It is just ping data. We ping an IP address, get the RTT, draw a radius on the globe, and say that the IP could be anywhere inside that radius. Then we do another ping and draw another radius, and at the cross-section of the two radii could be your IP address. Now, if we do it enough times, we can get an estimate of where the IP address is located.
The data is not derived from the IP address itself, but rather from the process itself. And it's just a ping. Moreover, the majority of the IP addresses are not pingable. So, we rely on other in house statistical and scientific models to estimate the location. The probe infrastructure is extremely complicated and there are billions and billions of IP addresses, which is why we do not have a robust range filter mechanism.
Doesn't actually help at all because the BGP announced prefix of your IP can still be tracerouted. You won't be physically far from it.
Say if your ISP announces 125.15.18.0/17 and you're in 125.15.29.145, a traceroute will still yield a pretty good approximation of where you're at. The last hop ping is really quite immaterial here.
It is just ping data. We ping an IP address, get the RTT, draw a radius on the globe, and say that the IP could be anywhere inside that radius. Then we do another ping and draw another radius, and at the cross-section of the two radii could be your IP address. Now, if we do it enough times, we can get an estimate of where the IP address is located.
The data is not derived from the IP address itself, but rather from the process itself. And it's just a ping. Moreover, the majority of the IP addresses are not pingable. So, we rely on other in house statistical and scientific models to estimate the location. The probe infrastructure is extremely complicated and there are billions and billions of IP addresses, which is why we do not have a robust range filter mechanism.
You can implement a dynamic ping blocking mechanism or use our data to find hosting ASNs and block ranges of those ASNs. You can download the database for free: https://ipinfo.io/developers/ip-to-country-asn-database
http://shouldiblockicmp.com/
(But the guy running the probes is making a good counter argument)
This breaks PMTU and is the source of many mystery download stalls
This doesn't help. Even if you apply this at your router, you are locatable up to your ISP. Which is generally close enough.
Maybe if you delay pings by some amount (20ms? 100ms?), or randomize the delay, you can do a lot better at masking location.
Indeed. Openwrt for some reason defaults to reply to pings. I see the value of ICMP for servers, but I don't see the value for home ISP routers.
I disabled ICMP reply on my home router.
> Openwrt for some reason defaults to reply to pings.
it's a bit like greeting-back ppl on the street.
not doing it will not make you invisible. it will break somebody's assumption of decency, but most ppl don't care either way.
> I disabled ICMP reply on my home router.
Doesn't actually help at all because the BGP announced prefix of your IP can still be tracerouted. You won't be physically far from it.
Say if your ISP announces 125.15.18.0/17 and you're in 125.15.29.145, a traceroute will still yield a pretty good approximation of where you're at. The last hop ping is really quite immaterial here.
This isn't helpful. The comment was specifically asking about the probes, not ICMP traffic.
Anybody can do this same thing, if you're worried about this, you probably don't want inbound ICMP.
5 replies →