Just dropping in to add my $0.02
@morbiuswilters said:
@KattMan said:So true, but if the routers are configured even minimally to return thier location and they usually are for reasons of maintainence being able to find them,then a simple trace route on the IP address and reading the responses will get you pretty close.I'm not actually sure what this is supposed to mean. The router might have its location set in the reverse DNS record or it might be in a GeoIP database. The router itself doesn't return anything, though.
KattMan is correct. Standard SNMP reporting tools will return Location information for properly configured devices (such as routers). Basic devices with SNMP capability typically have the ability to set/return location data (MIB 1.3.6.1.2.1.1.6.0, I believe), which could be used to narrow down a physical location (though the setting is entirely user-configurable and would be unreliable as the sole basis for approximating geo-location). If one used a combination of ARIN WHOIS info, SNMP sysLocation info from the last few hops to an IP and the physical location of known IP's within the same subnet (if any are known), one could reasonably approximate the physical location of an otherwise unknown IP address.
@morbiuswilters said:
@KattMan said:I've seen some networks that can get you down the street of where the guy is, so "somewhere downtown" is a reasonable answer, but not from the IP address but rather from a simple trace route.Sure, that's possible under certain circumtances, but it is in no way guaranteed. Additionally, you need the IP address to do a traceroute. All traceroute tells you is which routers the packets are going through at that moment in time. That can be useful for finding geographic location, but may not be.
IIRC, in that episode they had the guy's IP but couldn't 'trace it' because he kept 'logging off so quickly' (!?!). Traceroute does tell you which routers packets are going through at that moment, but more importantly, they also tell you the *last* router a packet went through. Since there are physical distance limitations between end devices and their last (actually, first) hop, it would be safe to assume (in most cases) that the physical location of the last hop is very near the actual location of the end device (the IP you would trace in this instance).
That said, I do agree; without having externally verifiable information regarding the physical location of an IP, I would not trust the data you could anonymously collect using traditional/legally-sanctioned methods.