I always loved this subject. In movies they are all so cool about it. It’s all like:
Sir, his ip is 123.123.123.123.
Go ahead triangulate it so we can nail him.
Sir, we have got him, he is in bla bla bla
Last night a buddy of mine asked me if it was possible to geolocate an IP address, he was interested for fun where the hell his “viagra” spammer lived. So triggered by his question I started investigating the possible methods and resoures to geolocate an IP address and at the same time find out how realistic hollywood is in it’s movies.
First of all let’s start with my conclusion. YES it is possible AND it is NOT possible. When performing geolocation of an ip address you basically have 2 questions you need to answer:
- What are my resources?
- How much time do I have?
Depending on how you answer the above questions you will be able to indeed pinpoint the geolocation of an IP address or no you will only be able to pinpoint the router that handles the IP address which in some cases means differences in distance up to 5Km and more.
Depending on the resources you can use open sources only or you can ask companies to help out, buy landmarks which are close to the target IP address(based on a traceroute) and use RTT(round-trip-time) to measure the distance. So if we assume you have a lot of resources then YES you can pinpoint the location of an IP address pretty accurate.
All those resources are nice but if you don’t have the time to use them…well then you still can’t pinpoint the exact location of the IP address. So in a scenario where every minute counts you can NOT pinpoint the exact location of an IP address.
So how does this pinpointing work? Let’s start with the coolest things I found.
TULIP in action
It uses a variaty of methods and locations to measure a lot of different data to aid you in the process of geolocating an IP address. I still haven’t figured out completly how to use it and it seemed a bit buggy on my system. Nonetheless you can gather a lot of data from it which might aid in poinpointing the location a little but more accurate.
Another similar one is OCTANT
octant in action
If you want to know how they work exactly I recommend browsing around on their sites. So what other options do we have to locate the geolocation of an IP address? Instead of summarizing all the options myself I found a nice site which gives a nice summary.
http://www.private.org.il/IP2geo.html and for the lazy ones click here.
The above site gives a nice summary of other information you can use to aid in the finding of the geolocation of an IP address. I could keep going on with giving some sites which perform geolocation but let’s be honost anyone can fireup his/her favorite search engine and search for them. So here are just a few of the most interesting sites I stumbled upon while investigating this.
- http://www.ip-adress.com/ipaddressdistance/
- http://www.unixwiz.net/rpat/
- http://www.net.t-labs.tu-berlin.de/teaching/ss07/IM_seminar/aa_b1.pdf
- http://homeland.maine.edu/Connolly.pdf
- http://www.caida.org/tools/visualization/gtrace/
- http://www.maxmind.com/app/geolitecity
- http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.13.7348
- http://www.cs.rice.edu/~eugeneng/research/gnp/
There are more website to perform IP lookups like the traditional whois website and visualtraceroute but as I said before I am not going to name them all and it all depends on how accurate you want your result to be.
So what are my final thoughts on this? I think it is very much possible to locate an IP address like in the movies, however I also think that it’s NOT possible to perform the lookup in the same amount of time as it’s always performed in movies. If you have enough resources and enough time and locations to use in your triangulation you can pinpoint the location pretty accurate. It’s also true that sometimes the most obvious things are forgotten most of my research concentrated on using RTT and triangulation to measure distances to be able to pinpoint the location. It was just one of the most interesting techniques I found butsometimes a simple browser connecting to the IP address will also tell you where it is located. So if you need to find the geolocation of an IP address make sure you use all the information availible.
I learned a lot from this little research and I hope it will help other people in their quest to find the geolocation of an IP address.
DiabloHorn 
I agree with everything you posted in this entry, I’m a loyal follower so please keep updating so frequently!
I used to use NEOtrace to get the bastards street name, Xref that w/ map software, White Pages that addy and call. Fuckin shakes ppl up. The good old days…..
Like I said in the article it depends. If you take a look at the projects that I linked you can see that if you have enough landmarks it would be possible to pin point it’s location. Detecting which clients are connected to a certain isp is only possible by requesting the information and seeing if they want to give it out.
Social Engineering might also work…just make sure you do not break any local laws.
nice article, very thorough however when i search up an ip number it just get me to the isp location, is there a way to locate the PC thats connected to the isp?
nice stuff bro, keep doin it ;)