Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] ip-geolocation
From: galaxywatcher () gmail com
Date: Sat, 11 Jun 2011 00:27:25 -0400

Please find attached the ip-geolocation script. I've implemented IP
geolocation lookups on 4 web services(Geoplugin, IPInfoDB, Geobytes
and Quova) and a query against a Maxmind database based on the API
from Maxmind.
[snip]
Host script results:
| ip-geolocation:
| 74.207.244.221 (scanme.nmap.org)
|   Geoplugin
|     coordinates (lat,lon): 39.4208984375,-74.497703552246
|     state: New Jersey, United States
|   IPInfoDB
|     coordinates (lat,lon): 37.5384,-121.99
|     city: FREMONT, CALIFORNIA, UNITED STATES
|   Geobytes
|     coordinates (lat,lon): 43.667,-79.417
|     city: Toronto, Ontario, Canada
|   Quova
|     coordinates (lat,lon): 37.56699,-121.98266
|     city: fremont, california, united states
|   Maxmind database
|     coordinates (lat,lon): 39.4899,-74.4773
|_    city: Absecon, Philadelphia, PA, United States


Very impressive work. I found the violent disagreement of the locations in your sample somewhat amusing. 
scanme.nmap.org looks like it can be in the four corners of North America concurrently. Your script sheds a light on 
the discrepancies among the various databases and the fact that ip-geolocation is far from a perfected science. That 
being said, Fremont appeared twice among the five providers and I believe Fremont is the Linode datacenter hosting 
scanme based on the following research:

$ lft scanme.nmap.org
Tracing ..........*.**.T
TTL LFT trace to li86-221.members.linode.com (74.207.244.221):80/tcp
 1  192.168.1.1 3.7ms
 2  cpe-67-247-x-x.nyc.res.rr.com (67.247.1x-x) 9.6ms
 3  gig-0-3-0-20-nycmnyg-rtr1.nyc.rr.com (24.168.136.241) 9.6ms
 4  pos-13-0-nycmnya-rtr1.nyc.rr.com (24.29.98.5) 21.7ms
 5  cpe-24-29-148-66.nyc.res.rr.com (24.29.148.66) 18.7ms
**  [neglected] no reply packets received from TTLs 6 through 7
 8  nyk-b5-link.telia.net (213.248.77.177) 12.4ms
 9  nyk-bb1-link.telia.net (80.91.248.149) 12.9ms
10  sjo-bb1-link.telia.net (213.155.130.129) 90.6ms
11  hurricane-113209-sjo-bb1.c.telia.net (213.248.86.54) 87.4ms
12  10gigabitethernet1-2.core1.fmt1.he.net (66.160.158.241) 91.7ms
13  linode-llc.10gigabitethernet2-3.core1.fmt1.he.net (64.62.250.6) 88.9ms
14  [target open] li86-221.members.linode.com (74.207.244.221):80 85.5ms

The trace goes to Fremont from New York. And:
Linode has facilities in Fremont, CA
http://www.linode.com/why.cfm
London, GB, UK
Newark, NJ, USA
Atlanta, GA, USA
Dallas, TX, USA
Fremont, CA, USA

Now if only we could automate that research and weigh the responses accordingly....
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]