2

I just thought about how one can locate a server he has administrative privileges on. My "best" idea till now is to ping a huge amount of servers and then measure the latency of the host to these servers and then calculate the hosts location like its done in a triangulation for smartphones by the authorities.

I know this wont be to accurate because routing is complex and not affectable by the host sending the request but shouldnt this give one a pretty good idea of where a host is located over a large period of thime?

Also are there any known implementations of this idea?

davidb
  • 4,285
  • 3
  • 19
  • 31

2 Answers2

6

Given enough measurements so that you can remove variation caused by server load and network congestion, it should be possible to determine the "network location" of a system. I doubt that these measurements are accurate enough to get the geographic location, but they might be at least a start.

Other information you could use are geographical information about IP address (Geo IP), which is unfortunately very imprecise and sometimes completely wrong too (sometimes points to a different country far away). Helpful might also to detect the routers in between two systems using traceroute, i.e. not only the number of hops but which hops are shared between various systems. But and the end it is probably lots of heuristics and lots of results will be wrong.

As an interesting related article see the case of the 500-mile email.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • I vaguely recall a paper on gelocation using ICMP which, in good circumstances, could narrow down an individual consumer router's location to the street. – forest Dec 13 '18 at 02:39
4

No, a server can be twice the distance but have a high speed fiber most of the way. Where one could be located right next door and still connected to a 56k modem and be rerouted around the world before it reaches it's point. I know that can be unlikely. But what you should gain from it is that the gear, network grids, routing, etc will make a big difference in latency. Thus make it highly inaccurate for determining distance.

I would use an IP geolocation API to figure out the possibility of where a server might be and measure the distance from that. You won't get an exact location but you will receive a general enough location more accurate than latency.

If you know the location of every server I would make your own database of locations with their longitude and latitude coordinates. Then you can properly geolocate to get a distance the most accurate way possible.

I don't know exactly what you are doing by "I just thought about how one can locate a server he has administrative privileges on." But I would not use latency or distance as a means of setting up administrative access policies.

Bacon Brad
  • 3,340
  • 19
  • 26