Yes and no. It is possible to track down who controls a particular TCP/IP address. From that you could infer where the person is most likely located. What you can't find out is exactly where that person is sitting at that exact moment. The TCP/IP address can give you the geographical area, but usually only down to the city, not down to the exact latitude and longitude of the person's chair.
For example, take the numerical address 211.59.215.218. This happens to be the address of someone who tried to break into my webserver Wednesday. [Yes, I do run intrusion detection and tracing software on my network. Don't you? :-)] If I look up 211.59.215.218 in the WhoIs database on http://www.apnic.net/, I can infer that the person is most likely located somewhere near Seoul, Korea. Similar would apply to one of today's attacker from 64.230.210.41 who appears to be near Montreal, Quebec, Canada.
The above of course assumes that these people are not making long distance phone calls to dial into a distant ISP. While both of these attacks could have been launched by the same person making long distance phone calls, that is unlikely since they would have a really large phone bill. Alternatively they could have taken over control of the machines at those two addresses, be using them as zombies to launch attacks from, and be seated somewhere completely different.
None of the tracing can tell me that the person is really currently sitting at latitude 39:56:52.037N, longitude 75:09:49.799W. But given the city, state and country from the TCP/IP address, you can track down an approximate latitude and longitude which is good enough for an ICBMnet candygram delivery. :-)
-- Michael
Darkstreak Consulting
www.darkstreak.com
