Internet Geolocation - University of Wisconsin
Download
Report
Transcript Internet Geolocation - University of Wisconsin
Internet Geolocation
By Brandon Koontz
1
Outline
What is Internet Geolocation?
How is it useful?
Traditional Location System
IP Address Overview
Geolocation Techniques
Evasion Methods
2
What is Internet Geolocation?
Process of finding the geographical location of device
that is connected to the internet.
3
How is it used?
Content Delivery
◦ Hulu, BBC TV, Netflix
Marketing
Web Search
◦ Google, Microsoft
Social Networks
◦ Foursquare, Gowalla
Website Redirection
4
Traditional Location System
Public Switched Telephone Network
(PSTN)
◦ Used for landline phones
◦ Circuit-switched
◦ Relatively static database with phone numbers
and addresses
◦ Locations
911 service
Caller-ID
1-800 numbers
5
Problem for the PSTN
Mobile Devices
◦ Phone number and associated address
remains unchanged but physical location
changes
Solution
◦ Regulation by FCC and E911
6
E911
Wireless service provider delivers the
latitude, longitude, uncertainty, and must
have accuracy of 300 meters for 95% of
calls
Cell Tower 3
Mobile Device
Cell Tower 1
Cell Tower 2
7
Background Information
Internet Protocol (IP) Address
◦ Globally unique number
◦ Every Internet connected device has one
◦ Different types:
IPv4 32 bits (232) approx 4 Billion
Example: 173.20.133.90
IPv6 128 bits (2128) approx 340 Undecillion
Example:
3ffe:1900:4545:3:200:f8ff:fe21:67cf
8
IP Address
Public facing
What the servers on the internet see
Not Address that is given to each device
behind a router.
9
IP Address cont.
Internet Assigned Numbers Authority
(IANA)
◦ Operated by Internet Corporation for
Assigned Names and Numbers (ICANN)
◦ Globally responsible for allocating blocks of IP
addresses
Size a block of addresses
127.0.0.0/8 includes 127.0.0.0-127.255.255.255
10
Regional Internet Registries (RIRs)
Like IANA but for specific regions
Receive IP Address blocks from IANA
Distribute smaller blocks of IP Addresses
◦ Internet Service Providers (ISP)
◦ Enterprises
◦ Academic Institutions
11
Regional Internet Registries (RIRs)
http://www.ripe.net
12
Internet Geolocation Techniques
Whois lookups
Domain Name Service Queries
Geolocation Services provided by
Companies
13
Whois Protocol
Public databases provided by the RIR’s
and IANA
Accepts
◦ IP Address
◦ Autonomous System (AS) Routing Number
◦ Domain Name
Returns who and where the information
was registered
14
Whois Databases
Official Databases
Regional Databases
International Database
whois.arin.net
whois.afrinic.net
whois.apnic.net
whois.lacnic.net
whois.ripe.net
whois.iana.org
Third Party Databases
15
Test Information
Current Location
◦ Dubuque, Iowa, United States
IP Address
◦ 173.20.133.90
Internet Service Provider (ISP)
◦ Mediacom Communications Corp
Autonomous System (AS) number
◦ AS6478
Unix command-line application “whois”
16
Whois with IP Address
Command
◦ whois 173.20.133.90
Results
◦ NetRange: 173.16.0.0 - 173.31.255.255
◦ OrgName: Mediacom Communications Corp
◦ Country: US
17
Whois with IP Address cont.
Result
◦ Found a referral to
rwhois.mediacomcc.com:4321.
Shows the next whois database that can
be queried
18
Whois with IP Address
Looking closer
Results
◦ network:Network-Name:MEDIACOMCC-173-20128-0-Dubuque-IA
◦ network:IP-Network:173.20.128.0/21
◦ network:IP-Network-Block:173.20.128.1 173.20.135.254
◦ network:Organization;I:Mediacom Communications
Corp
◦ network:Tech-Contact;I:Atli, Serhat
◦ network:Admin-Contact;I:Selvage, Joe
19
Whois with IP Address - Alternative
Command
◦ whois –h rwhois.mediacomcc.com
173.20.133.90
Results
◦ network:Network-Name:MEDIACOMCC-173-20-128-0Dubuque-IA
◦ network:IP-Network:173.20.128.0/21
◦ network:IP-Network-Block:173.20.128.1 - 173.20.135.254
◦ network:Organization;I:Mediacom Communications Corp
◦ network:Tech-Contact;I:Atli, Serhat
◦ network:Admin-Contact;I:Selvage, Joe
20
Autonomous System (AS)
16 bit integers
Used by routing protocols
◦ Interior Gateway Protocol (IGP)
◦ Border Gateway Protocol (BGP)
Blocks of AS numbers are given to RIR’s
RIR’s assign them to blocks of IP
Addresses
21
Whois with AS number
Finding AS number from IP Address
◦ whois –h riswhois.ripe.net
173.20.133.90
◦ Should be under origin
◦ “origin:
AS6478”
◦ AS6478 is the AS number for this IP Address
22
Whois with AS number
Command
◦ whois AS6478
Results
◦
◦
◦
◦
◦
◦
ASNumber:
RegDate:
OrgName:
City:
StateProv:
Country:
6478
1996-04-26
AT&T Services, Inc.
