Involuntary Geolocation To Within One Kilometer 207
Schneier's blog tips an article about research into geolocation that can track down a computer's location from its IP address to within 690 meters on average without voluntary disclosure from the target. Quoting:
"The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometers. Wang and colleagues then send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through. When a landmark machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time difference narrows the search down further. 'We shrink the size of the area where the target potentially is,' explains Wang. Finally, they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target."
implications (Score:3)
I don't know about your internet, but mine involves alternative routes to a particular physical location. Not just because that's how the Internet works, but because there are competing providers. And there are all sorts of things which delay, from WiFi to pipe congestion to intentional prioritisation to the OS having something more interesting to do.
Although I should have stopped reading at "time it takes to send a data packet to the target" - really? How does one measure precisely this?
Re: (Score:3, Funny)
Re: (Score:3)
My internet is just a series of tubes, so all you need to do is measure the distance the hamster travels in the tube. Simple.
My internet is also a series of tubes, but I think mine use compressed air to send messages around...so I think you must have "dial-up" and I must have that "high speed broadband".
Re: (Score:3)
Re: (Score:2)
my sex partner is just a series of tubes. coincidentally, a hamster is also involved
Re: (Score:2)
Hamsters? I want my internet upgraded to Hamsters. All I got were worms.
Re: (Score:2)
Re:implications (Score:4, Informative)
It's easier than that. Just figure out how much energy a hamster consumes walking a mile in the tubes. Weigh them when you send them out, and weigh them again when they come back.
Re: (Score:2)
it's reporter-speak for a ping
you could do this on a webpage with some fairly innocuous javascript that keeps track of timestamps and reports back
and yes, if you have alternate routes, this method fails. except that describes only 0.1% of internet users. for your average bloke with a cable modem opening a webpage with a speck of seemingly harmless javascript, this method should work fairly reliably
Re: (Score:2)
Bingo. I see a lot of people already going "BUT BUT THIS DOESNT WORK WHEN (insert edge case here).
Even if this is 70%~ reliable at most, it would still be a marketing gold mine, where the accuracy is very low to begin with and relies heavily on loose estimation.
Re: (Score:2)
70%? I wouldn't even gamble on it being reliable information outside of it's use as a ping. 1 Kilometer can be a small range or a huge range depending on population density and whether urban vs rural.
Re: (Score:2)
you have a speck of javascript on a webpage that opens an XMLHTTPRequest (AJAX) and sends a series of overlapping timestamps. you could have a couple dozen samples in the time it takes you to read this comment, average them out on the server side, include some more sophisticated methods taking into other extraneous measurements like traffic estimates for time of day and general location, type of modem/ internet provider, etc, and get a genuinely reliable lock for any average web user sitting on any average
Re: (Score:3)
If it increases marketing responses by even 0.1%, you know it will be standard on every single web ad served up in three years.
Re: (Score:2)
If it is to send an ad for a local pizza delivery service, 1km is close enough wherever you are.
Re: (Score:2)
Mod parent up. This might not be so useful for getting driving directions to the house the cute girl you're stalking lives at, but this could still be used for many other purposes like local advertising and other demographic data mining.
Re: (Score:2)
I think that's why they said they could get the IP within 690 meters on average.
You have to figure in that Google does plenty of data mining. Consider what they know about so many users. They know the name, address, phone number, and a bunch of demographics on a lot of users.
Consider if Person A was to be located by Google. He comes from a particular subnet on a large ISP. They already know that recently active users on that subnet give a physical/mailing add
Re: (Score:2)
it's a given google pretty much knows more about the average bloke than the average bloke knows about himself
but this research demonstrates a way anyone can piggy back on google's servers and get that info for themselves as well, which ups the creep factor considerably
furthermore, with triangulation of servers, and a bunch of pings over time, i bet you could refine the results considerably, down to one location
it's one thing for google, some advertiser, or the feds to be able to locate you by ip. its anothe
Re: (Score:3)
You know, I totally misread the article the first time around, and saw it as saying that it was a Google project.
Triangulation doesn't really do much for you. You have to consider the routes used. I ran a side project at one job for a while, which mapped routes between our own points. Well, there is a full description here. [jwsmythe.com] In doing this, we had traceroutes run about once every 5 minutes.
I had more detailed reporting that wasn't shown in the portfolio.
Re: (Score:2)
My ISP is 100 miles from where I am ... and I am not on wireless ... ..oh you appear not to be anywhere near right ...
