Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] ip-geolocation
From: galaxywatcher () gmail com
Date: Sat, 11 Jun 2011 00:27:25 -0400

Please find attached the ip-geolocation script. I've implemented IP
geolocation lookups on 4 web services(Geoplugin, IPInfoDB, Geobytes
and Quova) and a query against a Maxmind database based on the API
from Maxmind.
Host script results:
| ip-geolocation:
| (scanme.nmap.org)
|   Geoplugin
|     coordinates (lat,lon): 39.4208984375,-74.497703552246
|     state: New Jersey, United States
|   IPInfoDB
|     coordinates (lat,lon): 37.5384,-121.99
|   Geobytes
|     coordinates (lat,lon): 43.667,-79.417
|     city: Toronto, Ontario, Canada
|   Quova
|     coordinates (lat,lon): 37.56699,-121.98266
|     city: fremont, california, united states
|   Maxmind database
|     coordinates (lat,lon): 39.4899,-74.4773
|_    city: Absecon, Philadelphia, PA, United States

Very impressive work. I found the violent disagreement of the locations in your sample somewhat amusing. 
scanme.nmap.org looks like it can be in the four corners of North America concurrently. Your script sheds a light on 
the discrepancies among the various databases and the fact that ip-geolocation is far from a perfected science. That 
being said, Fremont appeared twice among the five providers and I believe Fremont is the Linode datacenter hosting 
scanme based on the following research:

$ lft scanme.nmap.org
Tracing ..........*.**.T
TTL LFT trace to li86-221.members.linode.com (
 1 3.7ms
 2  cpe-67-247-x-x.nyc.res.rr.com (67.247.1x-x) 9.6ms
 3  gig-0-3-0-20-nycmnyg-rtr1.nyc.rr.com ( 9.6ms
 4  pos-13-0-nycmnya-rtr1.nyc.rr.com ( 21.7ms
 5  cpe-24-29-148-66.nyc.res.rr.com ( 18.7ms
**  [neglected] no reply packets received from TTLs 6 through 7
 8  nyk-b5-link.telia.net ( 12.4ms
 9  nyk-bb1-link.telia.net ( 12.9ms
10  sjo-bb1-link.telia.net ( 90.6ms
11  hurricane-113209-sjo-bb1.c.telia.net ( 87.4ms
12  10gigabitethernet1-2.core1.fmt1.he.net ( 91.7ms
13  linode-llc.10gigabitethernet2-3.core1.fmt1.he.net ( 88.9ms
14  [target open] li86-221.members.linode.com ( 85.5ms

The trace goes to Fremont from New York. And:
Linode has facilities in Fremont, CA
London, GB, UK
Newark, NJ, USA
Atlanta, GA, USA
Dallas, TX, USA
Fremont, CA, USA

Now if only we could automate that research and weigh the responses accordingly....
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]