Clicky

20200308

Trust comes by foot and goes by horse

In this post, I showed a geolocation lookup method for hMailserver, using a free geolocation webservice. At some point in time this webservice arrived in the DNSBL blacklist, and the geolocation lookups failed.

I do not have a clue why this service was placed on the blacklist, but during the time that it worked, I noticed that some malicious IP addresses were mapped to NL/Amsterdam instead of the country/locations that other geolocation services provide (so the trust in de geolocation webservice is lost here).

There are two things that we can do: place the existing geolocation service on the whitelist or use a local geolocation database. Since IPv4 addresses/subnets will not change that fast (anymore), it is a feasable solution to use a local database for lookups. So here we go!

You need to download the database itself and a (command line) tool to query the database. Create an account with Maxmind (https://www.maxmind.com/en/home) and download GeoLite2-Country.mmdb and mmdbinspect.exe

This is the modified geolookup function:

    function IPtoGeoLocal(IPaddr)

        const geoDbPath     = "{path to}\GeoLite2-Country.mmdb"
        const geoLookupExe  = "{path to}\mmdbinspect.exe"
        const tempPath      = "c:\temp"
        const searchString  = "iso_code"
       
        dim wsh, fso
        set wsh = createobject("wscript.shell")
        set fso = createobject("scripting.filesystemobject")
       
        '--- Create a temp file with a unique filename to prevent conflicts...
        tempFile = tempPath & "\" & IPaddr & ".dat"
        geoLoc = "XX"

        '--- Invoke Maxmind command line tool, do a lookup and pipe the result in tempFile...
        runString = "cmd /c " & geoLookupExe & " --db " & geoDbPath & " " & IPaddr & " | find """ & searchString & """ > " & tempFile
        wsh.run runString,0,true
       
        '--- Read one line from tempFile...
        set f = fso.openTextFile(tempFile) : s = f.readLine : f.Close
        fso.deleteFile tempFile, true
       
        t = split(s, chr(34))
        if Instr(s, searchString) > 0 then IPtoGeoLocal = t(3)   
       
    end function

When the function is called:

wscript.echo IPtoGeoLocal("8.8.8.8")

You will get the two character ISO3166 code back ("US") or "XX" when the IP address is not found in the database. 
Posted by at

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )
Real Time Web Analytics