Re: [Way OT] Re: Geo location to IP mapping
In article [EMAIL PROTECTED], Jeroen Massar [EMAIL PROTECTED] writes Try http://www.hostip.info it is reasonable accurate in most cases and hell it is for free. It depends what you need it for of course but it is far better than nothing. The problem with this one is that they are still gathering data and they depend on user input, but it looks pretty accurate to what I have found out. The problem with their user input is that the result they return is typically the ISP NOC location (in my case 200 miles south of me, about halfway across the country). If I correct this, then suddenly all my ISP's users appear to be located in the same town as me. Which is probably more wrong than them all appearing to be where they've guessed the NOC location to be. -- Roland Perry
Re: Geo location to IP mapping
In article [EMAIL PROTECTED], Ashe Canvar [EMAIL PROTECTED] writes Thanks for all your replies. I came across http://www.hostip.info/use.html, which looks good, at least from a API/ ease of use prespective. I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right.
[Way OT] Re: Geo location to IP mapping
- Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) scott
Re: [Way OT] Re: Geo location to IP mapping
On May 17, 2006, at 2:09 PM, Scott Weeks wrote: - Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Sometimes knowing which planet you are dealing with can be useful... Regards Marshall scott
Re: [Way OT] Re: Geo location to IP mapping
- Original Message Follows - From: Marshall Eubanks [EMAIL PROTECTED] One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Sometimes knowing which planet you are dealing with can be useful... Sure can be: www.ipnsig.org/home.htm :-) scott
Re: [Way OT] Re: Geo location to IP mapping
Marshall Eubanks wrote: On May 17, 2006, at 2:09 PM, Scott Weeks wrote: - Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Sometimes knowing which planet you are dealing with can be useful... Regards Marshall scott I am shure it is the right one, but it may be the wrong universe :) Peter -- Peter and Karin Dambier Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
Re: [Way OT] Re: Geo location to IP mapping
From [EMAIL PROTECTED] Wed May 17 13:22:15 2006 Cc: nanog@merit.edu From: Marshall Eubanks [EMAIL PROTECTED] Subject: Re: [Way OT] Re: Geo location to IP mapping Date: Wed, 17 May 2006 14:21:02 -0400 To: [EMAIL PROTECTED] On May 17, 2006, at 2:09 PM, Scott Weeks wrote: - Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Sometimes knowing which planet you are dealing with can be useful... I find that the state is invariably correct. Although the seems to be a lot of 'uncertainty' about how to spell confusion.
Re: [Way OT] Re: Geo location to IP mapping
On Wed, 2006-05-17 at 08:09 -1000, Scott Weeks wrote: - Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Try http://www.hostip.info it is reasonable accurate in most cases and hell it is for free. It depends what you need it for of course but it is far better than nothing. 64.29.76.9, your mauigateway.com pops up correctly as Honolulu. 205.166.249.10 is guessed to be somewhere random in the US. The problem with this one is that they are still gathering data and they depend on user input, but it looks pretty accurate to what I have found out. Most of these kind of databases rely on user input though. I am quite sure that Google, using their search thing and especially Orkut has quite some info on this. Shopping Sites like Ebay and Amazon of course get their shipping info for free and thus can pretty much pinpoint the city correctly after $x percentage of customers bought from there. Problem in the end is of course when there is a huge pool and the end-users change a lot, but then the country is accurate enough already. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [Way OT] Re: Geo location to IP mapping
- Original Message Follows - From: Jeroen Massar [EMAIL PROTECTED] One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Try http://www.hostip.info it is reasonable accurate in most cases and hell it is for free. It depends what you need it for of course but it is far better than nothing. 64.29.76.9, your mauigateway.com pops up correctly as Honolulu. 205.166.249.10 is guessed to be somewhere random in the US. That's not the address space I manage. It's just my ISP. From www.hostip.info I get ... actually we haven't a clue. The IP space I manage is a /15 and is in ARIN, so it's hard to miss... scott
Re: [Way OT] Re: Geo location to IP mapping
At 03:58 PM 5/17/2006, Scott Weeks wrote: [ SNIP ] That's not the address space I manage. It's just my ISP. From www.hostip.info I get ... actually we haven't a clue. The IP space I manage is a /15 and is in ARIN, so it's hard to miss... scott It's not really fair to baseline the credibility of any geo location discussion based on hostip.info. There are much better commercial services like Quovus, MaxMind, and Akamai. -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: Geo location to IP mapping
Edward B. DREGER wrote: Since when does the NSA patent things, anyhow? I'd think they would keep secret anything that's actually effective. They are handing out technology transfer program leaflets in tradeshows now. Pete
