Technical Tip: Global IP address information database
Description
The global IP address database is an integrated database containing all public IP addresses and is implemented in the Internet-Service Database.
This feature adds extensions to Internet Service and IP Reputation to download more details about public IP addresses, including ownership, known services, geographic location, blacklisting information, etc.
The new details are available in drill down information, tool tips, and similar mechanisms in FortiView and other areas.
Solution
The global IP address database is an integrated database containing all public IP addresses and is implemented in the internet-service database.
To view the owner of the IP address.
The global IP address database is an integrated database containing all public IP addresses and is implemented in the Internet-Service Database.
This feature adds extensions to Internet Service and IP Reputation to download more details about public IP addresses, including ownership, known services, geographic location, blacklisting information, etc.
The new details are available in drill down information, tool tips, and similar mechanisms in FortiView and other areas.
Solution
The global IP address database is an integrated database containing all public IP addresses and is implemented in the internet-service database.
To view the owner of the IP address.
(global) # get firewall internet-service-owner ?To check for any known service running on an IP address.
id Internet Service owner ID.
1 Google
2 Facebook
3 Apple
4 Yahoo
5 Microsoft
......
115 Cybozu
116 VNC
(global) # diagnose internet-service info FG-traffic 6 80 8.8.8.8To check GeoIP location and black list information.
Internet Service: 65537(Google.Web)
(global) # diagnose internet-service id 65537 | grep 8.8.8.8To check a known malicious server.
8.8.8.8-8.8.8.8 geo_id(11337) black list(0x0) proto(6) port(80 443)
8.8.8.8-8.8.8.8 geo_id(11337) black list(0x0) proto(17) port(443)
(global) # diagnose internet-service id-summary 3080383To check questionable usage.
Version: 0000600096
Timestamp: 201902111802
Total number of IP ranges: 444727
Number of Groups: 7
Group(0), Singularity(20), Number of IP ranges(142740)
Group(1), Singularity(19), Number of IP ranges(1210)
Group(2), Singularity(16), Number of IP ranges(241)
Group(3), Singularity(15), Number of IP ranges(38723)
Group(4), Singularity(10), Number of IP ranges(142586)
Group(5), Singularity(8), Number of IP ranges(5336)
Group(6), Singularity(6), Number of IP ranges(113891)
Internet Service: 3080383(Botnet.C&C.Server)
Number of IP range: 111486
Number of IP numbers: 111486
Singularity: 20
Reputation: 1(Known malicious sites related to botnet servers, phishing sites, etc.)
Icon Id: 591
Second Level Domain: 1(other)
Direction: dst
Data source: irdb
(global) # diag internet-service id-summary 2818238
Version: 0000600096
Timestamp: 201902111802
Total number of IP ranges: 444727
Number of Groups: 7
Group(0), Singularity(20), Number of IP ranges(142740)
Group(1), Singularity(19), Number of IP ranges(1210)
Group(2), Singularity(16), Number of IP ranges(241)
Group(3), Singularity(15), Number of IP ranges(38723)
Group(4), Singularity(10), Number of IP ranges(142586)
Group(5), Singularity(8), Number of IP ranges(5336)
Group(6), Singularity(6), Number of IP ranges(113891)
Internet Service: 2818238(Tor.Relay.Node)
Number of IP range: 13718
Number of IP numbers: 13718
Singularity: 20
Reputation: 2(Sites providing high risk services such as TOR, proxy, P2P, etc.)
Icon Id: 43
Second Level Domain: 1(other)
Direction: dst
Data source: irdb
(global) # diagnose internet-service id-summary 2818243
Version: 0000600096
Timestamp: 201902111802
Total number of IP ranges: 444727
Number of Groups: 7
Group(0), Singularity(20), Number of IP ranges(142740)
Group(1), Singularity(19), Number of IP ranges(1210)
Group(2), Singularity(16), Number of IP ranges(241)
Group(3), Singularity(15), Number of IP ranges(38723)
Group(4), Singularity(10), Number of IP ranges(142586)
Group(5), Singularity(8), Number of IP ranges(5336)
Group(6), Singularity(6), Number of IP ranges(113891)
Internet Service: 2818243(Tor.Exit.Node)
Number of IP range: 1210
Number of IP numbers: 1210
Singularity: 19
Reputation: 2(Sites providing high risk services such as TOR, proxy, P2P, etc.)
Icon Id: 43
Second Level Domain: 1(other)
Direction: src
Data source: irdb