Odhad geografické polohy stanic v Internetu / Location estimation of Internet nodes

Němeček, Ladislav

January 2014

This paper deals with methods of stations’ IP geolocation. It’s describes the methods of passive and active geolocation and it’s more focused on active searching methods, which usees measuring the latency in network. The factors causing delays in data transfer are discussed first, followed by discussion of the issue of measuring these delays. After that a brief description of PlanetLab experimental network, which nodes were used for delay measurment. Main topic is practical implementation of method Constraint-based Geolocation in Java programming language. Last but not least the measurement results of CBG algorithm are tested.

Improving the Cyber defence of an organisation based on IP Geolocation and security appliances / Förbättra en organisations cyberförsvar baserad på IP Geolocation och säkerhetssystem

Opasinov, Aleksandar, Eftekhari, Sina

January 2020

As advancement and usage of data communication has increased exponentially on a global scale, with a devastating exposure to attacks and varying security threats to home offices as well as to large enterprises, there is always a need for enhanced network protection. The IT department of the company OneDefence, located in western Sweden, was chosen for the thesis and based on the stated information from the organisation, aims were set on how to improve their network defence capabilities. The aim of this thesis is to list ten countries posing the most serious IT threats, and to limit the attack surface of OneDefence’s IT network as much as possible while still providing the necessary services to users abroad. After researching the countries, a prototype was set up to mimic OneDefence’s topology of interest and test attacks were conducted as detailed in the Methodology chapter. The results of the investigations showed the countries posing most serious cyber threats included China, Russia and North Korea among others which were statistically calculated based on the total number of recognised cyberwarfare attacks. The results obtained from the different DoS attacks in the prototype showed that an IPS should be at the heart of an organisation's network defence for combating these intrusions, as well as potentially other types. With the help of a prototype built based on the organisation's topology, several attacks were somewhat successfully mitigated with the equipment used on hand, with only a low percentage of packets allowed to pass through the security unit. Lastly, to explore further enhancements of defence capabilities of OneDefence, a comparison between different products and devices were performed. This resulted in products from the Fortinet brand such as FortiGate NGFW and UTM capabilities as they are offering several advantages compared to competitors. / Då stora framsteg och användning av datakommunikation har ökat exponentiellt på en global skala, med en förödande exponering av attacker och säkerhetshot mot hemanvändare såväl som stora företag, finns detalltid ett behov av förbättrad nätverksskydd. IT-avdelningen hos företaget OneDefence, valdes för att utföra examensprojektet och baserade sig på organisationens angivna information för att förbättra deras nätverksförsvar. Syftet med denna rapport är att sammanställa en lista på tio länder som utgör de allvarligaste IT-hoten i världen, samt begränsa attackytan för organisationens nätverk så mycket som möjligt medan man behåller alla nödvändiga tjänster till användare utomlands. Efter att ha undersökt länderna, anordnades en prototyp för att efterlikna delar av OneDefences topologi av intresse och testattacker utfördes enligt metodologikapitlet. Resultaten av utredningarna visade att från de länder som utfört de allra allvarliga cyberhoten inkluderade bland annat Kina, Ryssland och Nordkorea, som har beräknats statistiskt baserat på antalet igenkända cyberwarfare attacker. Resultaten från de olika DoS-attackerna visade att en IPS bör vara kärnan i en organisations nätverksförsvar för att kunna bekämpa dessa intrång, samt potentiellt andra typer. Med hjälp av den prototyp som byggdes baserad på organisationens topologi, blockerades flera attacker rätt framgångsrikt, med en låg procentandel av paketen som gick genom säkerhetsenheten. Slutligen utforskades ytterligare förbättringar av försvarsförmågan hos organisationen genom att jämföra olika produkter och enheter. Detta resulterade i produkter från Fortinet-varumärket såsom FortiGate NGFW med UTM förmåga, då de erbjuder flera fördelar jämfört med konkurrenter.

Cybersecurity

Cisco ASA Firewall

IP Geolocation

Malware

Cyber Attacks

IPS

IT-säkerhet

Cisco ASA Brandvägg

IP Geolocation

Malware

Cyberattacker

IPS

Information Systems

Využití znalosti topologie páteřních sítí pro určování fyzické polohy stanic v síti Internet / Geolocation in Internet using network topologies

Dvořák, Filip

January 2012

The thesis discusses about modern geolocation methods and it describes the basic principles of their work. The work is divided into 2 parts - the theoretical one and the practical one. The first part of the thesis is focused on the description of these methods and on the explanation of its basic concepts which are used for determining of the physical position of the station according to its IP address. The second more extensive part of the work focuses on the description of the realization of algorithm in the Octant method in the programming language of Java and its use in the experimental net of PlanetLab. One important thing is to create a set of reference points and targets, which are necessary for the testing of the whole algorithm of the Octant Method. The results of estimated accuracy of target location obtained by the Octant method and their comparison with the results obtained by active methods of CBG, SOI and with the passive method of GeoIP are listed at the end of this work.

Webová aplikace zobrazující polohu IP stanic / Web application for getting location of IP nodes

Modrák, Zdeněk

January 2015

Thesis deal with geolocation in internet network. There are described possibilities of geolocation and thesis is mainly focused on passive geolocation methods. Under passive geolocation belongs location databases which there are described as in theoretical way as used in practical part of thesis. In practical part there is created complex system for geolocation in internet environment which used paid and free geolocation databases. Another used database is WHOIS. Data from paid databases is processed and accuracy of databases is evaluated.

Aktivní IP geolokace pro verifikaci pozic stanic v Internetu / Active IP Geolocation for Verification Host Position in Internet

Balej, Jiří

January 2017

Dissertation thesis deals with methods for finding the location of the device in the Internet, based on knowledge of the IP address. The process is called IP geolocation and is currently solved by geolocation databases or by measurement of network properties to the IP address. The disadvantage of nowadays geolocation databases is an incorrect information about some locations, because they can be in large distance from correct position. The aim of the thesis is to develop a method for verification of a position from geolocation database using delay measurement. Because of it, there is a detail analysis of influence of partial delays on the distance estimation accuracy, calculated using measured delay between the landmark and the target IP address. For the same reason, long-term delay measurement was performed, where the IP geolocation accuracy was compared using calibration data from previous measurements. On this background, Cable Length Based Geolocalisation (CLBG) method is proposed. Principle of this method is built on the properties of partial delays, which depend on the length of transport media. Firstly, the method measures round trip time (rtt), which is subsequently lowered by intermediate devices and end stations delay. The geographical distance is estimated using signal speed in the transport media. Further, the winding media parameter is established, which is used to determine a constraint around the landmark. The intersection of all constraints defines the area, where the target IP is. The IP geolocation using CLBG gives better results than simpler methods (ShortestPing, GeoPing and SOI), in comparison with more advanced methods (CBG and Octant) the accuracy is similar. The disadvantage of the CLBG method is the size of region, where the target lies, but this is due to its purpose. The position found in geolocation database can be checked by evaluation if it lies in the region.