[Bro] issue with geoip lookups
Vern Paxson
vern at icir.org
Fri Oct 5 07:19:00 PDT 2007
> > "backwards". For example, if Bro looks up the address 64.236.22.63, I will
> > get a log entry
> >
> > Connection to: 64.236.22.63 (Westford, MA, US)
> >
> > which does not match with the output of a manual lookup with geoiplookup.
> >
> > However if I run 63.22.236.64 through geoiplookup, I get
> >
> > GeoIP City Edition, Rev 0: US, MA, Westford
> >
> > I have confirmed this with several different IPs. I'm running Bro 1.3.2 on
> > FreeBSD 6.2 with the ports install of GeoIP 1.4.3. Any suggestions?
> This is just simply a print order, (City, region, country) rather than
> (country, region, city), I believe.
I believe he's referring to 64.236.22.63 instead returning information
for 63.22.236.64 - which looks a lot like a missing ntohl().
Vern
More information about the Bro
mailing list