December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Suspicious Source Identification
Identifying a client’s geographic location may provide clues about the user’s intentions. The recipes in this section demonstrate how to use GeoIP data derived from the client’s IP address information.
IP addresses are somewhat analogous to real-world street addresses. In much the same way that you can send and receive mail using the postal service with To and From addresses, IP addresses are used to route computer traffic. IP addresses can, with debatable degrees of accuracy, be tied to real-world geographic locations through geolocation. Geographic location data is generated through a wide array of community and commercial processes. These include ISP network block registrations, physical address data captured through user account registrations, and even correlation of WiFi access points identified through manual geographic mappings. One resource for free GeoIP location data is MaxMind’s GeoLite City Database, shown in Figure 4-1. Using this web site, you can submit IP address data using the demonstration form and receive GeoIP data, as shown in Figure 4-2.
Figure 4-1: Using MaxMind’s GeoLite City lookup
Figure 4-2: MaxMind’s GeoLite City lookup results
Although the online demonstration page is useful, it doesn’t lend itself to real-time utilization. ...