On the Evasion of Delay-Based IP Geolocation
نویسندگان
چکیده
We explain a newly found vulnerability that allows circumvention of commonly used delay-based geolocation techniques that use ping or traceroute to sample delays. Attacks may leverage the echo request/reply type of the ICMP protocol. ICMP’s echo request/reply protocol does not specify a mechanism to measure the delays between network nodes. Consequently, different implementations exist on different platforms to achieve this functionality. Other work in literature presented an adversary that can only increase the round trip times by delaying the echo reply messages. However, as we explain, current implementations of ping and traceroute also allow an adversary to decrease the round trip time, enabling it to evade delay-based geolocation techniques with high accuracy. We evaluate the effect of this attack on two delay-based techniques, and analyze an adversary’s evasion capabilities, given its ability to also decrease the observed delays between itself and the set of landmarks conducting the geolocation process.
منابع مشابه
Internet Geolocation and Evasion
Internet geolocation technology (IP geolocation) aims to determine the physical (geographic) location of Internet users and devices. It is currently proposed or in use for a wide variety of purposes, including targeted marketing, restricting digital content sales to authorized jurisdictions, and security applications such as reducing credit card fraud. This raises questions about the veracity o...
متن کاملIP Geolocation in Metropolitan Area Networks
Existing techniques can geolocate an IP address to a metropolitan area. Through simulation, we evaluate the performance of these existing techniques within a metropolitan area network. We identify differences between metropolitan area networks and the wide area network. We describe and evaluate new techniques which are designed specifically for use on metropolitan area networks. We present Hop-...
متن کاملDude, Where's That IP? Circumventing Measurement-based IP Geolocation
Many applications of IP geolocation can benefit from geolocation that is robust to adversarial clients. These include applications that limit access to online content to a specific geographic region and cloud computing, where some organizations must ensure their virtual machines stay in an appropriate geographic region. This paper studies the applicability of current IP geolocation techniques a...
متن کاملAdaptive Geolocation of Internet Hosts
IP based geolocation is a widely used geolocation technique because of its ability to geolocate the hosts where GPS or other techniques become ineffective or unavailable. Measurement-based geolocation techniques utilize landmarks to make end-to-end delay measurements and compute the host location based on delay to distance mappings. Fewer landmarks and/or inaccurate delay to distance mapping le...
متن کاملLeveraging Buffering Delay Estimation for Geolocation of Internet Hosts
Geolocation techniques aim at determining the geographic location of an Internet host based on its IP address. Currently, measurement-based geolocation techniques disregard the buffering delays that may be introduced at each hop along the path taken by probe packets. To fill this gap, we propose the GeoBuD (Geolocation using Buffering Delay estimation) approach. Although the network delay and t...
متن کامل