Re: Geo location to IP mapping
At 10:55 PM 15-05-06 -0700, Bill Woodcock wrote: On Mon, 15 May 2006, Roland Perry wrote: http://www.hostip.info/use.html, which looks good, at least from a API/ ease of use prespective. I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. 100miles? Is that all? Try 6096 miles! My IP is 132.66.222.13 and it lists it as Beijing, China yet I am in Israel. This IP has never been in APNIC. It has been listed in ARIN and RIPE since 1989 as being Israel so I guess hostip is not the most reliable system to use. -Hank
Re: Geo location to IP mapping
As a major caveat, all geolocation services do have some degree of inaccuracy, because the sources of data are very diverse. (Some ISPs provide complete subnet maps to MaxMind and other providers, whereas some data is scraped from WHOIS or provided by inference from end-users.) And some organizations run their own internal networks across international borders. In other words, knowing that subnet X is allocated to company Y who has a 300 meg Internet connection in city Z, does not mean that all the users of that connection are also in city Z. They could be scattered around the world. This is why some companies use other sources of data to infer the location, i.e. if users of an IP address prefer yahoo.fr to yahoo.com, then that is one datapoint in favour of them being located in France. If you understand the principles of RBL weighting then you will get the idea. --Michael Dillon
Re: Geo location to IP mapping
I can solve the visualization part and the GIS issues. But comes down to the accuracy of the geo-ip database in the end. According to the Brand X localisation database which was rated tops in the Brand Y Web Magazine survey in 2005, our top customers are located in these cities. Who said marketing is not for techies? --Michael Dillon
Re: Geo location to IP mapping
I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. I live in London and use BT Broadband. But geolocation shows me being in Ipswich up in East Anglia, a long way from London. I assume this is because the geolocation only knows that I use an IP address from a DHCP pool managed in Ipswich. They don't know anything about BT's own extensive network, and in the case of DSL using tunnels and DHCP servers, the real topology becomes entirely invisible. The end result is that most of England's population lives in Ipswich. Eat your heart out Alan Partridge. A few years ago, while working at a different company in London, I had a New York IP address because our company's internal network Internet gateway was in New York. Then they changed things around so that we used a gateway in London for all the European offices. But that meant that colleagues in France, Germany, etc... would all show up as being located in London. Nowadays, I use a VPN to work from home. The VPN software knows of multiple tunnel endpoint servers so if there is a problem with the UK server it fails over to a server in the USA. My IP address on the Internet comes from the NAT server at the Internet gateway. Depending on where the tunnel endpoint is, it could be a US address or a UK address. 100% accurate geolocation is not achievable but if you understand the issues then you can better make a decision how to apply geolocation services to your own problem. It may work well enough for some things. --Michael Dillon
Re: Geo location to IP mapping
In article [EMAIL PROTECTED], Bill Woodcock [EMAIL PROTECTED] writes I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. 1.3ms is longer in small countries like England? I'm virtually certain it's not being done by propagation delay. What they've apparently done is look up the RIPE database, and found that my ISP has registered an address, with postcode, for the hostmaster function. They've reported the major town associated with the two most significant (out of six) characters of that postcode (Hemel Hempstead), although the address is actually in a smaller town twenty miles to the west (Stoke Mandeville). To complicate the issue, the ISP is formed by the acquisition of several smaller ISPs, and it seems unlikely (from my knowledge of the local topology) that the physical NOC is at the hostmaster's address. Finally, the tail from the NOC to my house (which appears as one hop) is over a connection into British Telecom's ADSL backbone, and then over the BT internal network which supports their wholesale ADSL product, as far as my local telephone exchange (which I can see out of my office window) and a short length of local copper. There's nothing in either the RIPE database, or timing of packets, which could say where in the country that tail is delivered. The ISP has my billing address, of course. -- Roland Perry
Re: Geo location to IP mapping
In article [EMAIL PROTECTED] , [EMAIL PROTECTED] writes I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. I live in London and use BT Broadband. But geolocation shows me being in Ipswich up in East Anglia, a long way from London. I assume this is because the geolocation only knows that I use an IP address from a DHCP pool managed in Ipswich. Martlesham, probably, which has an Ipswich postcode. The end result is that most of England's population lives in Ipswich. Only BT *Retail* ADSL customers, I'm a wholesale customer via a different ISP, and a different misleading location. -- Roland Perry
