Hi,
I am the author of Trippy (https://github.com/fujiapple852/trippy) which is a OSS traceroute/mtr like tool (which also uses Ratatui!).
I would like to propose a model which is trained on a combination of DNS and GeoIp data and can be used for geo-locating IPs based on hostnames (and perhaps AS names).
Trippy currently supports GeoIp lookup (i.e. IP address -> geo location) using mmdb database files from MaxMind and IPinfo. These databases are useful but are both incomplete and inaccurate for many IPs.
Another technique often used to geo-locate IPs is to lookup the reverse DNS hostname (and sometimes the AS name) as these often contain clues as to the location. For example, the hostname xe-11-1-0.edge1.NewYork1.Level3.net is likely to be located in New York.
Typically these are interpreted by humans eyeballing the hostnames, and sometimes these are fuzzy matched by tools against sets of known country/city codes and/or hostname formats. This approach is high maintenance and has limited utility. See slide 11-16 of this presentation for examples of the types of codes used in hostnames for internet routers.
I believe it may be possible to train a model to do this using the large quality of DNS and GoeIp data available.
A large data set could be created which contains the following:
| Field |
Example |
| IP |
171.64.64.64 |
| Hostname |
CS.stanford.edu |
| AS Name |
AS32 STANFORD, US |
| Geo Location |
Los Altos, California, United States, North America |
This could then be used to train a model with Burn which is able to take a hostname (or hostname + AS name) and predict the geo-location to the country/city level.
Don't see the model you want? Don't hesitate to open an issue, and we may prioritize it.
I don't know if this is of interest to anyone, but I though i'd try my luck and ask! If such a model were to exist I would be keen to integrate the functionality into Trippy.
Hi,
I am the author of Trippy (https://github.com/fujiapple852/trippy) which is a OSS traceroute/mtr like tool (which also uses Ratatui!).
I would like to propose a model which is trained on a combination of DNS and GeoIp data and can be used for geo-locating IPs based on hostnames (and perhaps AS names).
Trippy currently supports GeoIp lookup (i.e. IP address -> geo location) using
mmdbdatabase files from MaxMind and IPinfo. These databases are useful but are both incomplete and inaccurate for many IPs.Another technique often used to geo-locate IPs is to lookup the reverse DNS hostname (and sometimes the AS name) as these often contain clues as to the location. For example, the hostname
xe-11-1-0.edge1.NewYork1.Level3.netis likely to be located in New York.Typically these are interpreted by humans eyeballing the hostnames, and sometimes these are fuzzy matched by tools against sets of known country/city codes and/or hostname formats. This approach is high maintenance and has limited utility. See slide 11-16 of this presentation for examples of the types of codes used in hostnames for internet routers.
I believe it may be possible to train a model to do this using the large quality of DNS and GoeIp data available.
A large data set could be created which contains the following:
This could then be used to train a model with Burn which is able to take a hostname (or hostname + AS name) and predict the geo-location to the country/city level.
I don't know if this is of interest to anyone, but I though i'd try my luck and ask! If such a model were to exist I would be keen to integrate the functionality into Trippy.