METHOD AND APPARATUS FOR DYNAMIC DETECTION OF GEO-LOCATION OBFUSCATION IN CLIENT-SERVER CONNECTIONS THROUGH AN IP TUNNEL
First Claim
1. A method for dynamically detecting geo-location obfuscation of a client connection to a server, the method comprising:
- evaluating, based on a maximum segment size (MSS) parameter of a packet of a client connection to the server, whether the connection is made via tunneling;
estimating a risk of geo-location obfuscation associated with the client connection to the server, based on a latency analysis of the connection when the evaluation indicates the connection is made via tunneling; and
providing a risk assessment, according to the evaluation based on MSS of whether the connection is made via tunneling and the estimation of risk based on the latency analysis, of whether the client connection to the server is made via tunneling so as to obfuscate the geo-location of a client making the client connection to the server.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed for dynamic detection of fraudulent client connections to a server, in which, for example, the connection is made using an internet protocol (IP) tunneling technology such as networking on a virtual private network (VPN) and making the connection via a VPN tunnel in order to obfuscate the client IP address, in which a user of a client device may employ spoofing of IP-geo location mechanisms and IP classification on the server side. Such a user may have various motivations for obfuscating the client device'"'"'s geo-location by using an IP tunnel when connecting to a server such as gaining access to services that are not allowed in certain locations (e.g., certain movie and television content providers); browsing server data while maintaining a higher level of anonymity; and performing fraudulent actions on the server.
26 Citations
20 Claims
-
1. A method for dynamically detecting geo-location obfuscation of a client connection to a server, the method comprising:
-
evaluating, based on a maximum segment size (MSS) parameter of a packet of a client connection to the server, whether the connection is made via tunneling; estimating a risk of geo-location obfuscation associated with the client connection to the server, based on a latency analysis of the connection when the evaluation indicates the connection is made via tunneling; and providing a risk assessment, according to the evaluation based on MSS of whether the connection is made via tunneling and the estimation of risk based on the latency analysis, of whether the client connection to the server is made via tunneling so as to obfuscate the geo-location of a client making the client connection to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
a server processor; and a data storage device including a non-transitory computer-readable medium having computer readable code for instructing the processor that, when executed by the server processor, causes the server processor to perform operations comprising; evaluating, based on a maximum segment size (MSS) parameter of a packet of a client connection to the server processor, whether the client connection is made via tunneling; terminating the client connection in response to the evaluation based on MSS indicating the client connection is made via tunneling. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable medium comprising instructions which, in response to execution by a computer system, cause the computer system to:
-
estimate a risk of geo-location obfuscation associated with a client connection to a server, based on a latency analysis of the client connection; and terminate the client connection in response to the risk estimation indicating the client connection is made via tunneling so as to obfuscate the geo-location of a client making the client connection to the server. - View Dependent Claims (19, 20)
-
Specification