ABSTRACT
Internet users worldwide rely on commercial network proxies both to conceal their true location and identity, and to control their apparent location. Their reasons range from mundane to security-critical. Proxy operators offer no proof that their advertised server locations are accurate. IP-to-location databases tend to agree with the advertised locations, but there have been many reports of serious errors in such databases.
In this study we estimate the locations of 2269 proxy servers from ping-time measurements to hosts in known locations, combined with AS and network information. These servers are operated by seven proxy services, and, according to the operators, spread over 222 countries and territories. Our measurements show that one-third of them are definitely not located in the advertised countries, and another third might not be. Instead, they are concentrated in countries where server hosting is cheap and reliable (e.g. Czech Republic, Germany, Netherlands, UK, USA).
In the process, we address a number of technical challenges with applying active geolocation to proxy servers, which may not be directly pingable, and may restrict the types of packets that can be sent through them, e.g. forbidding traceroute. We also test three geolocation algorithms from previous literature, plus two variations of our own design, at the scale of the whole world.
- 2012. Navigation Timing. W3C Recommendation. http://www.w3.org/TR/2012/REC-navigation-timing-20121217/Google Scholar
- AbdelRahman M. Abdou, Ashraf Matrawy, and Paul C. Van Oorschot. 2015. CPV: Delay-based Location Verification for the Internet. Transactions on Dependable and Secure Computing 14, 2 (2015), 130--144. Google ScholarDigital Library
- AbdelRahman M. Abdou, Ashraf Matrawy, and Paul C. Van Oorschot. 2017. Accurate Manipulation of Delay-based Internet Geolocation. In Asia Conference on Computer and Communications Security. ACM, New York, NY, USA, 887--898. Google ScholarDigital Library
- Mohammed Jubaer Arif, Shanika Karunasekera, and Santosh Kulkarni. 2010. GeoWeight: Internet Host Geolocation Based on a Probability Model for Latency Measurements. In Australasian Computer Science Conference, Vol. 102. ACS, Sydney, 89--98. http://crpit.com/confpapers/crpitv102arif.pdf Google ScholarDigital Library
- Claude Castelluccia, Mohamed Ali Kaafar, Pere Manils, and Daniele Perito. 2009. Geolocalization of Proxied Services and its Application to Fast-Flux Hidden Servers. In Internet Measurement Conference. ACM, New York. Google ScholarDigital Library
- Center for Applied Internet Data Analysis. 2006. Archipelago (Ark) Measurement Infrastructure. http://www.caida.org/projects/ark/Google Scholar
- Balakrishnan Chandrasekaran, Mingru Bai, Michael Schoenfield, Arthur Berger, Nicole Caruso, George Economou, Stephen Gilliss, Bruce Maggs, Kyle Moses, David Duff, Keung-Chi Ng, Emin Gün Sirer, Richard Weber, and Bernard Wong. 2015. Alidade: IP Geolocation without Active Probing. Technical Report CS-TR-2015.001. Department of Computer Science, Duke University.Google Scholar
- Jingning Chen, Fenlin Liu, Xiangyang Luo, Fan Zhao, and Guang Zhu. 2016. A landmark calibration-based IP geolocation approach. EURASIP Journal on Information Security 2016, Article 4 (2016), 11 pages. Google ScholarDigital Library
- Frank Dabek, Russ Cox, Frans Kaashoek, and Robert Morris. 2004. Vivaldi: A Decentralized Network Coordinate System. In SIGCOMM. ACM, New York, 15--26. Google ScholarDigital Library
- Jasper den Hertog and Massimo Candela. 2018. OpenIPMap: A Collaborative Approach to Mapping Internet Infrastructure. https://labs.ripe.net/Members/jasper_den_hertog/openipmap-a-collaborative-approach-to-mapping-internet-infrastructureGoogle Scholar
- Shichang Ding, Xiangyang Luo, Meijuan Yin, Yan Liu, and Fenlin Liu. 2015. An IP Geolocation Method Based on Rich-Connected Sub-networks. In International Conference on Advanced Communication Technology. IEEE, Piscataway, NJ, 176--181.Google Scholar
- Ziqian Dong, Rohan D. W. Perera, Rajarathnam Chandramouli, and K. P. Subbalakshmi. 2012. Network measurement based modeling and optimization for IP geolocation. Computer Networks 56, 1 (2012), 85--98. Google ScholarDigital Library
