[Bro] issue with geoip lookups
vern at icir.org
Fri Oct 5 07:19:00 PDT 2007
> > "backwards". For example, if Bro looks up the address 22.214.171.124, I will
> > get a log entry
> > Connection to: 126.96.36.199 (Westford, MA, US)
> > which does not match with the output of a manual lookup with geoiplookup.
> > However if I run 188.8.131.52 through geoiplookup, I get
> > GeoIP City Edition, Rev 0: US, MA, Westford
> > I have confirmed this with several different IPs. I'm running Bro 1.3.2 on
> > FreeBSD 6.2 with the ports install of GeoIP 1.4.3. Any suggestions?
> This is just simply a print order, (City, region, country) rather than
> (country, region, city), I believe.
I believe he's referring to 184.108.40.206 instead returning information
for 220.127.116.11 - which looks a lot like a missing ntohl().
More information about the Bro