The World Through 10 IPs: What IP Intelligence Reveals to Investigators

Sponsored by:

Every security investigation starts the same way: with an IP address and a question. But no two IPs tell the same story. A mobile carrier gateway, a VPN exit node, a residential proxy, a corporate network, an anycast service, and a data center range each behave differently, and each demands a different read.

In this session, we'll tour the internet through 10 real IP addresses, covering the major categories analysts encounter every day. For each, we'll walk through the full data profile available: geolocation, ASN and company context, privacy and anonymization signals, hosting classification, and richer contextual intelligence, like building-level place identification for wifi-connected IPs and device counts for shared IPs. We'll also show where to pivot next when an investigation needs to go deeper.

Then, we'll go under the hood on data quality. We'll show how multiple independent signals including active network measurement, device observations, and administrative context combine to produce geolocation that is evidence-based, physically plausible, and explainable, and how to evaluate the accuracy claims of any IP data source.

Key Takeaways:

• How to read the complete data profile of any IP, and the signals that distinguish mobile, VPN, residential proxy, and hosting traffic
• A practical investigation workflow: which data points matter first, and where to go for additional context
• How evidence-based geolocation actually works, and the questions to ask before trusting any location answer

Ben Dowling

Founder & Co-CEO, IPinfo

Ben founded IPinfo in 2013 with the goal of providing reliable, easily accessible IP address data. As IPinfo CEO, he is committed to constantly improving that data and how customers can use it. Prior to IPinfo, he was CTO of Calm.com and a software engineer at Facebook. When he's not empowering businesses to put IPinfo's data to work for them, he's running around Seattle or hiking with his family.

Terry Sweeney

Moderator

Contributing Editor, Black Hat

Terry Sweeney is a Los Angeles-based writer and editor who's covered business technology for three decades. He's written about cyber security for more than 15 years and was one of the founding editors of Dark Reading. Sweeney has covered enterprise networking extensively, as well as its supporting technologies like storage, wireless, cloud-based apps and the emerging Internet of Things. He's been a contributing editor to The Washington Post, Crain’s New York Business, Red Herring, Information Week, Network World, SearchAWS.com, and Stadium Tech Report.