- Benjamin Dowling, Douglas Stebila, and Greg Zaverucha. 2016. Authenticated Network Time Synchronization. In USENIX Security Symposium. USENIX Association, 823--840. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/dowling Google ScholarDigital Library
- Brian Eriksson, Paul Barford, Bruce Maggs, and Robert Nowak. 2012. Posit: A Lightweight Approach for IP Geolocation. SIGMETRICS Performance Evaluation Review 40, 2 (2012), 2--11. Google ScholarDigital Library
- Brian Eriksson, Paul Barford, Joel Sommers, and Robert Nowak. 2010. A Learning-Based Approach for IP Geolocation. In Passive and Active Measurement, Arvind Krishnamurthy and Bernhard Plattner (Eds.). Springer, Berlin, Heidelberg, 171--180. Google ScholarDigital Library
- Brian Eriksson and Mark Crovella. 2013. Understanding Geolocation Accuracy using Network Geometry. In INFOCOM. IEEE, Piscataway, NJ, 75--79.Google Scholar
- Michael Gargiulo. 2018. List of VPN Locations by Provider. In VPN Reviews & Free Comparison Charts. https://www.vpn.com/Google Scholar
- Manaf Gharaibeh, Anant Shah, Bradley Huffaker, Han Zhang, Roya Ensafi, and Christos Papadopoulos. 2017. A Look at Router Geolocation in Public and Commercial Databases. In Internet Measurement Conference. ACM, New York. Google ScholarDigital Library
- Phillipa Gill, Yashar Ganjali, Bernard Wong, and David Lie. 2010. Dude, where's that IP?: Circumventing measurement-based IP geolocation. In USENIX Security. USENIX, Berkeley, CA, Article 16, 16 pages. http://static.usenix.org/legacy/events/sec10/tech/full_papers/Gill.pdf Google ScholarDigital Library
- Bamba Gueye, Artur Ziviani, Mark Crovella, and Serge Fdida. 2004. Constraint-based Geolocation of Internet Hosts. In Internet Measurement Conference. ACM, New York, 288--293. Google ScholarDigital Library
- Kashmir Hill. 2016. How an internet mapping glitch turned a random Kansas farm into a digital hell. FUSION (2016). http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/Google Scholar
- Thomas Holterbach, Cristel Pelsser, Randy Bush, and Laurent Vanbever. 2015. Quantifying Interference Between Measurements on the RIPE Atlas Platform. In Internet Measurement Conference. ACM, New York, 437--443. Google ScholarDigital Library
- Zi Hu, John Heidemann, and Yuri Pradkin. 2012. Towards Geolocation of Millions of IP Addresses. In Internet Measurement Conference. ACM, New York, 123--130. Google ScholarDigital Library
- Collin Jackson, Andrew Bortz, Dan Boneh, and John C Mitchell. 2006. Protecting Browser State from Web Privacy Attacks. In World Wide Web. ACM, New York, 737--744. http://www.stanford.edu/people/jcm/papers/sameorigin.pdf Google ScholarDigital Library
- Ethan Katz-Bassett, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas Anderson, and Yatin Chawathe. 2006. Towards IP Geolocation Using Delay and Topology Measurements. In Internet Measurement Conference. ACM, New York, 71--84. Google ScholarDigital Library
- Raja A. A. Khan, Anjum Naveed, and R. Les Cottrell. 2016. Adaptive Geolocation of Internet Hosts. Technical Report SLAC-PUB-16463. SLAC National Accelerator Laboratory.Google Scholar
- Dan Komosny, Milan Simek, and Ganeshan Kathiravelu. 2013. Can Vivaldi Help in IP Geolocation? Przegląd Elektrotechniczny 2013, 5 (2013), 100--106. http://www.pe.org.pl/articles/2013/5/20.pdfGoogle Scholar
- Dan Komosny, Miroslav Voznak, Ganeshan Kathiravelu, and Hira Sathu. 2015. Estimation of Internet Node Location by Latency Measurements---The Underestimation Problem. Information Technology and Control 44, 3 (2015), 279--286. http://hdl.handle.net/10084/110524Google ScholarCross Ref
- Rupa Krishnan, Harsha V. Madhyastha, Sridhar Srinivasan, Sushant Jain, Arvind Krishnamurthy, Thomas Anderson, and Jie Gao. 2009. Moving Beyond End-to-End Path Information to Optimize CDN Performance. In Internet Measurement Conference. ACM, New York, 190--201. Google ScholarDigital Library
- Sándor Laki, Péter Mátray, Péter Hága, Tamás Sebők, István Csabai, and Gábor Vattay. 2011. Spotter: A Model Based Active Geolocation Service. In INFOCOM. IEEE, Piscataway, NJ, 3173--3181.Google Scholar
- Raul Landa, Richard G. Clegg, João Taviera Araújo, Eleni Mykoniati, David Griffin, and Miguel Rio. 2013. Measuring the Relationships between Internet Geography and RTT. In International Conference on Computer Communications and Networks. IEEE, Piscataway, NJ, 1--7.Google ScholarCross Ref
