[tor-dev] Tor and IP2Location LITE

Zack Weinberg zackw at panix.com
Thu Aug 24 01:51:34 UTC 2017


On Wed, Aug 23, 2017 at 9:36 PM, KL Liew <hexasoft at gmail.com> wrote:
>
>> It is possible that this address is used by North Korea, they don't have
>> a massive IP allocation and I would expect that perhaps there are some
>> tunnels, but I can't figure out where MaxMind have got this idea from.
>
> We aware of a small number of IP ranges tunneling to North Korea through
> some specific ISP. However, this IP address is registered by a VPN provider
> which also registered ranges in many other countries. We have no evidence
> that this VPN provider has a server located in those countries reported for
> their VPN service.

Allow me to jump in here and mention that I have done some work on
auditing the locations of VPN servers via active probes (very briefly:
pingtimes to hosts in known locations give upper bounds on the
distances to those hosts), and I suspect I know which VPN provider you
are referring to and their claims are indeed ... let's say
questionable. I'm not yet at liberty to share any more details of my
results, but you may find the software at
https://github.com/zackw/active-geolocator/ of interest.

Applying the same techniques to Tor is something I would be interested
in helping with, though not a personal priority.

zw


More information about the tor-dev mailing list