This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nate_Johnson
Employee
Employee
‎2017-01-26 07:45 AM

Checking IP Against Geo-Protection Database

Overview

This code takes in a user input for an IPv4 address and searches for it in the Geo-Protection Database, returning the country of origin.

Description

This python script allows a user to quickly search the IpToCountry.csv file to find the country of origin for a given IPv4 address.  It does all the necessary IP to decimal conversions automatically and uses that to iterate through the CSV.

For more information on how the  IpToCountry.csv file works, please see SK94364

Instructions

Download the Python scripts below and place them in the same directory.  (Note: Script was written in Python 2.7)

Copy the IpToCountry.csv file from a security gateway, located in the $FWDIR/tmp/geo_location_tmp/updates/ directory, to the same directory as the files above

Run Geoprotect.py

Input the IPv4 address you'd like to check

Code Version

Code version 1.0.0

Tested on version

R77.30 IpToCountry.csv file

NOTICE: By using this sample code you agree to terms and conditions in this Not authorized to view the specified document 1042

...

ipaddress.py.zip
Geoprotect.py.zip
3 Replies
Marc_Lampo
Contributor
‎2017-02-01 05:49 AM

The file IpToCountry.csv, even on a recent R77.30 + Jumbo take 205, reads :

# Download time: 11:15:25, Wed Aug 29, 2012

Isn't this a bit old.

Knowing that, in these years with increasing IPv4 shortage, blocks of IPv4 addresses have be sold and been transferred, sometimes to other countries.

How does one update this file ?

Kind regards,

0 Kudos
Jeff_St_John
Participant
‎2017-03-30 08:30 PM

I assume you are not running the IPS blade. My file is updated regularly and they get the data from Maxmind.com. Maxmind updates the data regularly.

Pablo_Munoz
Employee Employee
Employee
‎2018-07-04 10:21 AM

I just saw this thread, maybe a reply is not needed anymore, however I thought I would provide some additional information here to clarify:

sk95976 - How GEO protection country file is getting updated

sk79360 - How to check if Geo Protections have been updated

The Gateway needs internet connectivity to get the IpToCountry updates from the Check Point Cloud (Maxmind.com is correct). If there is no internet connectivity available, you can also follow:

sk84801 - Updating Geo IPs on Offline Gateways.

I hope this information helps!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top