Well, researchers stated they can now track the location of an IP address to within about 125 miles. Normally I would not bother pointing out the obvious, however, I feel the need to bring this into the "security mainstream" as a fail. Before doing so though, here is their "
secret sauce:"
"The new method zooms in through three stages to locate a target computer. The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target’s possible location to a radius of around 200 kilometres." [1]
What this does for tracking the identity of a potential attacker when it comes to security?
Absolutely nothing.
Here is a quote I could never get enough of from Cisco's Fred Baker. For those who have not had the opportunity to read Fred's excellent posts on mailing lists, his RFCs or writings, here is a summary [3]: [Fred] currently co-chairs the IPv6 Operations Working Group in the IETF, is a member of the Smart Grid Interoperability Panel and its Architecture Committee, and is Cisco's representative to BITAG. For more insight of who he is, please see an insightful interview of Fred, see: "
Fred Baker: Cisco Fellow, Network IT Enthusiast, World Traveler." [4] Anyhow, the purpose of stating who is he is to understand the weight/validity of the following statement:
Well, let me ask you you think 171.70.120.60 is. I'll give you a hint; at this instant, there are 72 of us.
Here's another question. Whom would you suspect 171.71.241.89 is? At this point in time, I am in Barcelona; if I were home, that would be my address as you would see it, but my address as I would see it would bein 10.32.244.216/29. There might be several hundred people you would see using 171.71.241.89;
One of the big issues with the Tsinghua SAVA proposal in the IETF is specifically the confusion of the application layer with the IP layer. They propose to embed personal identity into the IP address, and in that there are a number of issues. Internet Address != application layer identification.
An the physical location of Internet Address (IP) is not altogether a "conclusive" mechanism to be used as an identity. While it may give an indicator it is not definitive. For example, let us also assume that I needed to perform some form of competitive intelligence slash corporate espionage targeting my competitor. Let us also assume for a moment that I needed to compromise a machine physically located across the street. If I used my own connection to undertake this task, it would obviously be the equivalent of me walking into the office with a banner that read: "Look at me, across the street hacking you!" Quite absurd. So what are my options to sidestep this? Simple, I could use an Internet cafe, I could use an open wireless network or I could pick yet a third competitor, compromise them and leave them holding a loaded gun. Complete with their fingerprints all over the murder weapon.
This is a long standing problem with IP addresses, attribution. While you can state that in the above comment - IP address 171.70.120.60 connected to you - you cannot definitively state any individual connected to you. With the rise in client side attacks, attribution is even more difficult.
[1]
http://blogs.wsj.com/tech-europe/2011/04/11/tracking-system-can-locate-user-to-within-100m/?mod=google_news_blog[2]
http://www.mcabee.org/lists/nanog/Jan-08/msg00729.html[3]
http://en.wikipedia.org/wiki/Fred_Baker_%28IETF_chair%29[4]
https://learningnetwork.cisco.com/docs/DOC-1720 
Programming : Finished Python Course in Codecademy now what?
