Networking and Security

Networking and Security Research Group

Accurate Internet Organisations Database

Project Background and Aims

The Internet is a network of many networks run by many different organisations. Each organisation owns and administrates its own small part of the IPv4 address space. It is often desirable to know which organisation own a certain part of the address space. For example, a current research project aims to find out how widespread carrier-grade Network Address Translation (NAT) is and which organisations use it. Another example is a study of security incidents where we would like to know from which organisations these incidents originated from. Information about who owns/administrates space exists in the form of the whois database [1,2], but is not easy to access in bulk in real time (due to query limits) and the accuracy of the information is often questionable.

The goal of the project is to develop a tool/database that can be queried and for each IP address efficiently provides accurate information about the owning organisation from a local database. The tool/database must not be based solely on existing whois information. Other information sources should be used to validate the accuracy of the whois data and modify the data accordingly before creating an entry in the database. These sources include but are not limited to IP geolocation data [3], routing information [4], information from DNS lookups, and active probing (e.g. ping measurements or accessing a networks web server). Each entry in the database should have an attached uncertainty factor that expresses the confidence in the correctness of the information, i.e. whether different sources provided conflicting information or not.

Project Skills
The project team will require:
  • Project management skills
  • Knowledge about IP networks and protocols
  • Basic knowledge of a programming/scripting language, e.g. Python, C
Initial References
  1. whois, https://en.wikipedia.org/wiki/WHOIS
  2. APNIC whois database, https://wq.apnic.net/apnic-bin/whois.pl
  3. 3. GeoIP Country, https://dev.maxmind.com/geoip/geoip2/geolite2/
  4. 4. Routeviews, http://www.routeviews.org/