How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation

Internet users worldwide rely on commercial network proxies both to conceal their true location and identity, and to control their apparent location. Their reasons range from mundane to security-critical. Proxy operators offer no proof that their advertised server locations are accurate. IP-to-location databases tend to agree with the advertised locations, but there have been many reports of serious errors in such databases. In this study we estimate the locations of 2269 proxy servers from ping-time measurements to hosts in known locations, combined with AS and network information. These servers are operated by seven proxy services, and, according to the operators, spread over 222 countries and territories. Our measurements show that one-third of them are definitely not located in the advertised countries, and another third might not be. Instead, they are concentrated in countries where server hosting is cheap and reliable (e.g. Czech Republic, Germany, Netherlands, UK, USA). In the process, we address a number of technical challenges with applying active geolocation to proxy servers, which may not be directly pingable, and may restrict the types of packets that can be sent through them, e.g. forbidding traceroute. We also test three geolocation algorithms from previous literature, plus two variations of our own design, at the scale of the whole world

Evidential value of country location evidence obtained from IP address geolocation

Knowledge of the previous location of an Internet device is valuable information in forensics. The previous device location can be obtained via the IP address that the device used to access Internet services, such as email, banking, and online shopping. However, the problem with the device location using its IP address is the unknown evidential value, which is used to admit the evidence in the case. This work introduces a method to process free and constantly updated data to assess the evidential value of the IP country location. The evidential value is assessed for several countries by analyzing historical data over 8 years. Tampering with the location evidence is discussed, as well as its detection. The source code to replicate the results and to apply the updated data to future evidence is available

Retrospective IP Address Geolocation for Geography-Aware Internet Services

The paper deals with the locations of IP addresses that were used in the past. This retrospective geolocation suffers from continuous changes in the Internet space and a limited availability of past IP location databases. I analyse the retrospective geolocation of IPv4 and IPv6 addresses over five years. An approach is also introduced to handle missing past IP geolocation databases. The results show that it is safe to retrospectively locate IP addresses by a couple of years, but there are differences between IPv4 and IPv6. The described parametric model of location lifetime allows us to estimate the time when the address location changed in the past. The retrospective geolocation of IP addresses has a broad range of applications, including social studies, system analyses, and security investigations. Two longitudinal use cases with the applied results are discussed. The first deals with geotargeted online content. The second deals with identity theft prevention in e-commerce

Can Vivaldi help in IP geolocation?

The paper deals with IP geolocation based on communication latency measurement. The aim of IP geolocation is to estimate the geographical location of an IP-enabled node. Latency-based IP geolocation methods measure latency from a set of landmarks with the known geographical position to a target with an unknown position. When the latency values are known, the target position is estimated using multilateration. A disadvantage is that for each target’s position estimation, a new latency measurement is required. In order to avoid this, it has been proposed to employ a latency prediction method, such as Vivaldi, to predict the latency between a target and a landmark and, thus, reduce the number of latency measurements. In this paper, we investigate this proposal in terms of location accuracy and efficiency. The conclusion of the paper gives an indicative answer about the credibility of Vivaldi for its use in IP geolocation

Security in Virtual DMZ designs

Virtualization as a technology has existed for almost three decades now. By emulating physical resources, virtualization enables to utilize the full capacity of their hardware resources. Traditional physical DMZs (demilitarized zones) can be virtualized in three different ways. In this paper, the level of security of these three virtualized DMZs was compared to the level of security of traditional physical DMZs. The DMZs considered, represented a typical part of a network of an organization. A test bed was set up Using VMware ESXi 4.1 hypervisor to determine which DMZ design was the most secure. A quantitative research methodology approach was used to collect data with the help of a range of vulnerability assessment tools. Based on the research, the conclusion was drawn that all security elements, like firewalls and the inspection algorithms in the firewall, determine the level of security of a virtual DMZ and not its being physical or virtual

Effect of channel impairments on radiometric fingerprinting

To increase network security and mitigate identity theft attacks, much of the research is focused on traditional bit-level algorithmic. In conventional wireless networks, security issues are primarily considered above the physical layer and are usually based on bit-level algorithms to establish the identity of a legitimate wireless device. Physical layer security is a new paradigm in which features extracted from an analog signal can be used to establish the unique identity of a transmitter. Our previous research work into Radiometric fingerprinting has shown that every transmitter has a unique fingerprint owing to imperfections in the analog components present in the RF front end. However, to the best of the author’s knowledge, no such example is available in the literature in which the effect of radio channel on Radiometric fingerprint is evaluated. This paper presents the simulation and experimental results for radiometric fingerprinting under an indoor varying radio channel. Contrary to popular assumption, it was found that the fingerprinting accuracy is little affected in an indoor channel environment

Automatically Provisioned Embedded Communication System Based on Openwrt Platform

The article deals with a design of a system that provides tools for creation of automatically provisioned embedded communication system and its components. As the key feature of the BEESIP platform (Bright Efficient Embedded Solution for IP Telephony) a unique building and provisioning system of the network devices has been developed allowing the administrators to fully control the firmware and configuration of the devices even in the remote and inaccessible locations. The process of custom firmware building and device provisioning eases the mass deployment of the BEESIP based hardware to cover the needs of small to medium business in the vast range of services