Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Discussion in 'other security issues & news' started by ronjor, Jul 16, 2020.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    97,684
    Location:
    Texas
    Original release date: July 16, 2020
    .
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    This does seem like stating the obvious. I mean, it's pretty common for people to use VPN services to obfuscate IP addresses. And it's also pretty common for VPN services to use network tunneling to obfuscate their exit servers' IP addresses.[0]

    0) https://restoreprivacy.com/virtual-server-locations/
     
  3. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    618
    Location:
    Far East
    So is the use of testing sites like

    ipleak.net
    doileak.com
    whoer.net
    .........and others

    accurate in determing the IP and location of the VPN servers?

    Users use a VPN to hide their IP address and for other uses. Sometimes double or even multi-hopping. Can I say that using a VPN service with many virtual locations would be better off in privacy term than those using dedicated hardware servers with true physical locations if one wants to use a VPN to hide the IP address?

    Thanks
     
    Last edited: Jul 18, 2020
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    No, it's not. Because that geolocation data comes from RIPE etc databases. And the location information there is often outdated.

    For example, HMA has a server that's supposedly in Vanuatu. However, while the relevant IP addresses were at some point assigned to Vanuatu, HMA is leasing them from some firm that's acquired the rights to use them. Basically, it's an income stream for Vanuatu.

    And so HMA advertises those "Vanuatu" IP addresses from servers in the EU. If you're using those servers, your traffic hits the Internet from some EU data center. But when ipleak.net or whatever looks up those IP addresses, it sees that they're supposedly in Vanuatu.

    However, if you ping those IP addresses from servers in many locations, you find low latency for ping servers in the EU, and high latency for ping servers near Vanuatu.
     
  5. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    618
    Location:
    Far East
    Thanks for the reply.

    You quoted HMA because it uses virtual servers.

    How about those VPN providers using bare-metal servers? Would those testing sites I mentioned display them accurately?

    And how about the privacy of virtual servers over dedicated bare-metal servers for VPN users? Don't you think it's better here?
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    No, I was talking about most of their servers, bot just the ones that they disclose as virtual.
    No, there's no way to know where servers are actually located, unless you do the ping testing thing.

    I'm familiar with the argument that virtual servers in secure locations are safer than servers in iffy locations. But no matter what, it's not OK to mislead customers about server locations.
     
  7. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    618
    Location:
    Far East
    Thank you for the replies
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.