[Bro] issue with geoip lookups

Stephen Smith ssmit7 at gmail.com
Fri Oct 5 05:38:01 PDT 2007


I'm using the GeoIP lookup functionality in 1.3 and everything looks to be
working fine, except that all the addresses are getting looked up
"backwards". For example, if Bro looks up the address 64.236.22.63, I will
get a log entry

Connection to: 64.236.22.63 (Westford, MA, US)

which does not match with the output of a manual lookup with geoiplookup.

However if I run 63.22.236.64 through geoiplookup, I get

GeoIP City Edition, Rev 0: US, MA, Westford

I have confirmed this with several different IPs. I'm running Bro 1.3.2 on
FreeBSD 6.2 with the ports install of GeoIP 1.4.3. Any suggestions?

Thanks,
Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071005/05a6e6cc/attachment.html 


More information about the Bro mailing list