cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1115
Views
0
Helpful
5
Replies

Plotting Senderbase Information on a World Map

si_ironport
Level 1
Level 1

Greetings,

I have whipped up a quick script some of you may find useful.

ip2mapplot.py is a Python script for resolving a number of IP addresses to latitude / longitude coordinates and plotting them on a world map

Below is an image generated from one days worth of Senderbase drops on our Ironport MGAs:
[img:f531ef1b7c]http://insecure.io/images/a/a6/Map_sbrs_small.jpg[/img:f531ef1b7c]

Source code is available here: http://research.mince.ac.nz/ip2mapplot.py
Further instructions here: http://insecure.io/index.php/Code/ip2mapplot

Cheers,
si

5 Replies 5

Rayman_Jr
Level 1
Level 1

Awesome, thanks for sharing the script and instructions !

Just one thing to mention. Your link to matplotlib documentation is going to Basemap page. To make matplotlib to work the matplotlib-toolkits "basemap"is required.

It can be downloaded from: http://sourceforge.net/project/showfiles.php?group_id=80706&package_id=142792

Rayman_Jr
Level 1
Level 1

Interesting to see that the SPAM pattern is very similar.

Here are my stats from yesterday (Sunday)

[img:9a11853639]http://lh5.google.fi/jari.riihimaki/R7P2JJnR4WI/AAAAAAAAAFo/G4iqE-dZUJs/senderbase_small.jpg[/img:9a11853639]


[+] Found 289282 unique IP addresses
[+] Determining unique latitude / longitude points
[+] Plotting 15950 discrete points on map
[-] Plotting 15613 points for x < 100
[-] Plotting 259 points for 100 < x < 500
[-] Plotting 64 points for 500 < x < 2500
'[-] Plotting 14 points for x > 2500

Here's what our map looks like with one week's worth of data on hosts with a SBRS of -10 to -4.

[img:c91b0e4b2a]http://web.acd.ccac.edu/~bpoyner/ironport/ironport-map-small.jpg[/img:c91b0e4b2a]

[+] Found 691344 unique IP addresses
[+] Determining unique latitude / longitude points
[+] Plotting 15037 discrete points on map
[-] Plotting 14098 points for x < 100
[-] Plotting 772 points for 100 < x < 500
[-] Plotting 131 points for 500 < x <2500> 2500

I don't know if anybody else ran into this issue, but as-is the script provided by si doesn't work with python 2.3. You'll get the following error message:

[+] Determining unique latitude / longitude points
Traceback (most recent call last):
File "./ip2mapplot.py", line 41, in ?
latlon = count.partition(',')
AttributeError: 'str' object has no attribute 'partition'

You have to change partition to split, and change the latlon array reference accordingly.

si_ironport
Level 1
Level 1

Thanks for your feedback guys, jariih I have updated the documentation to include a link to download Basemap

Good point regarding python2.3 bpoyner, I only tested on v2.4

Rayman_Jr
Level 1
Level 1

I used this script few years ago but now I have lost the code and I can't find it from the links bellow either.

Does anyone know where to get this code ? This was very nice script to see where the spam is really coming from

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: