1 / 44

Internet Geolocation

Internet Geolocation. By Brandon Koontz. Outline. What is Internet Geolocation? How is it useful? Traditional Location System IP Address Overview Geolocation Techniques Evasion Methods. What is Internet Geolocation?.

darby
Download Presentation

Internet Geolocation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Geolocation By Brandon Koontz

  2. Outline • What is Internet Geolocation? • How is it useful? • Traditional Location System • IP Address Overview • Geolocation Techniques • Evasion Methods

  3. What is Internet Geolocation? Process of finding the geographical location of device that is connected to the internet.

  4. How is it used? • Content Delivery • Hulu, BBC TV, Netflix • Marketing • Web Search • Google, Microsoft • Social Networks • Foursquare, Gowalla • Website Redirection

  5. Traditional Location System • Public Switched Telephone Network (PSTN) • Used for landline phones • Circuit-switched • Relatively static database with phone numbers and addresses • Locations • 911 service • Caller-ID • 1-800 numbers

  6. Problem for the PSTN • Mobile Devices • Phone number and associated address remains unchanged but physical location changes • Solution • Regulation by FCC and E911

  7. E911 • Wireless service provider delivers the latitude, longitude, uncertainty, and must have accuracy of 300 meters for 95% of calls Cell Tower 3 Mobile Device Cell Tower 1 Cell Tower 2

  8. Background Information • Internet Protocol (IP) Address • Globally unique number • Every Internet connected device has one • Different types: • IPv4 32 bits (232) approx 4 Billion • Example: 173.20.133.90 • IPv6 128 bits (2128) approx 340 Undecillion • Example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

  9. IP Address • Public facing • What the servers on the internet see • Not Address that is given to each device behind a router.

  10. IP Address cont. • Internet Assigned Numbers Authority (IANA) • Operated by Internet Corporation for Assigned Names and Numbers (ICANN) • Globally responsible for allocating blocks of IP addresses • Size a block of addresses • 127.0.0.0/8 includes 127.0.0.0-127.255.255.255

  11. Regional Internet Registries (RIRs) • Like IANA but for specific regions • Receive IP Address blocks from IANA • Distribute smaller blocks of IP Addresses • Internet Service Providers (ISP) • Enterprises • Academic Institutions

  12. Regional Internet Registries (RIRs) http://www.ripe.net

  13. Internet Geolocation Techniques • Whois lookups • Domain Name Service Queries • Geolocation Services provided by Companies

  14. Whois Protocol • Public databases provided by the RIR’s and IANA • Accepts • IP Address • Autonomous System (AS) Routing Number • Domain Name • Returns who and where the information was registered

  15. Whois Databases • Official Databases • Regional Databases • whois.arin.net • whois.afrinic.net • whois.apnic.net • whois.lacnic.net • whois.ripe.net • International Database • whois.iana.org • Third Party Databases

  16. Test Information • Current Location • Dubuque, Iowa, United States • IP Address • 173.20.133.90 • Internet Service Provider (ISP) • Mediacom Communications Corp • Autonomous System (AS) number • AS6478 • Unix command-line application “whois”

  17. Whois with IP Address • Command • whois 173.20.133.90 • Results • NetRange: 173.16.0.0 - 173.31.255.255 • OrgName: Mediacom Communications Corp • Country: US

  18. Whois with IP Address cont. • Result • Found a referral to rwhois.mediacomcc.com:4321. • Shows the next whois database that can be queried

  19. Whois with IP Address • Looking closer • Results • network:Network-Name:MEDIACOMCC-173-20-128-0-Dubuque-IA • network:IP-Network:173.20.128.0/21 • network:IP-Network-Block:173.20.128.1 - 173.20.135.254 • network:Organization;I:Mediacom Communications Corp • network:Tech-Contact;I:Atli, Serhat • network:Admin-Contact;I:Selvage, Joe

  20. Whois with IP Address - Alternative • Command • whois –h rwhois.mediacomcc.com 173.20.133.90 • Results • network:Network-Name:MEDIACOMCC-173-20-128-0-Dubuque-IA • network:IP-Network:173.20.128.0/21 • network:IP-Network-Block:173.20.128.1 - 173.20.135.254 • network:Organization;I:Mediacom Communications Corp • network:Tech-Contact;I:Atli, Serhat • network:Admin-Contact;I:Selvage, Joe

