jan 2002, Ganu Skop wrote:
> > 
> > > does anyone know if there's any tools that would be able to generate
> > > world mapping by keyin ip say that my location is thailand.  the ip
> > > x.x.x.x is from singapore. then when i keyin that particular ip
> > > (x.x.x.x ) it will generate a line from singapore to thailand over the
> > > world map
> > 
> > several tools can do this. Xtraceroute, in UNIX/X, can do this, for
> > example.
> 
> BUT, none of them can do it well, because this information just isn't available
> for IP addresses. For example, a large block of addresses may be allocated to
> UUNET, with appropriate addresses in the US, but they may well be used all
> over the world. The registered snail-mail addresses are virtually the only
> information such a tool can use.
> 

I agree. For many years we (or more precisely the folk at University of 
Waikato who used to operate the first international Internet gateway and 
later the first exchange point in NZ) tracked IP addressess in NZ.  We did
this so we could bill NZ traffic at a different rate to International traffic.
They got the information from the routing tables rather than from the
NIC data bases.  What we found was that as soon as the big ISPs go
involved we started seeing /30, /31 and /32 bits of addresses that were
supposedly in Australia and US popping up here.  These addresses were
often allocated to routers and the likes so the graphical tools would
show traceroutes between two NZ addresses going via the US.

BTW we have given up trying to track down 'local' address blocks now,
they are just to fragmented and there is nolonger any single place where
everone peers.  

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Tina Bird: "[logs] FW: New Incident Response book: Hacker's Challenge"
Previous message: Jason Lewis: "RE: [logs] Log Analysis"
In reply to: Andrew Hilborne: "Re: [logs] ip mapping software"
Next in thread: Dawson, Greg: "RE: [logs] ip mapping software"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 15:22:49 PST