Jump to content
Not connected, Your IP: 54.236.35.159

Recommended Posts

I was talking to a friend of mine who works in tech. He told me that any VPN can be pinged and your location found easily. my question, is it possible to ping your real ip through a VPN?

Share this post


Link to post

Hello!

 

That's a very generic sentence. In general that's not necessarily possible.

 

Just think about our service: OpenVPN works in routing mode, not in bridging mode, and ICMP is a protocol at Internet layer, not a transport layer protocol. So VPN configuration and topology should be analyzed first to avoid potentially wrong or even crazy assumptions.

 

Anyway the scenario seems to assume that the adversary already knows your "real" IP address (we mean the IP address assigned to one of your devices by your ISP) so the discussion shifts to correlation attacks (aimed to show that some activity behind the VPN is indeed YOUR activity) which have been treated over-abundantly in our and other forums.

 

For the purpose of this discussion: 1) make sure to keep Network Lock enabled in our software Eddie and 2) maintain a definite identity separation. In this way you can be confident to defeat even complex correlation attacks.

 

If your friend wants to clarify, he/she is welcome. However, more accuracy is strictly necessary.

 

Kind regards

Share this post


Link to post

Hi,

 

First, an adversary can't use a ping to do this because they'd only be able to ping the VPN server, the IP address the VPN gives you can't be directly reached from the internet. The only way to do this is if the target forwarded a port.

 

Picture this, you're connected to a VPN server in Portugal and the adversary measures the difference of time between the server and you to guess where you are located, using UDP:

NOTE: times aren't supposed to be accurate, it's just to give you an idea.

 

<10 ms: within Portugal

<20 ms Spain

<30 ms: France

<40 ms: Belgium, Switzerland,Luxembourg, etc...

In this case it is quite accurate because of the geographical position of Portugal.

 

Now take the Netherlands

<10 ms: within the Netherlands

<20 ms Belgium, Germany

<30 ms: the UK,France, Luxembourg, Switzerland

<40 ms: most of Europe

Because of the central position of the Netherlands, it'd be very complicated to guess where you are.

 

Basically, it's like counting the seconds between a bolt of lightening and the thunder, it'll only tell the distance but not if it happened in front of/behind you or on the left/right side!

Share this post


Link to post

Let me elaborate more. Suppose you enter a given site through the VPN, I was told that it was possible to ping the exact location even after you left the site. That you could easily reveal the true IP location using a ping trace.

Share this post


Link to post

Hi,

 

First, an adversary can't use a ping to do this because they'd only be able to ping the VPN server, the IP address the VPN gives you can't be directly reached from the internet. The only way to do this is if the target forwarded a port.

 

Picture this, you're connected to a VPN server in Portugal and the adversary measures the difference of time between the server and you to guess where you are located, using UDP:

NOTE: times aren't supposed to be accurate, it's just to give you an idea.

 

<10 ms: within Portugal

<20 ms Spain

<30 ms: France

<40 ms: Belgium, Switzerland,Luxembourg, etc...

In this case it is quite accurate because of the geographical position of Portugal.

 

Now take the Netherlands

<10 ms: within the Netherlands

<20 ms Belgium, Germany

<30 ms: the UK,France, Luxembourg, Switzerland

<40 ms: most of Europe

Because of the central position of the Netherlands, it'd be very complicated to guess where you are.

 

Basically, it's like counting the seconds between a bolt of lightening and the thunder, it'll only tell the distance but not if it happened in front of/behind you or on the left/right side!

 

 

I like you lightning reference very clever.

Share this post


Link to post

Let me elaborate more. Suppose you enter a given site through the VPN, I was told that it was possible to ping the exact location even after you left the site. That you could easily reveal the true IP location using a ping trace.

That sounds more like paranoia!

 

There are 3 ways to find your more or less precise location from a website:

  • compromise the user's device by sending a malicious javascript that'll retrieve some kind of malware (e.g.: malvertising)
  • turn the device's GPS on (but generally your browser will ask you whether you want to allow that action)
  • link (or implement) on the website a service like speedtest.net that'll calculate the "ping" (it isn't an actual ping but it does the same job)

What you describe is closer to the first option IMO. But a VPN isn't meant to be a security solution. For that, use an anti-virus/malware or an ad-blocker (an up-to-date system/browser is also a good idea!)

Share this post


Link to post

 

Let me elaborate more. Suppose you enter a given site through the VPN, I was told that it was possible to ping the exact location even after you left the site. That you could easily reveal the true IP location using a ping trace.

That sounds more like paranoia!

 

There are 3 ways to find your more or less precise location from a website:

  • compromise the user's device by sending a malicious javascript that'll retrieve some kind of malware (e.g.: malvertising)
  • turn the device's GPS on (but generally your browser will ask you whether you want to allow that action)
  • link (or implement) on the website a service like speedtest.net that'll calculate the "ping" (it isn't an actual ping but it does the same job)

What you describe is closer to the first option IMO. But a VPN isn't meant to be a security solution. For that, use an anti-virus/malware or an ad-blocker (an up-to-date system/browser is also a good idea!)

 

 

Not paranoia, was truly interested if it was possible due to a claim from a hacker friend who said he could ping my location in under 5 minutes on a VPN. Thank you all for your responses.

Share this post


Link to post

 

 

Let me elaborate more. Suppose you enter a given site through the VPN, I was told that it was possible to ping the exact location even after you left the site. That you could easily reveal the true IP location using a ping trace.

That sounds more like paranoia!

 

There are 3 ways to find your more or less precise location from a website:

  • compromise the user's device by sending a malicious javascript that'll retrieve some kind of malware (e.g.: malvertising)
  • turn the device's GPS on (but generally your browser will ask you whether you want to allow that action)
  • link (or implement) on the website a service like speedtest.net that'll calculate the "ping" (it isn't an actual ping but it does the same job)
What you describe is closer to the first option IMO. But a VPN isn't meant to be a security solution. For that, use an anti-virus/malware or an ad-blocker (an up-to-date system/browser is also a good idea!)

 

Not paranoia, was truly interested if it was possible due to a claim from a hacker friend who said he could ping my location in under 5 minutes on a VPN. Thank you all for your responses.

So test it. Make the person back up the claim... It's literally the easiest thing to decide if it's true or not. Have them 'pinpoint,' your location while you randomly connect to servers... Should be easy... Right...?

 

Sent from my LG-LS777 using Tapatalk

Share this post


Link to post

 

 

 

Let me elaborate more. Suppose you enter a given site through the VPN, I was told that it was possible to ping the exact location even after you left the site. That you could easily reveal the true IP location using a ping trace.

That sounds more like paranoia!

 

There are 3 ways to find your more or less precise location from a website:

  • compromise the user's device by sending a malicious javascript that'll retrieve some kind of malware (e.g.: malvertising)
  • turn the device's GPS on (but generally your browser will ask you whether you want to allow that action)
  • link (or implement) on the website a service like speedtest.net that'll calculate the "ping" (it isn't an actual ping but it does the same job)
What you describe is closer to the first option IMO. But a VPN isn't meant to be a security solution. For that, use an anti-virus/malware or an ad-blocker (an up-to-date system/browser is also a good idea!)

 

Not paranoia, was truly interested if it was possible due to a claim from a hacker friend who said he could ping my location in under 5 minutes on a VPN. Thank you all for your responses.

So test it. Make the person back up the claim... It's literally the easiest thing to decide if it's true or not. Have them 'pinpoint,' your location while you randomly connect to servers... Should be easy... Right...?

 

You are correct and I did ask him to back it up but he never did, thought I could get some insight here also. thank you everyone for your feedback.

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...