Re: Geo location to IP mapping
Well I must admit that zip code was best case under ideal conditions ;-) There are always plenty of exceptions that put sand in the gears. Putting on my conservative hat the approach is more granular than guessing the right country as was being discussed before. My intention was only to infer there is more than one way to approach the problem and an approach that can avoid some of the DHCP issues seen in the datbase approaches. This was work from 6 years ago so a bit fuzzy on the particulars at this point. best, sean - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] Date: Monday, May 15, 2006 10:25 pm Subject: Re: Geo location to IP mapping On Mon, 15 May 2006 21:49:31 -0400, Marshall Eubanks [EMAIL PROTECTED] wrote: I seriously doubt this would work to better than the regional area. My zip code (20124) region is about 5 km across, which would be 15 microseconds in vacuum, and maybe at most 50 micro seconds in glass. So, you would need accuracies at the 10's of microsecond level to specify zip codes. I can believe that you can measure transmission times down a fiber and achieve repeatability at the microsecond level - in fact, I remember a Michelson interferometer that they set up at JPL / Goldstone that tested the Sagnac effect in glass, which required substantially better repeatibility than that. But do you really think that you can estimate the router delay on the (for example) 9 hops between here and GMU to better than 1 millisecond each ? (That would imply a 3 millisecond rms error if these errors were random and Gaussian, or about 1000 km in vacuum, and maybe 500 km error in glass.) So, I think that this would fail by at least 2 orders of magnitude for zip codes in a real operational network. Which coast of the US, sure, but not much better than that. I suspect you can do that; a bigger factor is the link type of the lasthop. Cable modems, DSL, 802.11 -- they all have characteristic delays. The important insight is that you care about *minimum* time. You can lots of queueing delays and jitter most of the time, as long as you get one packet through unobstructed. Send enough probes and you'll make it. I did some similar work in 1992; see http://www.cs.columbia.edu/~smb/papers/netmeas.pdf for details. You couldn't repeat, today, exactly what I did then, because of the way pings are handled by modern routers, but I suspect one could find analogous schemes. To give one example of what I could tell -- and I was looking at the per-byte cost -- I was able to determine, from New Jersey, that a router outside Chicago was misconfigured; the site's backbone Ethernet should have been on the same card as the serial line (in the days of T-1 interfaces...), because copying the packet across the backplane introduceda noticeable per-byte delay. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Re: Geo location to IP mapping
Here is a tech report with a survey on geolocation and evasion techniques: http://www.scs.carleton.ca/~jamuir/papers/TR-06-05.pdf Thanks, Tao Wan http://www.scs.carleton.ca/~twan
Re: Geo location to IP mapping
At 10:39 AM 5/16/2006, Tao Wan wrote: Here is a tech report with a survey on geolocation and evasion techniques: http://www.scs.carleton.ca/~jamuir/papers/TR-06-05.pdf This document seems to miss one other fairly common way in which geolocation fails: VPN. Whether a single user VPN session in which the user's laptop obtains an IP address from the VPN gateway, or a subnet extended out across a VPN to a remote office, the user(s) will appear to be at the location of the VPN concentrator. While ping latency, if even transported over the VPN, may show a greater distance than other IP addresses in teh neighborhood, there is no clear way to know why that latency is higher. It's odd this was omitted.
Re: Geo location to IP mapping
On Mon, 15 May 2006 22:55:40 PDT, Bill Woodcock said: On Mon, 15 May 2006, Roland Perry wrote: http://www.hostip.info/use.html, which looks good, at least from a API/ ease of use prespective. I just tried that, says I'm 100 miles south of where I really am. That' s quite a long way out in a small country like England. 1.3ms is longer in small countries like England? How many milliseconds wide are Luxembourg and Leichtenstein combined? pgpekElkpfZrq.pgp Description: PGP signature
Re: Geo location to IP mapping
--- Marshall Eubanks [EMAIL PROTECTED] wrote: (snip) You can't do geolocation using network timing to much better than about 10 milliseconds because you don't control either paths or the routers etc. in those paths. (This requires absolute timing; differential measurements can be better and useful for some things, but they won't give you location.) (snip) I'm in total agreement with you, (IMHO) its crap science at best, who the hell cares about where you are on the earth... what matters where on the network _is your access point_, if you are in small-cuty.kr and your vpn endpoint is in sf.ba.ca.us , the closest interweb server (using network topology) is going to probably be in ca.us, not the one in .jp . to try to use geo-ip data in the real world is to add a small tool to to your kit. geo-ip is a feather duster, not a leatherman.
