Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Cyberspace Safety and Security

CSS 2013: Cyberspace Safety and Security pp 151–170Cite as

Geolocation and Verification of IP-Addresses with Specific Focus on IPv6

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8300)

Abstract

Geolocation, the mapping of a network entity with its geographical position is used frequently in today’s internet. New location aware applications like e-commerce, web site content and advertisements are just some examples of what has appeared since the last couple of years. Regarding network security, Geolocation also has a significant impact, since it offers possibilities for advanced network security (e.g., including sophisticated geo-based attack correlation/classification). However, determining the physical position of a network entity is challenging, as there is no inherent relationship between an IP address and its geographical location. In addition, with the introduction of IPv6, the address space is enhanced by a factor of 296 making the process far more complex in comparison to IPv4. Although numerous techniques for Geolocation are existing, each strategy is subject to certain restrictions. Therefore, this publication illustrates and evaluates different approaches of Geolocation. Furthermore, strategies to obtain additional information related to the location of IP addresses are examined. After considering procedures how to verify the achieved data and following the ideas of Endo et al., we are designing an architecture for a combination of different methods for optimized Geolocation. Finally we introduce and evaluate our Proof of Concept called geolabel, a tool capable of mapping IPv4 as well as IPv6 addresses to certain geographical locations on a country level.

Keywords

  • IP Geolocation
  • IPv6
  • prosecution of computer fraud
  • attack attribution
  • network analysis

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Internet Corporation for Assigned Names and Numbers (ICANN), Number Resources (2013), https://www.iana.org/numbers

  2. CSN interviews Frank Bobo, “You can really do that?” - the power of Geolocation technology, ClientSide News Magazine 10(6), 6–9 (November/December 2010)

    Google Scholar 

  3. Mandiant, APT1 - Exposing One of China’s Cyber Espionage Units (2013), http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

  4. Jie, C.: Ministry of National Defense, The People’s Republic of China, China has no cyber warfare troops: spokesman (2013), http://eng.mod.gov.cn/Press/2013-03/01/content_4434894.htm

  5. Lam, L.: South China Morning Post, Edward Snowden: US government has been hacking Hong Kong and China for years (2013), http://www.scmp.com/news/hong-kong/article/1259508/edward-snowden-us-government-has-been-hacking-hong-kong-and-china

  6. Endo, P., Sadok, D.: Whois based geolocation: A strategy to geolocate internet hosts. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 408–413. IEEE (2010)

    Google Scholar 

  7. Postel, J.: Internet Protocol, RFC 791 (1981)

    Google Scholar 

  8. BGPexpert.com, 2010 IPv4 Address Use Report (July 27, 2013), http://bgpexpert.com/addrspace2010.php

  9. Hagen, S.: IPv6. Grundlagen - Funktionalität - Integration, 2nd edn. Sunny Edition (2007)

    Google Scholar 

  10. Deering, S., Hinden, R.: Internet Protocol, Version 6 (IPv6), RFC 2460 (1998)

    Google Scholar 

  11. Stockebrand, B.: IPv6 in Practice: A Unixer’s Guide to the Next Generation Internet, 2007th edn. Springer (2006)

    Google Scholar 

  12. Endo, P.T., Sadok, D.F.H.: Whois Based Geolocation: a strategy to geolocate Internet Hosts, IEEE International Conference on Advanced Information Networking and Applications, Tech. Rep. (2010)

    Google Scholar 

  13. Dahnert, A.: HawkEyes: An advanced IP Geolocation approach: IP Geolocation using semantic and measurement based techniques. In: Cybersecurity Summit, Second Worldwide (WCS) (June 2011)

    Google Scholar 

  14. Eriksson, B., Barford, P., Maggs, B., Nowak, R.: Posit: An Adaptive Framework for Lightweight IP Geolocation, BU/CS, Tech. Rep. (July 2011)

    Google Scholar 

  15. Padmanabhan, V.N., Subramanian, L.: An investigation of geographic mapping techniques for internet host, ACM SIGCOMM, Tech. Rep. (2001)

    Google Scholar 

  16. Stiemert, L.: Geolokalisation - Verfahren und Methoden, Seminararbeit, Universität der Bundeswehr München, Institut für Technische Informatik (October 2011) (unpublished)

    Google Scholar 

  17. Thorvaldsen, Ø. E.: Geographical location of internet hosts using a multi-agent system, Ph.D. dissertation, Norwegian University of Science and Technology (2006)

    Google Scholar 

  18. Guo, C., Liu, Y., Shen, W., Wang, H.J., Yu, Q., Zhang, Y.: Mining the web and the internet for accurate ip address geolocations, INFOCOM, Tech. Rep. (2009)

    Google Scholar 

  19. MaxMind, Inc., MaxMind Geolocation Service (August 19, 2013), http://www.maxmind.com

  20. Quova, Inc., Quova’s geolocation services (August 19, 2013), http://www.quova.com/

  21. Huffaker, B., Fomenkov, M., Claffy, K.: Geocompare: a comparison of public and commercial geolocation databases, Network Mapping and Measurement Conference (NMMC), Tech. Rep. (May 2011)

