Sources of Change in Internet Protocol Geolocation Databases
Abstract
Commercial IP geolocation databases provide a capability to associate IP addresses or prefixes to a physical location. These services provide critical information for emergency services, commercial entities, and government agencies. The accuracy of these databases can vary to a degree that degrades their utility to an unacceptable level, and the algorithms that are making location determinations are typically proprietary. This study seeks to identify patterns in, or otherwise characterize, the set of network prefixes that exhibit geolocation change between weekly snapshots of a particular commercial geolocation database: MaxMind. We employ ground-truth correlations using active Internet measurements to characterize discernable patterns of prefix movements in the database. By measuring round-trip times from known-location vantage points to prefixes with location changes, and identifying the closest vantage point to the likely actual prefix location, we categorize and correlate possible causes of location instability in MaxMind. We find that approximately 7.5% of MaxMind prefix-location variance possibly results from geolocation granularity changes. Our methodology demonstrates a scalable technique to use Internet measurements to characterize movement shown by geolocation databases. Finally, we propose methodology enhancements for future employment. This study illuminates the efficacy of IP geolocation databases for intelligence community, DOD, academic, and commercial use.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2021
- Accession Number
- AD1164322
Entities
People
- Bryan J. Kauffman
Organizations
- Naval Postgraduate School