A reason to block pings?

Your address may be found within a kilometer.

^{http://www.schneier.com/blog/archives/2011/04/pinpoi...}
Pinpointing a Computer to Within 690 Meters

This is impressive, and scary:

Every computer connected to the web has an internet protocol (IP) address, but there is no simple way to map this to a physical location. The current best system can be out by as much as 35 kilometres...

Considering my jitter is 8ms or ~ 50% of the ping to presumably my nearest pingtest.net server I'm not quaking in my boots.

http://www.pingtest.net/result/38440334.png

This is impressive, and scary

No it isn't.

For me, it only gives them about 5,000 addresses to choose from

I'm on the run though, so am more concerned about being tracked by the powers that be!

Not relevant to you (as you are retired).

But someone posting from work and home could well be uniquely identified.

My IP address at work would probably be registered to the company I worked for, so a quick whois would sort that out¹... and what would it have to do with my IP address at home, which would be registered to an ISP?


¹ but only for the company, as an individual I assume my computer would be behind a NAT firewall.

The linked article shows how a ping may provide a location better than the ISP.

A combination of home and work location uniquely identifies many people, perhaps the majority in the UK.

Also a lot will depend on if you isp updates the Geo location of the ip address it assigns you, with ukonline it was more accurate than it currently is with my current isp, it's either 80miles out or over 150 miles out, so it ain't reliable

In reply to a post by john2007:

The linked article shows how a ping may provide a location better than the ISP.

My ping time (from the tbb servers) varies between ~9ms and ~18ms depending whether interleave is off or on.

I obviously move about a lot

In reply to a post by john2007:

A combination of home and work location uniquely identifies many people, perhaps the majority in the UK.

On the basis that most people live fairly close to where they work I wouldn't agree with that... especially with a location accuracy as poor as half a mile.

Certainly not a majority.

Physics being what it is only your lowest ping will be relevant.

...
Closing in

The new method zooms in through three stages to locate a target computer. The first stage measures the time it takes to send a data packet to the target and converts it into a distance � a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometres.

Wang and colleagues then send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through. When a landmark machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time difference narrows the search down further. "We shrink the size of the area where the target potentially is," explains Wang.

Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target. The result can never be entirely accurate, but it's much better than trying to determine a location by converting the initial delay into a distance or the next best IP-based method. On average their method gets to within 690 metres of the target and can be as close as 100 metres � good enough to identify the target computer's location to within a few streets.

Client independent

That kind of accuracy normally requires people to deliberately disclose their location, but Wang's method works without the user's permission. "This is a client-independent method," as he puts it. "The client does not need to approve anything."
...

In reply to a post by john2007:

Physics being what it is only your lowest ping will be relevant.

I wasn't thinking of physics, I was thinking of BT's MSANs

I only know one person who works less than 1/2 mile away from his home, so I guess my expectations are coloured by that.

The census will let us know.

Blocking ICMP echo requests won't win you much at all. You could solicit the exact same information using the initial stages of a TCP 3-way handshake, or even just a SYN+RST. Plus if you wanted you could collect the data in the opposite direction (i.e. have JS make and time the round trip of a request to an echo server) and report that data back.

Wouldn't bog standard NAT reject unsolicited requests?

I think it's probably one of those techniques that works well in theory, and passably well on initial tests with well-defined and co-operating systems.

But when it gets out into the real world... we've all seen people on here wanting to know why they get 80ms pings to their favourite game server and their next-door neighbour gets 15ms

For reject I should have said ignore.

Exactly. And so you measure the time from the unsolicited request to the receipt of the rejection. Round trip time measured with no ICMP echo request needed.

Not quite the point. Final leg pings (exchange to home) should be consistent.

My router ignores unsolicited requests.

I tested on several hosts I know to be running pretty much "as delivered by ISP" NAT and they correctly respond with RST on receipt of a SYN for which there is no listening service. Anyway it doesn't detract from the point that you can also measure that from the client side with reasonably simple JS.

I disable JavaScript and all client side scripting by default, who doesn't (don't answer that, too few).

