IP Addresses Sniffing

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

J

jaybird

Guest
I guess the answer to my question will be a simple NO, but I thought I would ask just in case.
Has anyone found a way of preventing websites (eg. Google, Amazon, Microsoft, etc.) from sniffing visitor IP Addresses?
My situation is that I use ExpressVPN and have a specific requirement to exit the tunnel in Ireland. The Express VPN Dublin server normally has an IP address = 185.192.16.3 and checking many of the IP Lookup services on the internet claim this address is located in Montreal, Quebec.
Consequently, when I try to log into my accounts with the above mentioned companies they block my account erroneously claiming someone in Canada is trying to steal my identity and I then have to jump through hoops to get my account unblocked.
No doubt there will be answers here to say "Talk to ExpressVPN", which is what I have done at least 10 times, but I would get more useful help just talking to a brick wall. I would change to another provider, if I could be sure that would resolve the issue.
Regards Jay
 

Attachments

  • Exvpn1.png
    Exvpn1.png
    93.2 KB · Views: 323
I don't think ExpressVPN will be able to change anthying on their side.

Matching IP addresses to a location is mostly up to the destination service having a database to lookup. Such databases are not based on the actual real time dynamic location of IP addresses, but rather a manually constructed lookup table, gathered from static information about where each pool of public IPv4 addresses were assigned to. Initially, it was possible to presume a certain range of IPs would always come from a specific place in a specific country. But over the years, as IPv4 became a scarce resource, the rules of IP distribution were thrown out the window, and these lookup tables are now mostly outdated and not very unreliable.

One option you might have is to ask your service provider which IP ranges are allowed into their network, and try to find a Express VPN exit node that matches one of those. Another is to negotiate with them a request to allow a few more IP ranges from locations where Express VPN nodes are located.

In any case, I doubt a serious service provider would consider allowing 3rd party VPNs into their networks. The anonymity itself is a security risk. So, it is very possible you are being blocked on purpose.

The better choice would be for them to host their own VPN you could use from anywhere. As a last resource, they could allow a specific public IP range from your Internet provider. Or, if you have a static IP, include that in their whitelist.
 
  • Like
Reactions: hyperbole
Yes, I guess Google, Amazon, Microsoft, etc. have accumulated some pretty worthless. outdated and unreliable databases over the years, but what would they know about this strange new thing called the internet ;)
My ISP has absolutely nothing to do with this blocking. My reference to a "Service Provider" meant ExpressVPN as my VPN Service Provider.
The problem could be resolved if ExpressVPN changed their Dublin server IP to something that Google, Amazon, Microsoft, etc. could all sniff and identify as being in The Republic of Ireland.
 
Heck! I rented my own web server for many years and no "sniffer" ever once failed to identify it's REAL location. Not that I ever had any need to hide it.
Jay
 
IP address are virtual... they have no physicality. They're also rare, and so they get bought and sold (in small blocks) on occasion. It's possible the problem IP address was used in another location some time in the past. Perhaps you need a different VPN supplier which will surely have different IP addresses.
 
Ah! So if the DNS system is defunct, what has replaced it and how does Google.com resolve to 172.217.3.196 ?
No doubt I need another VPN supplier, but as I said in my original post "I would change to another provider, if I could be sure that would resolve the issue".
However, none of this answers my original question, which I must conclude is a definite "NO".
 
if the DNS system is defunct
Wut?! IP addresses are the output of DNS. DNS maps a name, like "www. foobar .com" (spaces added to stop link creation) to the correct IP address for that domain. IP addresses are manually assigned by server admins and then they put the IP address into the DNS system so people don't have to look up a website by IP address.
 
However, none of this answers my original question, which I must conclude is a definite "NO".
Web servers MUST know the source IP address so they can send the reply. When you use a VPN, the apparent source address will not be your real IP address, but it is the one that the web server must use to send the reply back to the requesting device.

Your problem is that there is no definite correlation between an IP address and a physical location. IP address ranges are owned by corporations, and these corporations may be based in country x, but there is no requirement that any individual IP address within that range is also based in the same country. A multi-national corporation may chose to have a range of IP addresses, and that all traffic is routed in to their own data centre in a particular country, from which point they connect to branch offices worldwide over their own private circuits.
 
I have been fully conversant with everything you say since the 1980s. Now think about the claims made by most VPN providers that their customers can have "Internet without borders: Access any content, no matter your location. Say goodbye to geoblocks." (That is a verbatim quote from a promo on the ExpresssVPN home page).

If <Q> there is no definite correlation between an IP address and a physical location.</Q>, then why do corporations (eg. Google, Amazon, Microsoft) rely so heavily on it as a means of "protecting" customers and blocking access to geolocation restricted content?
If for example you have a Google account and a VPN provider, login to Google from New York, log out, then switch to Sydney and login to Google again and see the "Panic Mode" message Google sends you. Try accessing BBC iPlayer via any of the 4 ExpressVPN London based servers and see the rejection notice the BBC sends back to you.

So, at the end of all this, the answer to my original question is still "NO".
 
why do corporations (eg. Google, Amazon, Microsoft) rely so heavily on it as a means of "protecting" customers and blocking access to geolocation restricted content?
Quite simply because they are contractually obligated to do so (for IP rights, or other contractual terms) and they have no other way to do so. They are, as they say, making lemonade out of lemons.
 
So there IS a definite correlation between an IP address and a physical location, otherwise these corporations would not be able to employ geolocation sniffing with such accuracy.

Nevertheless, the answer to my original question is still "NO".
 
When an IP address is configured for a server, then that physical server has a physical location, and some databases will manage to commingle the two when it technically is not guaranteed that a software construct has any locality in the physical world. That IP address could later be re-configured into a server in another location. This is what you originally asked about, and it does occasionally happen... with the results that the database now had a wrong location for something that it shouldn't be trying to locate in the first place. You asked why some companies do this, and that is because they have nothing better to offer when they have signed agreements saying that they will geo-block content... something defective is presumably better than nothing at all.

As for how to allow your IP address to not be known to a server, there is only one way... use someone else's IP address. This is what a VPN does for you.

@jaybird it's time to stop being pedantic and move on... accordingly I am closing this thread.