The National Security Agency not only has technology that can geolocate virtually any IP address, it’s gotten a patent for the technology.
Just a few days ago, the NSA was granted a patent on a “method for locating logical network addresses,” which measures time latency in communications as a way of figuring out where network traffic originates. High tech investigators now need more than a court order to snoop on Internet communications — they also need a patent license. — Electronic Frontier Foundation
That’s scary enough. The patent describes a method of geolocating an IP address simply by pinging it, measuring the round-trip delay, and comparing it to the round-trip delay of known locations.
Method for geolocating logical network addresses on electronically switched dynamic communications networks, such as the Internet, using the time latency of communications to and from the logical network address to determine its location. Minimum round-trip communications latency is measured between numerous stations on the network and known network addressed equipment to form a network latency topology map. Minimum round-trip communications latency is also measured between the stations and the logical network address to be geolocated. The resulting set of minimum round-trip communications latencies is then correlated with the network latency topology map to determine the location of the network address to be geolocated. — U.S. Patent 6,947,978
This sort of technique could be eerily precise. It also could be a big flop. But it’s cause for concern. Consider:
Movie studios may not know much about the Internet, but they definitely understand licensing. That’s why six major studios launched a techie think tank called MovieLabs to cook up new ways of preventing people from copying their media. Among other projects, MovieLabs announced it will be working on “ways to link senders and receivers of movies transmitted over the Internet to geographic and political territories.” Maybe MovieLabs will consider licensing some technology from the NSA for that! — Electronic Frontier Foundation
This technique is simple enough that almost anyone could implement it fairly easily. It isn’t restricted to large governments and movie studios. There’s that nasty patent to worry about, and one wonders why they took out a patent in the first place, but I imagine that someone with malicious intentions isn’t going to let a little thing like a patent stop him.
The EFF points out that Tor will help protect your privacy by encrypting your data in transit across the Internet and also concealing the source of the data, frustrating efforts not only to geolocate you, but to eavesdrop on you.
I have Tor installed on all of my computers and I use it regularly. You should too.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Bad Behavior has blocked 3483 access attempts in the last 7 days.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Name
Oct 31, 2005
hi
plz send me mail
Geek
Sep 22, 2006
This is stupidity. Simply timing a packet roundtrip won’t work for geolocation because of the way internet traffic is routed- through any available circuit, packet by packet. Anyone who has seen a download “stall” or complained about the internet “being slow today” has experienceed this first-hand. One packet may go many miles farther than the next, completely randomly. But that needn’t stop you from geolocating your browser, because all packets get routed by the (IP) address at each end, regardless of what path they take in-between. The source and destination address (IP) can’t change, or routing won’t work. The Internet Assigned Names and Numbers Authority, IANA, assigns the (IP) address, simple network tools will disclose them, and all you need to do is look up the location of the assigned (IP) routing number in the IANA table. It’s not “spooky” space-age technology- every website today has “statistic analysis” software available that reveals the exact destination for every single packet downloaded by every single visitor.
smart
Feb 02, 2007
This is why you disable ping on your router.
Or, if you want to throw them off, add a random delay.
Jason
Feb 02, 2007
This is not why you disable PING on your router. You disable PING because there are ICMP frame types other than echo-request (PING) which can be used to gain information about your edge device or to attempt to penetrate it. In some circumstances you can also use the payload of an ICMP echo-request to attack a device.
Also, geolocation of IP addresses is done by referencing a database (for example Maxmind GeoIP who licenses their database to clients). The information in these databases is derived from the autonomous system (AS) numbers in which IP addresses are located. Use traceroute to find the hops between two IP addresses and then identify the autonomous systems.
Hmmm
Jan 06, 2008
Its interesting to note that the NSA has a significant amount of information about every backbone carrier network in the nation. The first few hops are no brainers for them, the timing comes from the last well known hop to the user end point from there to the CPE you assume sub 1ms latency so…. It would be a terrible underestimation to think that they are not aware of what equipment is installed in the last mile and that they are not smart enough to look at intermediate hop load and local hop load and do a bit of basic math. Any good general network admin worth his salt can tell you where things are slow with a basic traceroute, this just takes that a step further and applies an undoubtedly sophisticated algorithm to it. Don’t think for a minute that the NSA doesn’t have a map of your DSLAM, and info on its installation and configuration or your cable modem topology. Ten years ago I used basic consumer grade tools to do very similar things just out of curiosity. Forget what you think you know.