Re:implications (Score:5, Interesting)
There was that story a while back about some physicists figuring out that they couldn't send email more than 500 miles [ibiblio.org].
Back on topic, I'll bet VPNs throw wrenches in their methods.
Re: (Score:2)
Re: (Score:2)
Similarly, by looking at my ping times, it's possible to show that I am no more than six thousand kilometers from my ISP. I'm not sure that's good enough to find my street.
Re: (Score:2)
You seem to be under the impression that they're simply taking the speed of light and dividing by the delay to get distance. That is, of course, not what they are doing at all.
Re: (Score:2)
Re: (Score:2)
Yeah, but in practice depending on where you live and how your ISP is set up, you'll probably find the address allocated to your cable modem is fairly static, or at least consistently within a range. I just don't think that if you're in a fairly major center this isn't already fairly well established.
Fairly consis
Re: (Score:2)
You do a packet capture on one end, and a packet capture on the other.
Ping is not needed.
how accurate? (Score:2)
Re: (Score:2)
ICMP isn't significantly buffered (although all packets are buffered to some extent) and the law of large numbers suggests that the cable length issue will be the same for all possible paths given enough hops and enough paths, so will simply fall out of the equation given enough directions. You couldn't use triangulation on two paths, but the errors caused by such variation should fall off (albeit asymptotically to some minimum error - which seems to be 1 Km) as the paths increases.
My guess is that, in prac
Re: (Score:2)
There haven't been competing providers for a VERY long time. Not in any serious sense. Most of the Internet is one gigantic spanning tree with no redundant connections anywhere. Because of a design flaw in the BGP4+ protocol, alternative routes can also cause router flaps.
As for your other points, use Pathchar or PChar some time. It reports to you not only the time it takes to bounce packets but the pipe congestion at each link as well. You also want to look up "Internet Weather", which reports the overall
Re: (Score:2)
It's basically triangulation with TCP or ICMP packets. It's not based on a single measurement from a single location. Let's say Google (Because they like to play where is waldo with their customers) has 100 datacenters. They measure a couple of times the time it takes from each datacenter over routers with known locations and average delays to your ISP's IP you connect from. They just keep drawing circles and the area that overlaps the most times is most likely the area you're in. Given that you or the rout
Re: (Score:2)
No. What does ping actually measure?
Re: (Score:2)
Total round-trip time
Ping isn't a measurement in a single direction
Re: (Score:2)
Re: (Score:2)
No, because along with a simple ping, one would employ some sort of traceroute that would record the routers that a particular route used. So, if I traceroute to you once and see the routers that were used, then trace again, get the same routers, but a different round trip time, I would just assume that you are trying to fool me or your network interface is very busy.
Re: (Score:3)
.. Or that one or more of the routers in the path are doing something more important than sending Time Exceeded messages, or that something big and bursty hit one of the pipes, or that the message yielded to higher priority traffic, or any of the many other things that introduce unpredictable delay across the Internet.
The entire premise is fairly absurd in that, aside from the obvious shortcomings, it completely ignores that A) delay doesn't indicate direction, and B) most ISP access services reach at least
Re: (Score:2)
Re: (Score:2)
So if you introduce some random delay in responding to pings
Then they just have to ping you enough times and the random delay will average out.
or don't reply to them at all
It doesn't necessarily have to be a ping. Any connection would work as long as you could time how long it took between sending the packet and getting a response. That said, putting a condom over your ethernet plug would probably protect you quite well.
By introducing delay into your reply, could you fake your position to somewhere completely different?
You'd probably have to know the locations of the servers you were being pinged from and introduce specific delays to make it look like you were farther from the ones closest to
Re: (Score:2)
The best you can do is make it appear you are further away than you really are.
Of course that actually depends on this technique working which does sound very unlikely.
Re: (Score:3)
The best you can do is make it appear you are further away than you really are.
That's all you need to do. Your network's latency will already make you look farther away than you really are, so the triangulation will have to ignore it.
If your average ping is 50 ms to LA and 12 ms to NYC, you're probably closer to NYC.
If you're on a connection with high latency and your ping is 500 ms to LA and 120 ms to NYC, you're still probably closer to NYC.
