1

Internet GeolocationBy Brandon Koontz

2

OutlineWhat is Internet Geolocation?How is it useful?Traditional Location SystemIP Address OverviewGeolocation TechniquesEvasion Methods

3

What is Internet Geolocation?Process of finding the geographical location of device that is connected to the internet.

4

How is it used?Content Delivery

◦Hulu, BBC TV, NetflixMarketingWeb Search

◦Google, MicrosoftSocial Networks

◦Foursquare, GowallaWebsite Redirection

5

Traditional Location SystemPublic Switched Telephone

Network (PSTN)◦Used for landline phones◦Circuit-switched◦Relatively static database with

phone numbers and addresses◦Locations

911 service Caller-ID 1-800 numbers

6

Problem for the PSTNMobile Devices

◦Phone number and associated address remains unchanged but physical location changes

Solution◦Regulation by FCC and E911

7

E911Wireless service provider delivers

the latitude, longitude, uncertainty, and must have accuracy of 300 meters for 95% of calls Mobile

Device

Cell Tower 1

Cell Tower 2

Cell Tower 3

8

Background InformationInternet Protocol (IP) Address

◦Globally unique number◦Every Internet connected device has

one◦Different types:

IPv4 32 bits (232) approx 4 Billion Example: 173.20.133.90

IPv6 128 bits (2128) approx 340 Undecillion Example: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

9

IP AddressPublic facing

What the servers on the internet see

Not Address that is given to each device behind a router.

10

IP Address cont.Internet Assigned Numbers

Authority (IANA)◦Operated by Internet Corporation for

Assigned Names and Numbers (ICANN)

◦Globally responsible for allocating blocks of IP addresses Size a block of addresses 127.0.0.0/8 includes 127.0.0.0-

127.255.255.255

11

Regional Internet Registries (RIRs)Like IANA but for specific regions

Receive IP Address blocks from IANA

Distribute smaller blocks of IP Addresses◦Internet Service Providers (ISP)◦Enterprises◦Academic Institutions

12

Regional Internet Registries (RIRs)

http://www.ripe.net

13

Internet Geolocation Techniques

Whois lookups

Domain Name Service Queries

Geolocation Services provided by Companies

14

Whois ProtocolPublic databases provided by the

RIR’s and IANAAccepts

◦IP Address◦Autonomous System (AS) Routing

Number◦Domain Name

Returns who and where the information was registered

15

Whois DatabasesOfficial Databases

Regional Databases whois.arin.net whois.afrinic.net whois.apnic.net whois.lacnic.net whois.ripe.net

International Database whois.iana.org

Third Party Databases

16

Test InformationCurrent Location

◦Dubuque, Iowa, United StatesIP Address

◦173.20.133.90Internet Service Provider (ISP)

◦Mediacom Communications CorpAutonomous System (AS) number

◦AS6478Unix command-line application

“whois”

17

Whois with IP AddressCommand

◦whois 173.20.133.90Results

◦NetRange: 173.16.0.0 - 173.31.255.255

◦OrgName: Mediacom Communications Corp

◦Country: US

18

Whois with IP Address cont.Result

◦Found a referral to rwhois.mediacomcc.com:4321.

Shows the next whois database that can be queried

19

Whois with IP AddressLooking closerResults

◦ network:Network-Name:MEDIACOMCC-173-20-128-0-Dubuque-IA

◦ network:IP-Network:173.20.128.0/21◦ network:IP-Network-Block:173.20.128.1 -

173.20.135.254◦ network:Organization;I:Mediacom

Communications Corp◦ network:Tech-Contact;I:Atli, Serhat◦ network:Admin-Contact;I:Selvage, Joe

20

Whois with IP Address - AlternativeCommand

◦ whois –h rwhois.mediacomcc.com 173.20.133.90

Results◦ network:Network-Name:MEDIACOMCC-173-20-

128-0-Dubuque-IA◦ network:IP-Network:173.20.128.0/21◦ network:IP-Network-Block:173.20.128.1 -

173.20.135.254◦ network:Organization;I:Mediacom

Communications Corp◦ network:Tech-Contact;I:Atli, Serhat◦ network:Admin-Contact;I:Selvage, Joe

21

Autonomous System (AS)16 bit integersUsed by routing protocols

◦Interior Gateway Protocol (IGP)◦Border Gateway Protocol (BGP)

Blocks of AS numbers are given to RIR’s

RIR’s assign them to blocks of IP Addresses

22

Whois with AS number

Finding AS number from IP Address◦whois –h riswhois.ripe.net 173.20.133.90

◦Should be under origin◦“origin: AS6478”◦AS6478 is the AS number for this IP

Address

23

Whois with AS number Command

◦whois AS6478Results

◦ASNumber: 6478◦RegDate: 1996-04-26◦OrgName: AT&T Services, Inc.◦City: MIDDLETOWN◦StateProv: NJ◦Country: US

24

Whois with AS number Results are correct for

◦CountryIncorrect for

◦City◦State

IP Addresses are rarely located where the AS number was registered

25

Example of Incorrect Geolocationwith AS NumberCommand

◦whois AS1239Result

◦ OrgName: Sprint◦ City: Reston◦ StateProv: VA◦ Country: US

Reston’s population is under 100,000But not all IP Addresses are in Reston

26

Domain Name

Easier for humans to remember a series of letters than a series of digits

Domain Name Servers (DNS) translates domain name to IP Address

27

Domain NameFinding IP Address from domain

nameExample uwplatt.edu

◦Using Unix command dig uwplatt.edu dig is used to query DNS name servers

◦Returns ;; ANSWER SECTION: uwplatt.edu. 753 IN A

137.104.129.136

28

Whois with Domain NameCommand

◦whois uwplatt.eduResult

◦ Registrant: University of Wisconsin - Platteville Office of Information Technolgy 1 University Plaza Platteville, WI 53818 UNITED STATES

29

Whois with Domain NameResults are correct for

◦Country◦State◦City

Good for Institutions◦.EDU

30

Domain Name – Geographic CodesFound in some domainsGoogle search “site:.ca”

◦Returns sites with the .ca domain◦ca – Top level domain for Canada

Sub domains may also exist◦ab.ca - Alberta, Canada◦calgary.ab.ca - Calgary, Alberta,

Canada

31

Domain Name – Geographic CodesMay not always be accurateExample .tv domain

◦Tuvalu◦Small island group by Australia and

Hawaii◦Used by many media sites

TWiT.tv justin.tv

32

Third Party ServicesIP2LocationMaxMindGoogle Location Service

Many cost money◦Mainly for large companies

Not worth while for small companies

33

Google Location ServiceUses different techniques for

different scenarios◦Cell Tower Triangulation◦Detected Wifi hotspots◦GPS (If available)◦IP Address location

34

W3C Geolocation APIHTML5Most newer browsersAccessible by JavaScriptUses Google’s Location ServicesSeparates the geolocation

technique from geographic location data

GeoSample.html

35

Geolocation Privacy

36

Two PC’s – Same NetworkHardwired PC

Wireless PC

37

Evasion TechniquesProxy

◦Can be web based or application based

◦Free or paid versions◦Proxy server located at a known

locationTor Project

◦Application based◦Free◦Like a proxy but server changes

38

Tor Project

https://www.torproject.org/about/overview.html.en

39

Tor Project – Tor BrowserNo installation neededIncludes

◦Tor client◦Vidalia – gui for Tor client◦Firefox Portable

JavaScript is off by default Geolocation is off

40

Tor Browser

41

ConclusionWhat is Internet Geolocation?How is it useful?IP Address OverviewGeolocation TechniquesEvasion Methods

42http://www.agent-x.com.au/comic/to-the-batcave/

43

Questions?

44

References [1]Acton, R., Friess, N., & Aycock, J. (2007). Inverse geolocation:

Worms with a sense of direction. Performance, Computing, and Communications Conference, 2007. IPCCC 2007. IEEE International,

487-493. [2] Barnes, R., Winterbottom, J., & Dawson, M. (2011). Internet

geolocation and location-based services. Communications Magazine, IEEE, 49(4), 102-108.

[3] Google Location Service Retrieved from http://static.googleusercontent.com/external_content/untrusted_dlc

p/www.google.com/en/us/intl/zhCN/events/facultysummit/2010/files/ mobile_location.pdf

[4] Internet Corporation for Assigned Names and Numbers: Retrieved from http://www.iana.org

[5] Muir, J. A., & Oorschot, P. C. V. (2009). Internet geolocation: Evasion and counterevasion. ACM Comput.Surv., 42(1), 4:1-4:23.

[6] Thorvaldsen, Ø. E. (2006). Geographical location of internet hosts using a multi-agent system.

[7] Tor Project: Retrieved from https://www.torproject.org/