Geo location to IP mapping
Hi all, Can any of you please recommend some IP-to-geo mapping database / web service ? I would like to get resolution down to city if possible. Thanks and Regards, -ashe
Re: Geo location to IP mapping
GeoIP - http://www.maxmind.com/geoip/ Ashe Canvar wrote: Hi all, Can any of you please recommend some IP-to-geo mapping database / web service ? I would like to get resolution down to city if possible. Thanks and Regards, -ashe -- Alain Hebert[EMAIL PROTECTED] PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.netfax 514-990-9443
Re: Geo location to IP mapping
AC Date: Mon, 15 May 2006 09:35:47 -0700 AC From: Ashe Canvar AC Can any of you please recommend some IP-to-geo mapping database / web AC service ? AC AC I would like to get resolution down to city if possible. Many people would. Don't hope for much better than country granularity -- and even _that_ frequently is incorrect. Try the .zz.countries.nerd.dk DNS zone for a quick-and-easy source. Disclosure: I'm not affiliated in any way, other than that I use it. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Re: Geo location to IP mapping
On 5/15/06, Ashe Canvar [EMAIL PROTECTED] wrote: Hi all, Can any of you please recommend some IP-to-geo mapping database / web service ? I would like to get resolution down to city if possible. The gold standard is MaxMind GeoIP. http://www.maxmind.com/ There are a couple free ones I've seen, but they are quite a bit less accurate. I can't think of them off the top of my head. As a major caveat, all geolocation services do have some degree of inaccuracy, because the sources of data are very diverse. (Some ISPs provide complete subnet maps to MaxMind and other providers, whereas some data is scraped from WHOIS or provided by inference from end-users.) -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Geo location to IP mapping
cough scam_snake_oil_etc /cough On Mon, 15 May 2006, Alain Hebert wrote: : :GeoIP - http://www.maxmind.com/geoip/ : :Ashe Canvar wrote: : : : Hi all, : : Can any of you please recommend some IP-to-geo mapping database / web : service ? : : I would like to get resolution down to city if possible. : : Thanks and Regards,
Re: Geo location to IP mapping
At 12:49 PM 5/15/2006, Brian Wallingford wrote: cough scam_snake_oil_etc /cough How so? -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
RE: Geo location to IP mapping
Quova seems to be the premier service: http://www.quova.com/ I read a story on them some time ago and I was left with the impression that all the other players are rookies, but then again, you probably will pay heavily for this service. Geobytes is another one I've played with. We're a small ISP, and I know they've never asked for our ranges, so the best any of these could do would be on a multi-county basis. For kicks I would like to try an IP address from each of our subnets and see how they do. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ashe Canvar Sent: Monday, May 15, 2006 11:36 AM To: [EMAIL PROTECTED] Subject: Geo location to IP mapping Hi all, Can any of you please recommend some IP-to-geo mapping database / web service ? I would like to get resolution down to city if possible. Thanks and Regards, -ashe
Re: Geo location to IP mapping
I'm not quite comfortable with the idea of building a market audience based on data with at best dubious accuracy. On Mon, 15 May 2006, Martin Hannigan wrote: :At 12:49 PM 5/15/2006, Brian Wallingford wrote: : :cough scam_snake_oil_etc /cough : : :How so?
Re: Geo location to IP mapping
It works for spammers. - billn On Mon, 15 May 2006, Brian Wallingford wrote: I'm not quite comfortable with the idea of building a market audience based on data with at best dubious accuracy. On Mon, 15 May 2006, Martin Hannigan wrote: :At 12:49 PM 5/15/2006, Brian Wallingford wrote: : :cough scam_snake_oil_etc /cough : : :How so?
Re: Geo location to IP mapping
Thanks for all your replies. I came across http://www.hostip.info/use.html, which looks good, at least from a API/ ease of use prespective. So how would the illustrious people on nanog solve the folowing issue: + PHB walks into my office and asks for a global distribution of my 500K customers. + Preferably wants a gigantic world map with realtime visualization of where the currently active customers are I can solve the visualization part and the GIS issues. But comes down to the accuracy of the geo-ip database in the end. -ashe On 5/15/06, Bill Nash [EMAIL PROTECTED] wrote: It works for spammers. - billn On Mon, 15 May 2006, Brian Wallingford wrote: I'm not quite comfortable with the idea of building a market audience based on data with at best dubious accuracy. On Mon, 15 May 2006, Martin Hannigan wrote: :At 12:49 PM 5/15/2006, Brian Wallingford wrote: : :cough scam_snake_oil_etc /cough : : :How so?
Re: Geo location to IP mapping
Well, I'm sure that everybodies here understand that the city databases cannot be accurate more than 50%. The way we disperse static IP on commercial accounts there is not way they can figure out where the destination is. The last best guest will be the peer router before my routers. For me the country db is good enought for basic webalizer report for the customers websites. (This way my customers dont waste queries to countries.nerd.dk on non-spam related things) Have fun... Bill Nash wrote: It works for spammers. - billn On Mon, 15 May 2006, Brian Wallingford wrote: I'm not quite comfortable with the idea of building a market audience based on data with at best dubious accuracy. On Mon, 15 May 2006, Martin Hannigan wrote: :At 12:49 PM 5/15/2006, Brian Wallingford wrote: : :cough scam_snake_oil_etc /cough : : :How so? -- Alain Hebert[EMAIL PROTECTED] PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.netfax 514-990-9443
Re: Geo location to IP mapping
IP location services are a niche service, they won't work in the broad sense of things. Sites that need to make lawyers happy, such as MLB.com will work well with IP location services. MLB.Com basically says they won't broadcast Dodger home games in the LA area on their website. (Or any team in their home market) Obviously there are ways to hide your location, but as long as the services offers reasonable results there will be demand for these services. Remember most of these IP location services were originally founded for advertisting reasons, not anti-fraud. KevinOn 5/15/06, Brian Wallingford [EMAIL PROTECTED] wrote: I'm not quite comfortable with the idea of building a market audiencebased on data with at best dubious accuracy.On Mon, 15 May 2006, Martin Hannigan wrote::At 12:49 PM 5/15/2006, Brian Wallingford wrote: ::cough scam_snake_oil_etc /cough:::How so?