  21. Autonomous System (AS) • 16 bit integers • Used by routing protocols • Interior Gateway Protocol (IGP) • Border Gateway Protocol (BGP) • Blocks of AS numbers are given to RIR’s • RIR’s assign them to blocks of IP Addresses

  22. Whois with AS number • Finding AS number from IP Address • whois –h riswhois.ripe.net 173.20.133.90 • Should be under origin • “origin: AS6478” • AS6478 is the AS number for this IP Address

  23. Whois with AS number • Command • whois AS6478 • Results • ASNumber: 6478 • RegDate: 1996-04-26 • OrgName: AT&T Services, Inc. • City: MIDDLETOWN • StateProv: NJ • Country: US

  24. Whois with AS number • Results are correct for • Country • Incorrect for • City • State • IP Addresses are rarely located where the AS number was registered

  25. Example of Incorrect Geolocationwith AS Number • Command • whois AS1239 • Result • OrgName: Sprint • City: Reston • StateProv: VA • Country: US • Reston’s population is under 100,000 • But not all IP Addresses are in Reston

  26. Domain Name • Easier for humans to remember a series of letters than a series of digits • Domain Name Servers (DNS) translates domain name to IP Address

  27. Domain Name • Finding IP Address from domain name • Example uwplatt.edu • Using Unix command dig uwplatt.edu • dig is used to query DNS name servers • Returns • ;; ANSWER SECTION: • uwplatt.edu. 753 IN A 137.104.129.136

  28. Whois with Domain Name • Command • whois uwplatt.edu • Result • Registrant: University of Wisconsin - Platteville Office of Information Technolgy 1 University Plaza Platteville, WI 53818 UNITED STATES

  29. Whois with Domain Name • Results are correct for • Country • State • City • Good for Institutions • .EDU

  30. Domain Name – Geographic Codes • Found in some domains • Google search “site:.ca” • Returns sites with the .ca domain • ca – Top level domain for Canada • Sub domains may also exist • ab.ca - Alberta, Canada • calgary.ab.ca - Calgary, Alberta, Canada

  31. Domain Name – Geographic Codes • May not always be accurate • Example .tv domain • Tuvalu • Small island group by Australia and Hawaii • Used by many media sites • TWiT.tv • justin.tv

  32. Third Party Services • IP2Location • MaxMind • Google Location Service • Many cost money • Mainly for large companies • Not worth while for small companies

  33. Google Location Service • Uses different techniques for different scenarios • Cell Tower Triangulation • Detected Wifi hotspots • GPS (If available) • IP Address location

  34. W3C Geolocation API • HTML5 • Most newer browsers • Accessible by JavaScript • Uses Google’s Location Services • Separates the geolocation technique from geographic location data • GeoSample.html

  35. Geolocation Privacy

  36. Two PC’s – Same Network Hardwired PC Wireless PC

  37. Evasion Techniques • Proxy • Can be web based or application based • Free or paid versions • Proxy server located at a known location • Tor Project • Application based • Free • Like a proxy but server changes

  38. Tor Project https://www.torproject.org/about/overview.html.en

  39. Tor Project – Tor Browser • No installation needed • Includes • Tor client • Vidalia – gui for Tor client • Firefox Portable • JavaScript is off by default • Geolocation is off

  40. Tor Browser

  41. Conclusion • What is Internet Geolocation? • How is it useful? • IP Address Overview • Geolocation Techniques • Evasion Methods

  42. http://www.agent-x.com.au/comic/to-the-batcave/

  43. Questions?

  44. References • [1]Acton, R., Friess, N., & Aycock, J. (2007). Inverse geolocation: Worms with a sense of direction. Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE International, 487-493. • [2] Barnes, R., Winterbottom, J., & Dawson, M. (2011). Internet geolocation and location-based services. Communications Magazine, IEEE, 49(4), 102-108. • [3] Google Location Service Retrieved from http://static.googleusercontent.com/external_content/untrusted_dlc p/www.google.com/en/us/intl/zhCN/events/facultysummit/2010/files/ mobile_location.pdf • [4] Internet Corporation for Assigned Names and Numbers: Retrieved from http://www.iana.org • [5] Muir, J. A., & Oorschot, P. C. V. (2009). Internet geolocation: Evasion and counterevasion. ACM Comput.Surv., 42(1), 4:1-4:23. • [6] Thorvaldsen, Ø. E. (2006). Geographical location of internet hosts using a multi-agent system. • [7] Tor Project: Retrieved from https://www.torproject.org/

More Related