21

There were many ways to detect the user's IP, for instance we could get it through a single click link or through any other medium of communication where we could get the user's IP.

But the tedious part is finding the real geo-location of the IP address.

Whenever I check I am able to only retrieve the information that is associated with where the ISP is located and not the exact location of the computer with that IP address.

Some options I looked over for detecting location were:

  • If it's a public IP, we could trace it, or further explore with maltego

  • Some IP's were publicly listed with Google map records with exact physical location

Is there any way to determine the real address through the IP other than the ISP's address?

schroeder
  • 123,438
  • 55
  • 284
  • 319
BlueBerry - Vignesh4303
  • 5,107
  • 13
  • 34
  • 63
  • 3
    This question is assuming that IP's are in any way related to their geographic location. – schroeder Dec 24 '15 at 05:00
  • Even ISP lookup can be wrong. See http://security.stackexchange.com/a/104341/10885. What problem are you trying to solve? – Neil Smithline Dec 24 '15 at 05:04
  • @NeilSmithline instead of ip address of isp ,is it there any way to trace the exact geolocation of the victim/sender? – BlueBerry - Vignesh4303 Dec 24 '15 at 05:09
  • 6
    simple answer: no – schroeder Dec 24 '15 at 05:10
  • @schroeder ,so everytime we need to ask isp provider about the real ip address location :( – BlueBerry - Vignesh4303 Dec 24 '15 at 05:11
  • 1
    How would the ISP know? – schroeder Dec 24 '15 at 05:14
  • 3
    Even that isn't guaranteed. A properly configured Tor browser will obscure location to everyone with the *possible* exception of the NSA. There are VPN's that (claim that they) don't keep logs. – Neil Smithline Dec 24 '15 at 05:15
  • I'm confused about what you're trying to accomplish. Perhaps there's another way. – Neil Smithline Dec 24 '15 at 05:16
  • even the internet IP databases are just an approximation. there is no way to be sure about the location of a IP address – JOW Dec 24 '15 at 05:37
  • 1
    Could you *ask* the user? – Prinsig Dec 24 '15 at 11:27
  • Please tell us more about your setting. What are you doing? Are you writing a PC application? Or is this a WWW context? Are you asking for a server-side or client-side process? That first sentence "*we could get it through a single click link or through any other medium of communication where we could get the user's IP.*" confuses me. – Bergi Dec 24 '15 at 11:49
  • @Bergi the model/setting is like let's say i send a link ,once u click over it i can get the ip address you,Now if i search the ip address i get only isp location,i need to trace out whats the real geolocation of u :) – BlueBerry - Vignesh4303 Dec 24 '15 at 12:06
  • @BlueBerry-Vignesh4303: You mean send by email, or similar? OK, yes, then you've got the IP of the client who requests that webpage. But what do you need the user location for actually? – Bergi Dec 24 '15 at 12:09
  • @Bergi sir, during pentesting activities we used to gather lot of information from the victim,its one of the part to collect the user location which will help us in many activities – BlueBerry - Vignesh4303 Dec 24 '15 at 12:25

1 Answers1

13

Geo-ip location accuracy varies wildly from country to country and from provider to provider. Some smaller countries have very accurate internal mappings of IP's to postal addresses but this type of data is generally not available to the public.

Note: Different Geo-IP address databases may also have different location data for the same IP address so you may also want to double-check the quality of your source data.

Alternative ways to gain more accurate information:

Methods people/organizations use to get more accurate geo-ip information include the following:

1.) HTML5 Geolocation especially if the remote device is a mobile device with GPS or GPS like triangulation features this may give you much more accurate info than the Geo-IP address. If the device does not use GPS it may alternatively leverage the local wireless SSID information and compare that other datasets to determine it's physical location, Google and Skyhook wireless have large databases of end user SSID's mapped to physical locations. Note: If you can get the SSID there are other public databases of where SSID's have been seen mapped to physical locations.

http://www.w3schools.com/html/html5_geolocation.asp

http://locationdetection.mobi/

2.) Purchase information about the IP address from advertisers who can confirm the owners shipping location via aggregation based on other activity notably past sales & shipping information. Matching aggregate regular and hidden cookie information to the account owner to help identify the person or people who use a given IP is far more telling than GeoIP information.

3.) See if you can match the IPv4 address to an IPv6 address on the same host. In many cases the IPv4 geolocation may not be as accurate or up-to-date as the IPv6 geolocation information for the same host.

There are likely many other ways to do this.

It may also be helpful to read some of the FAQ's at commercial providers of GeoIP data such as Maxmind to give you an idea of how accurate the data may be.

https://support.maxmind.com/

Finally it should be noted that some elements of this information such as HTML5 geolocation and unique cookies may be sent to the web server allowing someone to identify a user that may otherwise be trying to disguise their address via a proxy or a service like Tor. This is one of the specific reasons Tor users need to be careful about their implementation and how they are using the service.

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49