Deriving the country from stored integer values in reports or data sets is going to have significant performance issues. However, now is the time for you or your database administrators to make some design decisions. Now that the two-way conversion functionality exists, we can easily get whatever country-based information we want from the logs based on what our needs are. Find Country Based on Integer IP Address Integer Value Using Our IP String-to-Integer Function Process Source Country For instance, in both ISA Server and TMG, IP address records in a monitoring session will be displayed in dot notation even though the address is being stored differently: ISA Server logs store the IP as an integer value while TMG stores it as a uniqueidentifier data type. In human-readable reports, the IP address is typically in dotted notation, while system-based log values and database fields typically work with integers. This is important to know when you begin to work with the logging of IP addresses and the subsequent mapping of an IP address to a record containing a range of IPs as in Figure 3.4. Hex dotted notation works as well in the form of FF.FF.FF.FF, which directly converts to 255.255.255.255, which in turn converts to 4,294,967,295 decimal in the form of 256 3.256 2.256 1.256 0. In the beginning, I spent a substantial amount of time aggregating IP source data from several sources until I decided to use a single source of data from WebNet77, 2 but your sources are up to you.Īn IPv4 address 3 is simply a dot notation of octets that represent an integer value from 0 to 4,294,967,295 or 0.0.0.0 to 255.255.255.255, or x00000000 to xFFFFFFFF. The most obvious project dependency we have is a source for country-by-country IP ranges in order to identify the country based on IP. In this example, I am using TMG, which already has logging capabilities in place for all aspects of IP traffic we need. In simple terms, we want to capture traffic, figure out what country it came from, analyze it to meet our needs, and then form rules to take the appropriate actions we want.
It may be in the form of blocking SMTP from a particular set of countries, or web traffic from others, or blacklisting all traffic from any particular source. Irrespective of your disposition, I wanted to outline a process by which you could leverage a few technologies from which to perform data analysis, and to have the ability to take action should you decide to implement this control. Some of you do not have a business model that supports country blocking and some of you do.
Timothy “Thor” Mullen, in Thor's Microsoft Security Bible, 2011 Implementing a Solution
0 kommentar(er)