Re: Geo location to IP mapping
On Mon, 15 May 2006 13:14:41 EDT, Bill Nash said: It works for spammers. Certainly explains all the Turkish spam I get, what with me being just outside Ankara and all. pgpEfHJbvAwB0.pgp Description: PGP signature
Re: Geo location to IP mapping
At 01:56 PM 5/15/2006, [EMAIL PROTECTED] wrote: On Mon, 15 May 2006 13:14:41 EDT, Bill Nash said: It works for spammers. Certainly explains all the Turkish spam I get, what with me being just outside Ankara and all. That's likely because they are attempting to do some sort of location analysis themselves and have limited data to work with. Spammers are generally not stupid. They are cheap since their ability o generate revenue is randomized based on the exploit of the day, so to speak. Targeting you with Turkish ads is probably a combination of being cheap and someone possibly stupid. Anyhow...before this thread turns into the debacle of incorrect information that the NTP one did -- Typically, an ip address is analyzed by using multiple sources of data. An attempt is made at a triangulation of sorts with both good and bad bits compared. As the good bits build the confidence factor in the triangulation rises. So you could have 2 pieces of info that do correlate, bring in the whois record, no correlation with that, and then toss it and bring something else in. Whois accuracy is not a factor here. Geo location isn't perfect, but it's not bad. I've heard of accuracy levels as high as 90% and I don't think that's too far fetched. With HostIP reporting 50% on the user survey and them being what I can demonstrate as bad, 90% isn't a stretch at all. Look at a geo use case. If there were a cyber threat level, a defcon so to speak, and the highest level is 5 and we reach this level someday, it could be prudent to build filter lists based on geo located routing table data and begin to block and log certain sources based on the threat level alone. Good geo data makes this entirely feasible. Applying this type of thinking to Internet doomsday scenarios will be key in survivability, IMHO. If you want every solution to be 100%, we're likely to be down for some factor longer than we need to be. Anyhow, back to your regularly scheduled show. :-) -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: Geo location to IP mapping
In article [EMAIL PROTECTED], Ashe Canvar [EMAIL PROTECTED] writes Thanks for all your replies. I came across http://www.hostip.info/use.html, which looks good, at least from a API/ ease of use prespective. I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. -- Roland Perry
Re: Geo location to IP mapping
At 03:56 PM 5/15/2006, Alexander Harrowell wrote: This is a frequent source of silly news stories - viz. the recent one, based on Google Trends, that Birmingham (UK) is the top city for porn searches and Brentford (UK) in the top five despite being a small suburb of London. Reason: both are the location of big isp NOCs. Since you completely ignored the security aspect, I'll address your reference to Google Trends. This is what you are probably talking about: http://www.google.com/trends?q=porn If what you are saying is true, that's some pretty bad geo-location and YMMV, but what source are you using to discount Googles numbers? Are you saying that everyone on all 3 shifts in those two large NOC's are searching for Porn on Google? Or are you saying that all their netblocks are in whois and have roles that state their blocks are located at those NOC's? If it's the latter, that would support either you being innacurtae in your assumption about the Trend, or google being wrong. I'd need more proof that Google is that far off and that it would appear as though they are simply using whois registrations for geo locating in their Trends product. I'd tend to doubt it. Anything is possible, I suppose. -M On 5/15/06, Martin Hannigan mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote: At 01:56 PM 5/15/2006, mailto:[EMAIL PROTECTED][EMAIL PROTECTED] wrote: On Mon, 15 May 2006 13:14:41 EDT, Bill Nash said: It works for spammers. Certainly explains all the Turkish spam I get, what with me being just outside Ankara and all. That's likely because they are attempting to do some sort of location analysis themselves and have limited data to work with. Spammers are generally not stupid. They are cheap since their ability o generate revenue is randomized based on the exploit of the day, so to speak. Targeting you with Turkish ads is probably a combination of being cheap and someone possibly stupid. Anyhow...before this thread turns into the debacle of incorrect information that the NTP one did -- Typically, an ip address is analyzed by using multiple sources of data. An attempt is made at a triangulation of sorts with both good and bad bits compared. As the good bits build the confidence factor in the triangulation rises. So you could have 2 pieces of info that do correlate, bring in the whois record, no correlation with that, and then toss it and bring something else in. Whois accuracy is not a factor here. Geo location isn't perfect, but it's not bad. I've heard of accuracy levels as high as 90% and I don't think that's too far fetched. With HostIP reporting 50% on the user survey and them being what I can demonstrate as bad, 90% isn't a stretch at all. Look at a geo use case. If there were a cyber threat level, a defcon so to speak, and the highest level is 5 and we reach this level someday, it could be prudent to build filter lists based on geo located routing table data and begin to block and log certain sources based on the threat level alone. Good geo data makes this entirely feasible. Applying this type of thinking to Internet doomsday scenarios will be key in survivability, IMHO. If you want every solution to be 100%, we're likely to be down for some factor longer than we need to be. Anyhow, back to your regularly scheduled show. :-) -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations mailto:[EMAIL PROTECTED][EMAIL PROTECTED] -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