MIDDLETOWN
NJ
US
23
Whois with AS number
Results are correct for
◦ Country
Incorrect for
◦ City
◦ State
IP Addresses are rarely located where the
AS number was registered
24
Example of Incorrect Geolocation
with AS Number
Command
◦ whois AS1239
Result
◦
◦
◦
◦
OrgName:
City:
StateProv:
Country:
Sprint
Reston
VA
US
Reston’s population is under 100,000
But not all IP Addresses are in Reston
25
Domain Name
Easier for humans to remember a series
of letters than a series of digits
Domain Name Servers (DNS) translates
domain name to IP Address
26
Domain Name
Finding IP Address from domain name
Example uwplatt.edu
◦ Using Unix command dig uwplatt.edu
dig is used to query DNS name servers
◦ Returns
;; ANSWER SECTION:
uwplatt.edu. 753 IN A 137.104.129.136
27
Whois with Domain Name
Command
◦ whois uwplatt.edu
Result
◦ Registrant:
University of Wisconsin - Platteville
Office of Information Technolgy
1 University Plaza
Platteville, WI 53818
UNITED STATES
28
Whois with Domain Name
Results are correct for
◦ Country
◦ State
◦ City
Good for Institutions
◦ .EDU
29
Domain Name – Geographic Codes
Found in some domains
Google search “site:.ca”
◦ Returns sites with the .ca domain
◦ ca – Top level domain for Canada
Sub domains may also exist
◦ ab.ca - Alberta, Canada
◦ calgary.ab.ca - Calgary, Alberta, Canada
30
Domain Name – Geographic Codes
May not always be accurate
Example .tv domain
◦ Tuvalu
◦ Small island group by Australia and Hawaii
◦ Used by many media sites
TWiT.tv
justin.tv
31
Third Party Services
IP2Location
MaxMind
Google Location Service
Many cost money
◦ Mainly for large companies
Not worth while for small companies
32
Google Location Service
Uses different techniques for different
scenarios
◦
◦
◦
◦
Cell Tower Triangulation
Detected Wifi hotspots
GPS (If available)
IP Address location
33
W3C Geolocation API
HTML5
Most newer browsers
Accessible by JavaScript
Uses Google’s Location Services
Separates the geolocation technique from
geographic location data
GeoSample.html
34
Geolocation Privacy
35
Two PC’s – Same Network
Hardwired PC
Wireless PC
36
Evasion Techniques
Proxy
◦ Can be web based or application based
◦ Free or paid versions
◦ Proxy server located at a known location
Tor Project
◦ Application based
◦ Free
◦ Like a proxy but server changes
37
Tor Project
https://www.torproject.org/about/overview.html.en
38
Tor Project – Tor Browser
No installation needed
Includes
◦ Tor client
◦ Vidalia – gui for Tor client
◦ Firefox Portable
JavaScript is off by default
Geolocation is off
39
Tor Browser
40
Conclusion
What is Internet Geolocation?
How is it useful?
IP Address Overview
Geolocation Techniques
Evasion Methods
41
http://www.agent-x.com.au/comic/to-the-batcave/
42
Questions?
43
References
[1]Acton, R., Friess, N., & Aycock, J. (2007). Inverse geolocation: Worms
with a sense of direction. Performance, Computing, and
Communications Conference, 2007. IPCCC 2007. IEEE International,
487-493.
[2] Barnes, R., Winterbottom, J., & Dawson, M. (2011). Internet geolocation
and location-based services. Communications Magazine, IEEE, 49(4),
102-108.
[3] Google Location Service Retrieved from
http://static.googleusercontent.com/external_content/untrusted_dlc
p/www.google.com/en/us/intl/zhCN/events/facultysummit/2010/files/
mobile_location.pdf
[4] Internet Corporation for Assigned Names and Numbers: Retrieved
from http://www.iana.org
[5] Muir, J. A., & Oorschot, P. C.V. (2009). Internet geolocation: Evasion and
counterevasion. ACM Comput.Surv., 42(1), 4:1-4:23.
[6] Thorvaldsen, Ø. E. (2006). Geographical location of internet hosts using
a multi-agent system.
[7] Tor Project: Retrieved from https://www.torproject.org/
44