James A. Muir
Abstract
Internet geolocation technology aims to determine the physical (geographic) location of Internet users and devices. It is currently proposed or in use for a wide variety of purposes, including targeted marketing, restricting digital content sales to authorized jurisdictions, and security applications such as reducing credit card fraud. This raises questions about the veracity of claims of accurate and reliable geolocation. We provide a survey of Internet geolocation technologies with an emphasis on adversarial contexts; that is, we consider how this technology performs against a knowledgeable adversary whose goal is to evade geolocation. We do so by examining first the limitations of existing techniques, and then, from this base, determining how best to evade existing geolocation techniques. We also consider two further geolocation techniques which may be of use even against adversarial targets: (1) the extraction of client IP addresses using functionality introduced in the 1.5 Java API, and (2) the collection of round-trip times using HTTP refreshes. These techniques illustrate that the seemingly straightforward technique of evading geolocation by relaying traffic through a proxy server (or network of proxy servers) is not as straightforward as many end-users might expect. We give a demonstration of this for users of the popular Tor anonymizing network.
- Anderson, M., Bansal, A., Doctor, B., Hadjiyiannis, G., Herringshaw, C., Karplus, E., and Muniz, D. 2004. Method and apparatus for estimating a geographic location of a networked entity. United States Patent 6,684,250. Assigned to Quova, Inc. Filed April 3, 2001. Issued January 27, 2004.Google Scholar
- Casado, M. and Freedman M. 2007. Peering through the Shroud: The effect of edge opacity on IP-based client identification. In Proceedings of the 4th USENIX Symposium on Networked Systems Design&Implementation (NSDI). 173--186. Google ScholarDigital Library
- Cooper, I., Melve, I., and Tomlinson, G. 2001. Internet Web replication and caching taxonomy. RFC 3040 January. http://www.rfc-archive.org. Google ScholarDigital Library
- Davis, C., Vixie, P., Goodwin, T., and Dickinson, I. 1996. A means for expressing location information in the domain name system. RFC 1876 January. http://www.rfc-archive.org. Google ScholarDigital Library
- Dingledine, R., Mathewson, N., and Syverson, P. 2004. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium (Aug.). 303--320. Google ScholarDigital Library
- Goldschlag, D., Reed, M., and Syverson, P. 1996. Hiding routing information. In Information Hiding, First International Workshop, Lecture Notes in Computer Science, vol. 1174. Springer, Berlin, Germany, 137--150. Google ScholarDigital Library
- Gueye, B., Ziviani, A., Crovella, M., and Fdida, S. 2004. Constraint-based geolocation of Internet hosts. In Proceedings of the Internet Measurement Conference (Oct.). 288--293. Google ScholarDigital Library
- Huffman, S. and Reifer, M. 2005. Method for geolocating logical network addresses. United States Patent 6,947,978. Assigned to the United States of America as represented by the Director, National Security Agency. Filed December 29, 2000. Issued September 20, 2005.Google Scholar
- Information Technology Association of America. 2002. Ecommerce taxation and the limitations of geolocation tools, November. http://www.itaa.org.Google Scholar
- Jesdanun, A. 2004. World Wide Web Narrowing? Associated Press. CBS News, New York, July 12.Google Scholar
- Katz-Bassett, E., John, J., Krishnamurthy, A., Wetherall, D., Anderson, T., and Chawathe, Y. 2006. Towards IP geolocation using delay and topology measurements. In Proceedings of the Internet Measurement Conference. (Oct.). 71--84. Google ScholarDigital Library
- Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., and Jones, L. 1996. SOCKS protocol version 5. RFC 1928. March. www.rfc-archive.org. Google ScholarDigital Library
- Moore, D., Periakaruppan, R., Donohoe, J., and Claffy, K. 2000. Where in the world is netgeo.caida.org? In Proceedings of the International Networking Conference (INET, July). Poster.Google Scholar
- Muir, J. and van Oorschot, P. 2006. Internet geolocation and evasion. Tech. rep. TR-06-05 (April). School of Computer Science, Carleton University, Ottawa, Canada.Google Scholar
- Padmanabhan, V. and Subramanian, L. 2001. An investigation of geographic mapping techniques for Internet hosts. In Proceedings of SIGCOMM (Aug.). 173--185. Google ScholarDigital Library
- Parekh, S., Friedman, R., Tibrewala, N., and Lutch, B. 2004. Systems and methods for determining collecting and using geographic locations of Internet users. United States Patent 6,757,740. Assigned to Digital Envoy, Inc. Filed March 31, 2000. Issued June 29, 2004.Google Scholar
- Periakaruppan, R. and Nemeth, E. 1999. Gtrace—a graphical traceroute tool. In Proceedings of LISA: 13th Systems Administration Conference (Nov.). 69--78. Google ScholarDigital Library
- Privoxy. 2008. Home page. http://www.privoxy.org.Google Scholar
- Reiter, M. and Rubin, A. 1998. Crowds: Anonymity for Web transactions. ACM Trans. Inform. Syst. Sec. 1, 66--92. Google ScholarDigital Library
- Syverson, P. 2006. Personal communication, January 30.Google Scholar
- The Tor Project. 2008. Tor: Overview. http://www.torproject.org/overview.html.Google Scholar
- Tribunal de Grande Instance de Paris. 2000. Yahoo! Inc. v. La Ligue Contre Le Racisme et L'Antisemitisme and L'Union Des Etudients Juifs de France. Interim Court Order. November 20. http://www.cdt.org/speech/international/20001120yahoofrance.pdf.Google Scholar
- United States District Court. 2003. Barbara Nitke and the National Coalition for Sexual Freedom v. John Ashcroft, Attorney General of the United States of American. Case no. 01 Civ. 11476 (RMB), 2003--2004. (Finkelstein testimony: http://www.sethf.com/nitke/ashcroft.php.) (Laurie testimony: http://www.apache-ssl.org/nitke.pdf.)Google Scholar
- Wong, B., Stoyanov, I., and Gün Sirer, E. 2007. Octant: A comprehensive framework for the geolocalization of Internet hosts. In Proceedings of the 4th USENIX Symposium on Networked Systems Design&Implementation (NSDI). 313--326. Google ScholarDigital Library
- Ziviani, A., Fdida, S., de Rezende, J., and Duarte, O. 2004. Toward a measurement-based geographic location service. In Passive and Active Network Measurement, 5th International Workshop (PAM 2004). Lecture Notes in Computer Science, vol. 3015. Springer, Berlin, Germany. 43--52.Google Scholar
- Ziviani, A., Fdida, S., de Rezende, J., and Duarte, O. 2005. Improving the accuracy of measurement-based geographic location of Internet hosts. Comput. Netw. ISDN Syst. 47, 503--523. Google ScholarDigital Library
Index Terms
- Internet geolocation: Evasion and counterevasion
Recommendations
Finding and analyzing evil cities on the internet
AIMS'11: Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and servicesIP Geolocation is used to determine the geographical location of Internet users based on their IP addresses. When it comes to security, most of the traditional geolocation analysis is performed at country level. Since countries usually have many cities/...
Alert verification evasion through server response forging
RAID'07: Proceedings of the 10th international conference on Recent advances in intrusion detectionIntrusion Detection Systems (IDSs) are necessary components in the defense of any computer network. Network administrators rely on IDSs to detect attacks, but ultimately it is their responsibility to investigate IDS alerts and determine the damage done. ...
Constraint-based geolocation of internet hosts
Geolocation of Internet hosts enables a new class of location-aware applications. Previous measurement-based approaches use reference hosts, called landmarks, with a well-known geographic location to provide the location estimation of a target host. ...
Comments