AW: Geo location to IP mapping
Hostip.info is so bad... One can find the exact location of my ip in the ripe-database and the tool doesn't get it. It claimed that I'm in some sort of 100souls small town altough I'm living in a major city. And hey: I was using an ip out of a hoster's block - not a dialup or something like that. Tss -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Roland Perry Gesendet: Montag, 15. Mai 2006 22:06 An: nanog@merit.edu Betreff: Re: Geo location to IP mapping In article [EMAIL PROTECTED], Ashe Canvar [EMAIL PROTECTED] writes Thanks for all your replies. I came across http://www.hostip.info/use.html, which looks good, at least from a API/ ease of use prespective. I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. -- Roland Perry
Re: Geo location to IP mapping
The NSA was granted a patent for an IP geo-location technology based on triangulation using latency measures. We played around with a similar approach using UDP several years ago and you could triangulate to the zip code level or so. A better way I think than the current approaches being discussed. Not sure if the NSA patent is being commercialized or not though. http://news.com.com/NSA+granted+Net+location-tracking+patent/2100-7348_3-5875953.html
Re: Geo location to IP mapping
Yeap, I'm moron. You didn't know it yet? - Come on... The way we disperse static IP ain't imagination, its fact... We spread a /20 on dynamic dialup and dsl over 2 provinces and since most of the residential services is build like this you cannot get a read of where that ip user is located, unless you have also access to our customers db and authentication account db too. The best you'll get is country. Even then we have some that are LanEx'ed in europe and usa. (FYI: English is not my first language btw... so dont expect too much) David Schwartz wrote: I'm sure that everybodies here understand that the city databases cannot be accurate more than 50%. They *cannot* be? The way we disperse static IP on commercial accounts there is not way they can figure out where the destination is. The last best guest will be the peer router before my routers. For me the country db is good enought for basic webalizer report for the customers websites. (This way my customers dont waste queries to countries.nerd.dk on non-spam related things) This is a pure argument from lack of imagine. They most certainly can be. Hypothetically, consider a company that had access to sales and account databases from sites like eBay, Amazon, and the like. It extracts from this database IP/city pairs. From this, it could do much better than 50%. You are basing your conclusions on your own lack of imagination. DS -- Alain Hebert[EMAIL PROTECTED] PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.netfax 514-990-9443
Re: Geo location to IP mapping
At 05:36 PM 5/15/2006, Alain Hebert wrote: Yeap, I'm moron. You didn't know it yet? I already mentioned the NTP thread. Let's not relive it. There are some facts: 1. Geo location is a real application 2. There are multiple methods for obtaining the location (accuracy varies) 3. I wouldn't use current ip geo location to pinpoint UBL, but perhaps knowing where his post office is... 4. it's reliable enough for security applications and advertising, depending upon your method, provider, and use case I could offer more examples of improving the accuracy on a geo-asp provider level, but I think more than enough has been said about the topic to make it clear to the average reader. Take a look at the NSA patent mentioned. It's here and it's free: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1Sect2=HITOFFd=PALLp=1u=%2Fnetahtml%2FPTO%2Fsrchnum.htmr=1f=Gl=50s1=6947978.PN.OS=PN/6947978RS=PN/6947978 -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: Geo location to IP mapping
RP Date: Mon, 15 May 2006 21:05:35 +0100 RP From: Roland Perry RP I just tried that, says I'm 100 miles south of where I really am. That's RP quite a long way out in a small country like England. me too Home cable returned haven't got a clue. I tried a couple other netblocks that returned different places in Florida, Mississippi, and Illinois. Not too good when the correct answers are Kansas and California. /me too *yawn* Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
network triangulation (Re: Geo location to IP mapping)
Date: Mon, 15 May 2006 17:24:48 -0400 From: [EMAIL PROTECTED] The NSA was granted a patent for an IP geo-location technology based on triangulation using latency measures. It could probably be foiled by this patented technology: http://www.tinyurl.com/ebu6t which is equally reliable and useful. ;-) ObOp: Latency and jitter cause problems with triangulation. I find zipcode-level accuracy hard to believe for a predictive system. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Re: Geo location to IP mapping