- Dan Li, Jiong Chen, Chuanxiong Guo, Yunxin Liu, Jinyu Zhang, Zhili Zhang, and Yongguang Zhang. 2013. IP-Geolocation Mapping for Moderately Connected Internet Regions. Transactions on Parallel and Distributed Systems 24, 2 (2013), 381--391. Google ScholarDigital Library
- James A. Muir and Paul C. Van Oorschot. 2009. Internet Geolocation: Evasion and Counterevasion. Comput. Surveys 42, 1 (2009), 4:1--4:23. Google ScholarDigital Library
- Péter Mátray, Péter Hága, Sándor Laki, Gábor Vattay, and István Csabai. 2012. On the spatial properties of internet routes. Computer Networks 56, 9 (2012), 2237--2248. Google ScholarDigital Library
- Venkata N. Padmanabhan and Lakshminarayanan Subramanian. 2001. An Investigation of Geographic Mapping Techniques for Internet Hosts. In SIGCOMM. ACM, New York, 173--185. Google ScholarDigital Library
- Tom Patterson, Nathaniel Vaughn Kelso, et al. 2012. Natural Earth. Free vector and raster map data. http://www.naturalearthdata.com/Google Scholar
- PlanetLab 2007. PlanetLab: an open platform for developing, deploying, and accessing planetary-scale services. http://www.planet-lab.org/Google Scholar
- Ingmar Poese, Steve Uhlig, Mohamed Ali Kaafar, Benoit Donnet, and Bamba Gueye. 2011. IP Geolocation Databases: Unreliable? SIGCOMM Computer Communications Review 41, 2 (2011), 53--56. Google ScholarDigital Library
- Abbas Razaghpanah, Anke Li, Arturo Filastò, Rishab Nithyanand, Vasilis Ververis, Will Scott, and Phillipa0 Gill. 2016. Exploring the Design Space of Longitudinal Censorship Measurement Platforms. (2016). arXiv:cs.NI71606.01979 arXiv preprint.Google Scholar
- RIPE NCC Staff. 2015. RIPE Atlas: A Global Internet Measurement Network. The Internet Protocol Journal 18, 3 (2015), 2--26. http://ipj.dreamhosters.com/wp-content/uploads/2015/10/ipj18.3.pdfGoogle Scholar
- RIPE Network Coordination Centre. 2014. RIPE Atlas: a global network of Internet probes. https://atlas.ripe.netGoogle Scholar
- Yuval Shavitt and Noa Zilberman. 2011. A Geolocation Databases Study. Selected Areas in Communications 29, 10 (2011), 2044--2056.Google ScholarCross Ref
- University of Wisconsin. 2011. Internet Atlas (DS-468). Continuously updated data set.Google Scholar
- Yong Wang, Daniel Burgener, Marcel Flires, Aleksandar Kuzmanovic, and Cheng Huang. 2011. Towards Street-Level Client-Independent IP Geolocation. In Networked Systems Design and Implementation. USENIX, Berkeley, CA. Google ScholarDigital Library
- Bernard Wong, Ivan Stoyanov, and Emin Gün Sirer. 2007. Octant: A Comprehensive Framework for the Geolocalization of Internet Hosts. In Networked Systems Design and Implementation. USENIX, Berkeley, CA, Article 23, 14 pages. http://static.usenix.org/legacy/events/nsdi07/tech/full_papers/wong/wong.pdf Google ScholarDigital Library
- Artur Ziviani, Serge Fdida, José F. de Rezende, and Otto Carlos M. B. Duarte. 2005. Improving the accuracy of measurement-based geographic location of Internet hosts. Computer Networks 47, 4(2005), 503--523. Google ScholarDigital Library
Index Terms
- How to Catch when Proxies Lie: Verifying the Physical Locations of Network Proxies with Active Geolocation
Recommendations
RIPE IPmap active geolocation: mechanism and performance evaluation
RIPE IPmap is a multi-engine geolocation platform operated by the RIPE NCC. One of its engines, single-radius, uses active geolocation to infer the geographic coordinates of target IP addresses. In this paper, we first introduce the methodology of IPmap'...
The Use of Software Agents as Proxies
ISCC '00: Proceedings of the Fifth IEEE Symposium on Computers and Communications (ISCC 2000)As network technology is advancing at a rapid rate, clients can access information from the Internet using a variety of devices and via different types of networks. As the Internet is heterogeneous in nature, and with such diversities in devices, a ...
Performance Evaluation of Load Balanced Web Proxies
WAINA '11: Proceedings of the 2011 IEEE Workshops of International Conference on Advanced Information Networking and ApplicationsA large university usually has many units that may locate far apart, and there are many proxy servers installed to give web access services to those units individually. However, some proxies may face the performance bottleneck when many users access the ...
Comments