Geolocation by IP Address
As previously mentioned, the NetGeo database slowly is becoming more inaccurate as IP address blocks change hands in company close-outs and absorptions. Several other tools are available for determining location, however. A description of the NetGeo infrastructure itself (see Resources) presents some of the methods it employed for mapping IP addresses and can be a source of guidance for future projects.
One of the most useful geolocation resources is DNS LOC information, but it is difficult to enforce across the Internet infrastructure. RFC 1876 is the standard that outlines "A Means for Expressing Location Information in the Domain Name System." Specifically, this is done by placing the location information of a server on the DNS registration page. Several popular servers have employed this standard but not enough to be directly useful as of yet.
To check the LOC DNS information of a server, you need to get the LOC type of the host:
-- $ host -t LOC yahoo.com yahoo.com LOC 37 23 30.900 N 121 59 19.000 W 7.00m 100m 100m 2m --
This parses out to 37 degrees 23' 30.900'' North Latitude by 121 degrees 59' 19.000'' West Longitude at 7 meters in altitude, with an approximate size of 100 meters at 100 meters horizontal precision and 2 meters vertical precision. There are several benefits to servers that offer their geographic location in this way. First, if you are connecting from a server that shows its DNS LOC information, determining your geolocation is simple, and applications may use this information without further work, although some verification may be useful. Second, if you are connecting on your second or third bounce through a server that has DNS LOC information, it may be possible to make an estimate of your location based on traffic and ping times. However, it should be obvious that these estimates greatly degrade accuracy.
It also is possible to put the DNS LOC information for your Web site in its registration (see Resources). If more servers come to use LOC information, geolocation accuracy will be much easier to attain.
host is a DNS lookup utility that allows users to find out various pieces of information about a host. The simplest use is doing hostname to IP address lookups and the reverse. The reverse, dotted-decimal IPv4 notation, is used for this, and the actual server that hosts the canonical name is returned. The type flag, -t, can be used to obtain specific information from the host record from the name server.
Many users hopping onto the Internet probably aren't coming from a major server. In fact, most users don't have a static IP address. Dial-up, cable modems and cell phone connections are assigned a dynamic IP address that may change multiple times in one day or not at all for several weeks. Therefore, it becomes difficult to tie these dynamic addresses to a single location.
To our rescue, these service providers typically provide an internal naming scheme for assigning IP addresses and associating names with these addresses. Typically, the canonical name of an IP address contains the country-code top-level domain (ccTLDs) in a suffix. CN is China, FR is France, RO is Romania and so on. Furthermore, the name even may contain the city or region in which the IP address is located. Often, however, this information is shortened to some name that requires a heuristic to determine. For example, in your service or application, a user may appear to be coming from d14-69-1-64.try.wideopenwest.com. A whois at this address reveals it is a WideOpenWest account from Michigan. Using some logic, it is possible to deduce that this user is connecting through a server located in Troy, MI, hence the .try. in the canonical name.
Some projects have been started to decipher these addresses (see Resources), and you also can get all of the country codes and associated cities and regions of a country from the IANA Root-Zone Whois Information or the US Geospatial Intelligence Agency, which hosts the GEOnet Names Server (GNS). The GNS has freely available data files on almost all world countries, regions, states and cities, including their sizes, geographic locations and abbreviations, as well as other information.
Information such as that presented on the GNS also can be used to provide users with utilities and services specific to their geographical locations. For example, it is possible to determine a user's local currency, time zone and language. Time zone is especially useful for members of a community or chat group to determine when another friend may be available and on-line.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|diff -u: What's New in Kernel Development||Aug 20, 2014|
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
- diff -u: What's New in Kernel Development
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- New Products
- Tech Tip: Really Simple HTTP Server with Python
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Monitoring Android Traffic with Wireshark
- Returning Values from Bash Functions
- RSS Feeds
- Raspberry Pi: the Perfect Home Server