Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1154
Views
0
Helpful
5
Replies

Plotting Senderbase Information on a World Map

si_ironport
Level 1
Level 1

‎02-08-2008 12:52 AM

Greetings,

I have whipped up a quick script some of you may find useful.

ip2mapplot.py is a Python script for resolving a number of IP addresses to latitude / longitude coordinates and plotting them on a world map

Below is an image generated from one days worth of Senderbase drops on our Ironport MGAs:
[img:f531ef1b7c]http://insecure.io/images/a/a6/Map_sbrs_small.jpg[/img:f531ef1b7c]

Source code is available here: http://research.mince.ac.nz/ip2mapplot.py
Further instructions here: http://insecure.io/index.php/Code/ip2mapplot

Cheers,
si

Labels:
0 Helpful
5 Replies 5

Rayman_Jr
Level 1
Level 1

‎02-11-2008 02:30 PM

Awesome, thanks for sharing the script and instructions !

Just one thing to mention. Your link to matplotlib documentation is going to Basemap page. To make matplotlib to work the matplotlib-toolkits "basemap"is required.

It can be downloaded from: http://sourceforge.net/project/showfiles.php?group_id=80706&package_id=142792

0 Helpful

Rayman_Jr
Level 1
Level 1

‎02-11-2008 02:58 PM

Interesting to see that the SPAM pattern is very similar.

Here are my stats from yesterday (Sunday)

[img:9a11853639]http://lh5.google.fi/jari.riihimaki/R7P2JJnR4WI/AAAAAAAAAFo/G4iqE-dZUJs/senderbase_small.jpg[/img:9a11853639]


[+] Found 289282 unique IP addresses
[+] Determining unique latitude / longitude points
[+] Plotting 15950 discrete points on map
[-] Plotting 15613 points for x < 100
[-] Plotting 259 points for 100 < x < 500
[-] Plotting 64 points for 500 < x < 2500
'[-] Plotting 14 points for x > 2500

0 Helpful

bpoyner_ironport
Level 1
Level 1

‎02-13-2008 07:57 PM

Here's what our map looks like with one week's worth of data on hosts with a SBRS of -10 to -4.

[img:c91b0e4b2a]http://web.acd.ccac.edu/~bpoyner/ironport/ironport-map-small.jpg[/img:c91b0e4b2a]

[+] Found 691344 unique IP addresses
[+] Determining unique latitude / longitude points
[+] Plotting 15037 discrete points on map
[-] Plotting 14098 points for x < 100
[-] Plotting 772 points for 100 < x < 500
[-] Plotting 131 points for 500 < x <2500> 2500

I don't know if anybody else ran into this issue, but as-is the script provided by si doesn't work with python 2.3. You'll get the following error message:

[+] Determining unique latitude / longitude points
Traceback (most recent call last):
File "./ip2mapplot.py", line 41, in ?
latlon = count.partition(',')
AttributeError: 'str' object has no attribute 'partition'

You have to change partition to split, and change the latlon array reference accordingly.

0 Helpful

si_ironport
Level 1
Level 1

‎02-15-2008 01:17 AM

Thanks for your feedback guys, jariih I have updated the documentation to include a link to download Basemap

Good point regarding python2.3 bpoyner, I only tested on v2.4

0 Helpful

Rayman_Jr
Level 1
Level 1

‎04-08-2011 01:39 AM

I used this script few years ago but now I have lost the code and I can't find it from the links bellow either.

Does anyone know where to get this code ? This was very nice script to see where the spam is really coming from

0 Helpful
Customers Also Viewed These Support Documents