    Google Scholar 

  22. Poese, I., Kaafar, M.A., Donnet, B., Gueye, B., Uhlig, S.: IP Geolocation Databases: Unreliable? Deutsche Telekom Lab./TU Berlin, Germany, Tech. Rep. (March 2011)

    Google Scholar 

  23. Shavitt, Y., Zilberman, N.: A Study of Geolocation Databases, School of Electrical Engineering, Tech. Rep. (July 2010)

    Google Scholar 

  24. Laki, S., Mátray, P., Hága, P., Sebók, T., Csabai, I., Vattay, G.: Spotter: A Model Based Active Geolocation Service, IEEE INFOCOM, Tech. Rep. (2011)

    Google Scholar 

  25. Laki, S., Mátray, P., Hága, P., Csabai, I., Vattay, G.: A model based approach for improving router geolocation. Computer Networks 54, 1490–1501 (2010)

    CrossRef  Google Scholar 

  26. Siwpersad, S.S., Gueye, B., Uhlig, S.: Assessing the geographic resolution of exhaustive tabulation for geolocating internet hosts. In: Claypool, M., Uhlig, S. (eds.) PAM 2008. LNCS, vol. 4979, pp. 11–20. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  27. Daigle, L.: WHOIS Protocol Specification, RFC 3912 (September 2004)

    Google Scholar 

  28. Moore, D., Periakaruppan, R., Donohoe, J., Claffy, K.: Where in the world is netgeo.caida.org? INET, Tech. Rep. (2000)

    Google Scholar 

  29. Mockapetris, P.: Domain Names - Concepts and Facilities, RFC 1034 (1987)

    Google Scholar 

  30. Internet Assigned Numbers Authority (IANA), IANA (March 1, 2013), http://www.iana.org/

  31. Davis, C., Vixie, P., Goodwin, T., Dickinson, A.: A means for expressing location information in the domain name system, RFC 1876 (1996)

    Google Scholar 

  32. Wang, Y., Burgener, D., Flores, M., Kuzmanovic, A., Huang, C.: Towards Street-Level Client-Independent IP Geolocation, USENIX, Tech. Rep. (März 2011)

    Google Scholar 

  33. Coppens, J., Markatos, E.P., Novotny, J., Polychronakis, M., Smotlacha, V., Ubik, S.: SCAMPI - a scaleable monitoring platform for the Internet. In: Proceedings of the 2nd International Workshop on Inter-Domain Performance and Simulation, IPS 2004 (March 2004)

    Google Scholar 

  34. Padmanabhan, V., Subramanian, L.: An investigation of geographic mapping techniques for internet hosts. In: ACM SIGCOMM Computer Communication Review, vol. 31, pp. 173–185. ACM (2001)

    Google Scholar 

  35. Ziviani, A., Fdida, S., de Rezende, J., Duarte, O.: Improving the accuracy of measurement-based geographic location of internet hosts. Computer Networks 47(4), 503–523 (2005)

    CrossRef  Google Scholar 

  36. Gueye, M.C.B., Ziviani, A., Fdida, S.: Constraint-based geolocation of internet hosts, IEEE/ACM Transactions on Networking, Tech. Rep. (2004)

    Google Scholar 

  37. Gueye, B., Ziviani, A., Crovella, M., Fdida, S.: Constraint-based geolocation of internet hosts. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp. 288–293. ACM (2004)

    Google Scholar 

  38. Gueye, B., Uhlig, S., Ziviani, A., Fdida, S.: Leveraging buffering delay estimation for geolocation of internet hosts. In: Boavida, F., Plagemann, T., Stiller, B., Westphal, C., Monteiro, E. (eds.) NETWORKING 2006. LNCS, vol. 3976, pp. 319–330. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  39. Laki, S., Mátray, P., Hága, P., Sebok, T., Csabai, I., Vattay, G.: Spotter: A model based active geolocation service. In: 2011 Proceedings of the IEEE INFOCOM, pp. 3173–3181. IEEE (2011)

    Google Scholar 

  40. Wong, B., Stoyanov, I., Sirer, E.: Octant: A comprehensive framework for the geolocalization of internet hosts. In: Proceedings of the NSDI, vol. 7 (2007)

    Google Scholar 

  41. Trostle, J., Matsuoka, H., Tariq, M.M.B., Kempf, J., Kawahara, T., Jain, R.: Cryptographically protected prefixes for location privacy in ipv6. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 142–166. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  42. Heuse, M.: Recent advances in IPv6 insecurities, 27th Chaos Communication Congress (27c3) (December 2010)

    Google Scholar 

  43. Moore, D., Periakaruppan, R., Donohoe, J., Claffy, K.: Where in the world is netgeo. caida. org. INET (2000)

    Google Scholar 

  44. Cooperative Association for Internet Data Analysis. NetGeo, http://www.caida.org/tools/utilities/netgeo/

  45. Koch, R., Golling, M., Rodosek, G.D.: Advanced Geolocation of IP Addresses. In: International Conference on Communication and Network Security (ICCNS), pp. 1–10 (2013)

