How does geoIP for private IPaddresses work?

Hi

I want to understand how does the GeoIP work.
I want to use it to track employees: If 1 of my private IPs is out of town then an alarm must be set.
My first idea (as I am a newbie in Elastic) was of correlating the private IPs with the public ones in the firewall.

My second idea is using the GeoIP of Elastic. But first I need to understand how does it work.

  1. What do I need to have to get started: The range of private IPs and what else?
  2. Do I also need the latitude and longitude of each one? How can I get these values?
  3. What will happen if the private IPs change dinamically?

Thank you very much

IP address is allocated by the network that the computer is connected to. If an employee is sitting in a starbucks out of town and connected to the startbucks wifi network, this network will allocated the address from its pool if internal IP addresses. Another starbucks in a different part of the country might use exactly the same network setup and have exactly the same pool of private IP addresses. In other words it is not possible to detect the location based on the private IP address. It order to spy on employees detect employees location, privacy concerns aside, you need to force their laptops to give your their public IP address, which you can resolve using GeoIP. I think the most ethical way to do it would be to capture logs on VPN connections and make sure that each employee has their own set of credential for connecting to VPN.

@Igor_Motov If it is not possible to detect the location based on the private IP addresses, then what is it been done here:
(Creating geoip data for internal networks)

or here:
(Private networks with GeoIP)

They have offices in different locations and each office has a internal networks that they control with specific IP range they know and office location that they can check on the map. They want to map IP addresses from these offices internal networks to locations of these offices. If this is your use case, I probably misunderstood your original question and you can definitely do that (to a certain degree).

1 Like

Hi @Igor_Motov
Yes, I want to map IPaddreses from offices internal networks to locations of these offices.

I have started a new link because I am having problems understanding the procedure that has been done to use GeoIP with private networks.

Do I have to configure logstash if I am using a VM?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.