# Plotting Senderbase Information on a World Map

Feb 8th, 2008

Greetings,

I have whipped up a quick script some of you may find useful.

ip2mapplot.py is a Python script for resolving a number of IP addresses to latitude / longitude coordinates and plotting them on a world map

Below is an image generated from one days worth of Senderbase drops on our Ironport MGAs:
[img:f531ef1b7c]http://insecure.io/images/a/a6/Map_sbrs_small.jpg[/img:f531ef1b7c]

Source code is available here: http://research.mince.ac.nz/ip2mapplot.py
Further instructions here: http://insecure.io/index.php/Code/ip2mapplot

Cheers,
si

Overall Rating: 0 (0 ratings)

## Replies

bpoyner_ironport Wed, 02/13/2008 - 19:57

Here's what our map looks like with one week's worth of data on hosts with a SBRS of -10 to -4.

[img:c91b0e4b2a]http://web.acd.ccac.edu/~bpoyner/ironport/ironport-map-small.jpg[/img:c9...

[+] Found 691344 unique IP addresses
[+] Determining unique latitude / longitude points
[+] Plotting 15037 discrete points on map
[-] Plotting 14098 points for x < 100
[-] Plotting 772 points for 100 < x < 500
[-] Plotting 131 points for 500 < x <2500> 2500

I don't know if anybody else ran into this issue, but as-is the script provided by si doesn't work with python 2.3. You'll get the following error message:

[+] Determining unique latitude / longitude points
Traceback (most recent call last):
File "./ip2mapplot.py", line 41, in ?
latlon = count.partition(',')
AttributeError: 'str' object has no attribute 'partition'

You have to change partition to split, and change the latlon array reference accordingly.

Rayman_Jr Mon, 02/11/2008 - 14:58

Interesting to see that the SPAM pattern is very similar.

Here are my stats from yesterday (Sunday)

[+] Found 289282 unique IP addresses
[+] Determining unique latitude / longitude points
[+] Plotting 15950 discrete points on map
[-] Plotting 15613 points for x < 100
[-] Plotting 259 points for 100 < x < 500
[-] Plotting 64 points for 500 < x < 2500
'[-] Plotting 14 points for x > 2500

si_ironport Fri, 02/15/2008 - 01:17

Good point regarding python2.3 bpoyner, I only tested on v2.4

Rayman_Jr Fri, 04/08/2011 - 01:39

I used this script few years ago but now I have lost the code and I can't find it from the links bellow either.

Does anyone know where to get this code ? This was very nice script to see where the spam is really coming from

## Trending Topics - Email Security

 Automated backup of Cisco config Ironport outgoing mail Cisco Ironport ESA C160 Ironport external spam quarantine Cisco Ironport reputation filters