My router (Netgear DG843Gv3) ignores unsolicited requests as a default (as far as I know).

If there is a principle, it is if you want privacy, don't volunteer information.

The characteristic resonance given off by the particular make of tin foil in your TFH should worry you more.

When you can reliably identify my location by tin-foil resonance I'll start worrying!

In reply to a post by john2007:

Not relevant to you (as you are retired).

But someone posting from work and home could well be uniquely identified.

If you know enough about someone to be able to equate their home and work addresses you probably doin't need to be doing TDR-alike comparisons to triangulate their location.

In reply to a post by john2007:

Not quite the point. Final leg pings (exchange to home) should be consistent.

Shame that on virtually all ISPs this last leg is done over layer 2 or encapsulated in a higher level protocol

On BT Wholesale for example you'll see nothing after the ISP LNS until the client despite there being however many routers and/or ATM switches in between. Same on most LLU, regional aggregation points and layer 2 links to exchange. Only Sky use IP DSLAMs as far as I'm aware.

Yes. If you know someones work and home address you wouldn't need to use additional technology to discover their work or home address.

The TCP timestamp option is another nice easy way of measuring RTT, it can be set by either end of a TCP connection (from memory) and gets "reflected" back with ACKs. So you could measure latency using an <img> tag in a plain HTML page for example. There are plenty of innocent ways to measure something as simple as latency, I'm sure there are some far more creative ones I've not even considered too.

This technology is flawed in any event, it relies on there being similarly configured access networks between the landmarks and the target. DSL has a number of interleave profiles, cable modem also has variable interleave and base latency and neither is a match for a point to point fibre connection.

There's also the assumption of the same optical route to places which may or may not be the case again, looking for the same routers is all well and good but with MPLS networks hiding hops and use of PPP and L2TP along with layer 2 VPLS networks this isn't massively reliable either.

It's interesting but that's as far as it goes imho. Assumes too much to be too useful in many cases.

I'd draw a distinction between volunteering information (visiting a web-site) and being probed (ping).

It is potentially one more datum, one more opportunity to dig out information you may wish to stay private. It worries some people, it doesn't worry others.

In reply to a post by john2007:

It is potentially one more datum, one more opportunity to dig out information you may wish to stay private. It worries some people, it doesn't worry others.

Indeed, I tend to consider myself as not being that interesting so it doesn't bother me particularly, your mileage may vary.

Exactly. My ping times vary from one day to the next. Double, half, double again, quadruple despite taking the same route through the network (and using fast path). I doubt that's a unique case and would render this system of geolocation pretty useless.

In reply to a post by john2007:

When you can reliably identify my location by tin-foil resonance I'll start worrying!

Each batch is marked by a unique combination of trace elements and logged on a central database. A bit like Smartwater.

In reply to a post by Btcc22:

Exactly. My ping times vary from one day to the next. Double, half, double again, quadruple despite taking the same route through the network (and using fast path). I doubt that's a unique case and would render this system of geolocation pretty useless.

add to that the varying routing involved. eg. someone further away from london than me can have better pings to london simply because their routing is more direct. Take these examples of my last few isp's. to bbc.co.uk.

BTw on fast path, varied from about 17ms up to about 30ms.
ukonline llu fast path, usually 9-10ms occasionally would increase a bit by a few ms.
xilo fast path, over 20ms.
VM cable, has been as low as 11ms, but they have a habit of routing me via leeds which bumps it to 16-17ms.

I'm puzzled by this whole discussion.

I read the linked article early on, and homed in on two things it says.

These organisations often host their websites on servers kept on their premises, meaning the servers' IP addresses are tied to their physical location.

... a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometres.

Wang and colleagues then send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through.

To me the first quote means they are only trying to locate website hosting machines, and re the second I can't find out what a Google Maps Landmark Server is as googling it gives pages of links to the article and I got bored.

I doubt if the assumption in the first quote is true in this country except in a very few cases, and the rest of us are pretty immune anyway as has been well covered.