    Google Scholar 

  46. Jgsoft Associates. IP2Geo: Frequently Asked Questions, How accurate is IP-Country-Region-City-ISP database? (2013), http://www.ip2geo.net/ip2location/ip-country-region-city-isp-faq.html

  47. Wong, B., Stoyanov, I., Sirer, E.G.: Geolocalization on the internet through constraint satisfaction. In: Proceedings of the 3rd Conference on USENIX Workshop on Real, Large Distributed Systems, p. 1 (2006)

    Google Scholar 

  48. Guo, C., Liu, Y., Shen, W., Wang, H.J., Yu, Q., Zhang, Y.: Mining the web and the internet for accurate ip address geolocations. In: IEEE INFOCOM 2009, pp. 2841–2845. IEEE (2009)

    Google Scholar 

  49. Gueye, B., Uhlig, S., Fdida, S.: Investigating the Imprecision of IP Block-Based Geolocation. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 237–240. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  50. Zander, S.: How Accurate is IP Geolocation Based on IP Allocation Data? Centre for Advanced Internet Architectures (CAIA), Tech. Rep. (May 2012)

    Google Scholar 

  51. HostIP, My IP Address Lookup and GeoTargeting Community Geotarget IP Project (July 29, 2013), http://www.hostip.info

  52. IP2Location (July 29, 2013), http://www.ip2location.com/

  53. IPInfoDB (July 28, 2013), http://ipinfodb.com/

  54. IPInfoDB. IPInfoDB - Free IP Address Geolocation Tools (September 09, 2013), http://ipinfodb.com/

  55. Srinivasan, K., Venkatasubramanian, K.: Geography of the web - Design and Analysis of Algorithm, CSE 450/598, Arizona State University, Tech. Rep. (2003)

    Google Scholar 

  56. Huffaker, B., Fomenkov, M., Claffy, K.: Geocompare: a comparison of public and commercial geolocation databases. Technical Report, network, Mapping and Measurement Conference (NMMC) (May 2011)

    Google Scholar 

  57. Poese, I., Kaafar, M.A., Donnet, B., Gueye, B., Uhlig, S.: Ip geolocation databases: Unreliable? Deutsche Telekom Lab./TU Berlin, Technical Report (March 2011)

    Google Scholar 

  58. Siwpersad, S.S., Gueye, B., Uhlig, S.: Assessing the geographic resolution of exhaustive tabulation for geolocating internet hosts. In: Claypool, M., Uhlig, S. (eds.) PAM 2008. LNCS, vol. 4979, pp. 11–20. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  59. Shavitt, Y., Zilberman, N.: A study of geolocation databases, School of Electrical Engineering, Technical Report (July 2010)

    Google Scholar 

  60. Freedman, N.F.M.J., Vutukuru, M., Balakrishnan, H.: Geographic Locality of IP Prefixes, Internet Measurement Conference (IMC), Tech. Rep. (2005)

    Google Scholar 

  61. Stiemert, L.: Localisation and Advanced Evaluation of IP-Addresses with Focus on IPv6, Master’s thesis, Institut für Technische Informatik, Universität der Bundeswehr München, Germany (2013), https://www.unibw.de/inf3/forschung/dreo/publikationen/ba-und-ma/2013_Stiemert-Geolocation.pdf

  62. The Cooperative Association for Internet Data Analysis (CAIDA), Cooperative Association for Internet Data Analysis (March 01, 2013), http://www.caida.org/

  63. RIPE Network Coordination Centre (RIPE NCC), Test Traffic Measurement Service (June 27, 2013), https://www.ripe.net/data-tools/stats/ttm/test-traffic-measurement-service/

  64. Gummadi, K.P., Saroiu, S., Gribble, S.D.: King: Estimating Latency between Arbitrary Internet End Hosts. ACM IMW, Tech. Rep. (November 2002)

    Google Scholar 

  65. Leonard, D., Loguinov, D.: Turbo King: Framework for Large-Scale Internet Delay Measurements. INFOCOM, Tech. Rep. (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science, Universität der Bundeswehr München, D-85577, Neubiberg, Germany

    Robert Koch, Mario Golling & Gabi Dreo Rodosek

Authors
  1. Robert Koch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mario Golling
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gabi Dreo Rodosek
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Science and Engineering, Central South University, 410083, Changsha, Hunan, P.R. China

    Guojun Wang

  2. Computer Science Department, Colorado State University, 1873 Campus Delivery, 80523-1873, Fort Collins, CO, USA

    Indrakshi Ray

  3. Chinese Academy of Sciences, Institute of Software, 100190, Beijing, P.R. China

    Dengguo Feng

  4. information Security Group, City University London, EC1V 0HB, London, UK

    Muttukrishnan Rajarajan

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Koch, R., Golling, M., Rodosek, G.D. (2013). Geolocation and Verification of IP-Addresses with Specific Focus on IPv6. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds) Cyberspace Safety and Security. CSS 2013. Lecture Notes in Computer Science, vol 8300. Springer, Cham. https://doi.org/10.1007/978-3-319-03584-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03584-0_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03583-3

  • Online ISBN: 978-3-319-03584-0

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation