Location Accuracy of Commercial IP Address Geolocation Databases

This paper deals with finding the geographical location of Internet nodes remotely with no need to communicate with the nodes located (client-independently). IP geolocation is used in a number of areas, such as content personalisation, on-line fraud prevention and detection, and digital media law enforcement. One of the main concerns when studying the accuracy of client-independent geolocation is the groundtruth dataset. As we show in the related work, the used groundtruth influences the results a lot. We construct an error-free groundtruth dataset consisting of nodes with GPS-precise locations. We also record the country, region, city, and ISP for each groundtruth node. Using the created groundtruth, we study the accuracy of eight IP location databases in a number of scenarios, such as effect of city area and population, effect of ISP assignment, and number of not-returned locations

HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks

Geographically locating an IP address is of interest for many purposes. There are two major ways to obtain the location of an IP address: querying commercial databases or conducting latency measurements. For structural Internet nodes, such as routers, commercial databases are limited by low accuracy, while current measurement-based approaches overwhelm users with setup overhead and scalability issues. In this work we present our system HLOC, aiming to combine the ease of database use with the accuracy of latency measurements. We evaluate HLOC on a comprehensive router data set of 1.4M IPv4 and 183k IPv6 routers. HLOC first extracts location hints from rDNS names, and then conducts multi-tier latency measurements. Configuration complexity is minimized by using publicly available large-scale measurement frameworks such as RIPE Atlas. Using this measurement, we can confirm or disprove the location hints found in domain names. We publicly release HLOC's ready-to-use source code, enabling researchers to easily increase geolocation accuracy with minimum overhead.Comment: As published in TMA'17 conference: http://tma.ifip.org/main-conference

Internet Protocol Geolocation: Development of a Delay-Based Hybrid Methodology for Locating the Geographic Location of a Network Node

Internet Protocol Geolocation (IP Geolocation), the process of determining the approximate geographic location of an IP addressable node, has proven useful in a wide variety of commercial applications. Commercial applications of IP Geolocation include market research, redirection for performance enhancement, restricting content, and combating fraud. The potential for military applications include securing remote access via geographic authentication, intelligence collection, and cyber attack attribution. IP Geolocation methods can be divided into three basic categories based upon what information is used to determine the geographic location of the given IP address: 1) Information contained in databases, 2) information that is leaked during connections with the IP of interest, and 3) network-based routing and timing information. This thesis focuses upon an analysis in the third category: delay-based methods. Specifically, a comparative analysis of the three existing delay-based IP Geolocation methods: Upperbound Multilateration (UBM), Constraint Based Geolocation (CBG), and Time to Location Heuristic (TTLH) is conducted. Based upon analysis of the results, a new hybrid methodology is proposed that combines the three existing methods to improve the accuracy when conducting IP Geolocation. Simulations results showed that the new hybrid methodology TTLH method improved the success rate from 80.15% to 91.66% when compared to the shotgun TTLH method

Passport: Enabling Accurate Country-Level Router Geolocation using Inaccurate Sources

When does Internet traffic cross international borders? This question has major geopolitical, legal and social implications and is surprisingly difficult to answer. A critical stumbling block is a dearth of tools that accurately map routers traversed by Internet traffic to the countries in which they are located. This paper presents Passport: a new approach for efficient, accurate country-level router geolocation and a system that implements it. Passport provides location predictions with limited active measurements, using machine learning to combine information from IP geolocation databases, router hostnames, whois records, and ping measurements. We show that Passport substantially outperforms existing techniques, and identify cases where paths traverse countries with implications for security, privacy, and performance

Passport: enabling accurate country-level router geolocation using inaccurate sources

When does Internet traffic cross international borders? This question has major geopolitical, legal and social implications and is surprisingly difficult to answer. A critical stumbling block is a dearth of tools that accurately map routers traversed by Internet traffic to the countries in which they are located. This paper presents Passport: a new approach for efficient, accurate country-level router geolocation and a system that implements it. Passport provides location predictions with limited active measurements, using machine learning to combine information from IP geolocation databases, router hostnames, whois records, and ping measurements. We show that Passport substantially outperforms existing techniques, and identify cases where paths traverse countries with implications for security, privacy, and performance.First author draf

Assessing the geographic resolution of exhaustive tabulation for geolocating Internet hosts

peer reviewedGeolocation of Internet hosts relies mainly on exhaustive tabulation techniques. Those techniques consist in building a database, that keeps the mapping between IP blocks and a geographic location. Relying on a single location for a whole IP block requires using a coarse enough geographic resolution. As this geographic resolution is not made explicit in databases, we try in this paper to better understand it by comparing the location estimates of databases with a well-established active measurements-based geolocation technique. We show that the geographic resolution of geolocation databases is far coarser than the resolution provided by active measurements for individual IP addresses. Given the lack of information in databases about the expected location error within each IP block, one cannot havemuch confidence in the accuracy of their location estimates. Geolocation databases should either provide information about the expected accuracy of the location estimates within each block, or reveal information about how their location estimates have been built, unless databases have to be trusted blindly.FP6-FET ANA (FP6-IST- 27489