About ip2geo.org

Panic!

Being on the receiving end of a distributed penetration probe — whether it is aimed at your email system, shell login, or any other public-facing service — can be a harrowing experience. Things get hectic, and the tools avaialble don't always help narrow down malicious connections, let alone format their output in a prepackaged way to highlight strange connections

Frustration!

So you take the output from the powerful CLI tool and put it in your choice of power-text editor, spend precious minutes cleaning it up, and then ... they want you to copy paste IP addresses into a web form, one by one? Don't they know you have tens, hundreds, maybe thousands of entries to check? There isn't time for this nonsense.

Solution!

I was supporting an old system that ran email for several thousand users, had no password policies, and generally had no support. Email accounts were being compromised regularly, but I didn't have the budget (either cash or man hours) to really fix the problem. Instead, I put this tool together to take raw output from netstat, fail2ban logs, or any other copy/paste text source and not only clean it for me, but do a fast lookup to see where these IPs were coming from. Suddenly it was easy to see the botnet poking at logins from all across the world — and drop traffic from them.

Wait, what happenedi?

ip2geo.org takes any text input and combs through looking for patterns that match valid IPv4 addresses. It then checks them against an IP-to-geolocation database and returns results. You can filter out certain countries to raise the SNR (say, removing all US IPs when hunting for traffic that doesn't make sense to your Montana business's website).

Why is it free?

I used free tools to create it. Mostly it's free because I wish this existed for free when I needed it.

Back to ip2geo.org