AH Date: Mon, 15 May 2006 23:24:13 +0100 AH From: Alexander Harrowell AH [W]hen the path is [...] it won't be quite that clear. Exactly. It's a bit different than triangulating cell towers based on signal strength. Since when does the NSA patent things, anyhow? I'd think they would keep secret anything that's actually effective. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Re: Geo location to IP mapping
On May 15, 2006, at 4:36 PM, Alain Hebert wrote: Yeap, I'm moron. You didn't know it yet? - Come on... The way we disperse static IP ain't imagination, its fact... We spread a /20 on dynamic dialup and dsl over 2 provinces and since most of the residential services is build like this you cannot get a read of where that ip user is located, unless you have also access to our customers db and authentication account db too. The best you'll get is country. Even then we have some that are LanEx'ed in europe and usa. (FYI: English is not my first language btw... so dont expect too much) We use a Geo/IP location database. It's surprisingly accurate, with a few exceptions. The company we purchased the database from uses a number of sources of data, to produce something pretty accurate: 1) WHOIS records for the IP assignment 2) WHOIS records for domain in the PTR record for the IP 3) Parsing the PTR record for city names and airport codes 4) Purchasing IP/billing and shipping city,state,zip records from sites with accurate records (e-commerce and other sites that people need to enter their local info) 5) All of the above for the hop or two before the end in a traceroute 6) BGP and traceroute comparisons to determine where the boundaries are in how you've internally routed things Even if you're just allocating from a single /20, you probably have some hierarchy, and that can be picked up through routing or DNS or SWIP. Comparing the database to the IP that our customers used to make purchases we exceed 95% accuracy in identifying the country, and 75-85% in city/state. The big exception is AOL, since their IP assignments are pretty well randomized with respect to geography. Never underestimate what can be done through regular expressions and an army of people sitting at terminals in China to verify what can't be automated. :) For those of you really interested, email me privately and i'll dump what we have on record for a block or two of yours.
Re: Geo location to IP mapping
Google's available geolocation resources are much more direct: They can get the information directly from the user. Google mail users setting location information, google home page users setting weatherbug details, common location searches in google maps, or local business directory searches. Taken in connection with neighboring IPs, you can generate the correlations statistically, even going so far as being able to make a good guess at a dialup IP versus an 'always on' connection. This would be the same for MSN, Yahoo search, or any portal based search engine. Forget relying on a thousand different companies hopefully keeping accurate records, *if any* about what IP where. The user is, for once, a much better source of information. - billn On Mon, 15 May 2006, Kevin Day wrote: We use a Geo/IP location database. It's surprisingly accurate, with a few exceptions. The company we purchased the database from uses a number of sources of data, to produce something pretty accurate: 1) WHOIS records for the IP assignment 2) WHOIS records for domain in the PTR record for the IP 3) Parsing the PTR record for city names and airport codes 4) Purchasing IP/billing and shipping city,state,zip records from sites with accurate records (e-commerce and other sites that people need to enter their local info) 5) All of the above for the hop or two before the end in a traceroute 6) BGP and traceroute comparisons to determine where the boundaries are in how you've internally routed things Even if you're just allocating from a single /20, you probably have some hierarchy, and that can be picked up through routing or DNS or SWIP. Comparing the database to the IP that our customers used to make purchases we exceed 95% accuracy in identifying the country, and 75-85% in city/state. The big exception is AOL, since their IP assignments are pretty well randomized with respect to geography. Never underestimate what can be done through regular expressions and an army of people sitting at terminals in China to verify what can't be automated. :) For those of you really interested, email me privately and i'll dump what we have on record for a block or two of yours.
Re: Geo location to IP mapping
From [EMAIL PROTECTED] Mon May 15 17:42:13 2006
From: Kevin Day [EMAIL PROTECTED]
Subject: Re: Geo location to IP mapping
Date: Mon, 15 May 2006 17:40:23 -0500
We use a Geo/IP location database. It's surprisingly accurate, with a
few exceptions.
[[ sneck ]]
Comparing the database to the IP that our customers used to make
purchases we exceed 95% accuracy in identifying the country, and
75-85% in city/state. The big exception is AOL, since their IP
assignments are pretty well randomized with respect to geography.
*dynamically* randomized, no less, or so I've been told. As in: _all_ the
customer session addresses are assigned out of *one* DHCP pool.
I thought that 'unlikely', considering the mayhem on internal routing tables,
but the AOL rep was rather insistant that that _was_ the case.
They also have 'virtual' POPs, where they just backhaul ('tens if not hundreds'
of miles, in same cases) voice, rather than having any physical equipment
present.
