Host based lookup

General Discussion about IP Address Lookup caveats, technology, ideas, etc.

Moderator: Moderators

Host based lookup

Postby Gandalf_the_grey on Sat Oct 01, 2005 6:51 am

Hello. I'm a tad new here. (i found your site after doing some reserch for a program i was making).

I've been doing a bit of work with host based lookups, rather then ip based (which you seem to be doing).

I did this, mainly because there was plainly obvious information in hosts, and that ip's have a tendancy of changing a lot more then ip's. (when was the last time your isp's host changed?)

I've been getting up to state level accuricy so far (only with comcast tho. I usually find the isp, and country of a person).

For eg.

We know he's from georgia, because of the ga.
We know that comcast is his isp, because its the first part of the host after the suffix (which is .net in this case).

And we know that he's in america, because
1. it ended in .net, so it was registered in america. (although sometimes when i do an ipcheck it turns out that it is in another country, which registered an american domain name).
2. Comcast is in america (its an american isp). I put that information in my comcast records.
3. America is a good defult to have. (lots of people on the internet compared to other countries).

The process i use for my geolocator basically looks for similar adresses.
I look from the suffix down to the end, and i count the number of "parts" of the host that are the same.
Hostip is one part, the info is another part.
Something is one part, ect.

So, whenever i find an entry with a better match then what i currently have, i add its information to the current bank of knoweledge (of the host), and continue on.

When i find contradictory records (ie. [country] the united states [country] Switzerland), i consider the one that was put in last, to be accurite.

So, for eg. for *removed*
The pattern of information is basically:
.net matched. [country] The united states of america Added matched. [isp] Comcast added matched [state] Georgia added

For unknown isp's i add [isp] to be the last part of the host, that isn't a suffix. (ie. more then three letters, and not .info).

This seems to be working well. (i currently scrounged up a list of country suffixes for country lookup, and added a few isp's there too.) and seems to be giving good country + isp lookup, most of the time. (isp lookup is the most reliable, followed by country, followed by state).

I've also been making an iptable for additional searching. (ie. finding out if an host that appears american (ie. .net) is actually from another country).

What i did, was store the long ip of the name, with the information about it. I stored the whole thing as a sorted list, and i used a binary search to find the closest match.

This helped a great deal, and corrects the host based appreach when it fails. (ie. just not enough information).

I'd like to know if anyone else here has tried anything similar, and there success/failure with it?

(also, why does the city in the main page change every time on reload?)

Gandalf the grey.
Posts: 6
Joined: Sat Oct 01, 2005 4:17 am

Postby Teo on Wed Oct 05, 2005 11:06 am

you could extract some good informations with the geo patents from Quova :,684,250.WKU.&OS=PN/6,684,250&RS=PN/6,684,250

(Patent that forgive you to retrieve and use geo data if you live on USA)
Posts: 17
Joined: Thu Sep 15, 2005 3:27 pm

Re: Host based lookup

Postby bfolkens on Thu Oct 06, 2005 10:02 am

Gandalf_the_grey wrote:Hello. I'm a tad new here. (i found your site after doing some reserch for a program i was making).

We did something remotely similar with the Sarangworld regex patterns and traceroutes.
Site Admin
Posts: 154
Joined: Tue Feb 22, 2005 8:09 am

Return to IP Address Lookup

Who is online

Users browsing this forum: No registered users and 2 guests