Re: Geo location to IP mapping
Hi, (In a more precise manner) I originaly stated that below country (aka, province/state, city, zip, etc) it wont be very reliable because in my experience we spread that /20 without the hierarchy you expect. Meaning: . We have subnets on LanEx going outside the city, province/state and even country; . We concentrate compagny with 10 to 50 sites using private ip and a single internet point; . We have dynamic ip users using cable, dsl, dialup and even long-distance dialup; More?: I'm sure peoples have many more of hierarchy situation like this one. Solution: None really, short of having access the real infrastruture of the ISP. I'm sure the IP Location Industry have deals with the major ISP to get their DB more precise. But if the targeted IP is on a smaller outfit the quality of the informations will not be the same. This is why I stated that globally the state/city should be pretty low (50%). That good that you have 75% to 85% but I wasn't ignoring the AOL's in my statement. That's all. (FYI: The NTP Issue has been resolved (;-} ) Kevin Day wrote: On May 15, 2006, at 4:36 PM, Alain Hebert wrote: We use a Geo/IP location database. It's surprisingly accurate, with a few exceptions. The company we purchased the database from uses a number of sources of data, to produce something pretty accurate: 1) WHOIS records for the IP assignment 2) WHOIS records for domain in the PTR record for the IP 3) Parsing the PTR record for city names and airport codes 4) Purchasing IP/billing and shipping city,state,zip records from sites with accurate records (e-commerce and other sites that people need to enter their local info) 5) All of the above for the hop or two before the end in a traceroute 6) BGP and traceroute comparisons to determine where the boundaries are in how you've internally routed things Even if you're just allocating from a single /20, you probably have some hierarchy, and that can be picked up through routing or DNS or SWIP. Comparing the database to the IP that our customers used to make purchases we exceed 95% accuracy in identifying the country, and 75-85% in city/state. The big exception is AOL, since their IP assignments are pretty well randomized with respect to geography. Never underestimate what can be done through regular expressions and an army of people sitting at terminals in China to verify what can't be automated. :) For those of you really interested, email me privately and i'll dump what we have on record for a block or two of yours. -- Alain Hebert[EMAIL PROTECTED] PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.netfax 514-990-9443
Re: Geo location to IP mapping
I seriously doubt this would work to better than the regional area. My zip code (20124) region is about 5 km across, which would be 15 microseconds in vacuum, and maybe at most 50 micro seconds in glass. So, you would need accuracies at the 10's of microsecond level to specify zip codes. I can believe that you can measure transmission times down a fiber and achieve repeatability at the microsecond level - in fact, I remember a Michelson interferometer that they set up at JPL / Goldstone that tested the Sagnac effect in glass, which required substantially better repeatibility than that. But do you really think that you can estimate the router delay on the (for example) 9 hops between here and GMU to better than 1 millisecond each ? (That would imply a 3 millisecond rms error if these errors were random and Gaussian, or about 1000 km in vacuum, and maybe 500 km error in glass.) So, I think that this would fail by at least 2 orders of magnitude for zip codes in a real operational network. Which coast of the US, sure, but not much better than that. Regards Marshall On May 15, 2006, at 5:24 PM, [EMAIL PROTECTED] wrote: The NSA was granted a patent for an IP geo-location technology based on triangulation using latency measures. We played around with a similar approach using UDP several years ago and you could triangulate to the zip code level or so. A better way I think than the current approaches being discussed. Not sure if the NSA patent is being commercialized or not though. http://news.com.com/NSA+granted+Net+location-tracking+patent/ 2100-7348_3-5875953.html
Re: Geo location to IP mapping
On Mon, 15 May 2006 21:49:31 -0400, Marshall Eubanks [EMAIL PROTECTED] wrote: I seriously doubt this would work to better than the regional area. My zip code (20124) region is about 5 km across, which would be 15 microseconds in vacuum, and maybe at most 50 micro seconds in glass. So, you would need accuracies at the 10's of microsecond level to specify zip codes. I can believe that you can measure transmission times down a fiber and achieve repeatability at the microsecond level - in fact, I remember a Michelson interferometer that they set up at JPL / Goldstone that tested the Sagnac effect in glass, which required substantially better repeatibility than that. But do you really think that you can estimate the router delay on the (for example) 9 hops between here and GMU to better than 1 millisecond each ? (That would imply a 3 millisecond rms error if these errors were random and Gaussian, or about 1000 km in vacuum, and maybe 500 km error in glass.) So, I think that this would fail by at least 2 orders of magnitude for zip codes in a real operational network. Which coast of the US, sure, but not much better than that. I suspect you can do that; a bigger factor is the link type of the last hop. Cable modems, DSL, 802.11 -- they all have characteristic delays. The important insight is that you care about *minimum* time. You can lots of queueing delays and jitter most of the time, as long as you get one packet through unobstructed. Send enough probes and you'll make it. I did some similar work in 1992; see http://www.cs.columbia.edu/~smb/papers/netmeas.pdf for details. You couldn't repeat, today, exactly what I did then, because of the way pings are handled by modern routers, but I suspect one could find analogous schemes. To give one example of what I could tell -- and I was looking at the per-byte cost -- I was able to determine, from New Jersey, that a router outside Chicago was misconfigured; the site's backbone Ethernet should have been on the same card as the serial line (in the days of T-1 interfaces...), because copying the packet across the backplane introduced a noticeable per-byte delay. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Re: Geo location to IP mapping
On Mon, 15 May 2006, Roland Perry wrote: http://www.hostip.info/use.html, which looks good, at least from a API/ ease of use prespective. I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. 1.3ms is longer in small countries like England? -Bill