So if your real ping is 50 ms to LA and 12 ms to NYC, by delaying long enough before sending responses to servers in NYC it'll appear that you'r
Re: (Score:2)
Not if you're doing it correctly. For example, in the example I used before, suppose you're actually in Chicago and the ping times are 50 ms to LA and 12 ms to NYC. You want to look like you're in Las Vegas, and you want the ping times to look like 120 ms to LA and 500 to NYC, so you'd delay an extra 70 ms when you get pinged from LA and an extra 488 ms when you get pinged from NYC. Then suppose they try pinging you from Denver, and your real ping time to Denver is 25 ms. Vegas is closer to LA than to Denve
Re: (Score:2)
This isn't about law enforcement finding somebody. Obviously if they want to find somebody they can. This is about marketers and trend researchers finding out where their visitors are coming from. It's about demographics and advertising.
Re: (Score:2)
I'll end up looking further away than you think whatever happens.
I'm not worried about how far away you seem to appear, I'm worried about the relative distances you appear to be from points A, B, and C. Given that larger distances cause larger average delays, I can triangulate your location. It doesn't matter if there's a constant added to the delay somewhere, as long as it's always the same constant after I've averaged out enough samples.
And I'll leave alone the bit about adding a negative delay...
Re: (Score:2)
Please tell me of this magic you have that introduces negative delay in my connection. :)
Re: (Score:2)
It measures the time to send a packet to the target and get a reply back.
While I could see this technique working in some cases there are several factors that work against it.
One is jitter, afaict you can't directly measure the time from a router to the target. You can only measure the time from yourself to the router and from yourself to the target. A subtraction should yeild the difference BUT only if the time from you to the router is stable.
Things are further complicated by the fact that afaict you can
Re: (Score:2)
If it was only ping, they'd probably locate my half way to the moon.
The joy's of multiple P2P connections on ping....
Oh! and Geo-location puts me in a different country than i actually am ^_^
Re: (Score:2)
IPv6 (Score:2)
Will the same technique work for IPv6?
Re: (Score:2)
Re: (Score:2)
I'm haven't done a whole lot of reading on IPv6, so I was just curious whether the increased address space leads to any difference in how routing is done. It seems that with a unique public addresses and no NAT there would be more direct routes that could be taken, which would potentially mean more routers with the same address in their routing tables, which would mean more targets to check. Then, depending on congestion along various paths, one landmark may *seem* like the closest when in fact it simply
Re: (Score:2)
Real (not from a tunnel broker) IPv6 is hierarchical. This means that the first half of the address will give you a rough geolocation, and you can use landmark servers with the same prefix to go from.
The technique should work just fine.
Re: (Score:2)
IPv6 creates an interesting problem, as it is fundamental to the protocol that you can transition from one ISP to another without loss of any connections and without having to use a packet forwarder. This means that under some circumstances a more accurate picture can be built with enough data (since you have to be on the border of the two ISPs) but equally it means that for the same amount of data the calculation will be less accurate because routing assumptions won't hold up. You're no longer comparing li
Re: (Score:2)
No, it won't work for IPv6, since the speed of light is so much faster with v6.
Well, there goes my identity. (Score:2)
Used to be, on the Internet, no one knows you're a dog.
I've been playing a lawyer for a long time, but I guess it's better to disclose before being found out. You heard it here first.
Distance not the only source of latency (Score:3)
How do they expect to tell the difference between latency due to distance and latency due to protocols, encoding, etc.? For example, a local T1 might have round-trip latency in the 3-4ms range, while a DSL to the same location might be 10ms (in fast mode, even higher for interleaved). A dialup connection will be much higher, while a metro-ethernet might be less than 1ms. All those times also assume no congestion along the path.
Since the speed of a signal in single-mode fiber is about .6 c, each 1ms difference in round-trip latency gives a 90km margin of error.
Re: (Score:3)
Further, the best accuracy you can obtain with DSL, for example, is the radius of area served by a particular station. The DSL latency times per kilometer are in the dozens of microseconds, so it would not be possible to resolve distances within a DSL service area just by millisecond ping times. In my rural area they push DSL out at least 3 miles. So even if you consider "average" as half of that radius, that gives an accuracy of 2,400 meters. I think they claim to narrow that down by the fact that DSL
Re: (Score:2)
Well, sort of. Your ISP knows it, as does your PC/phone. Most wireless routers broadcast a BSSID including the MAC address of the wireless access point. Your phone/computer etc can then see the MAC address of the device it's connected to as well as those of other networks in the vicinity.
You're correct this doesn't traverse the IP layer normally. However, google offer a geolocation API. In using
Re: (Score:2)
The amount of latency inherent in your connection wouldn't matter, so long as it was fairly consistent. As long as a route of longer distance consistently returned longer ping times than a route of shorter distance, it could be inferred that you're closer to the server which can ping you quicker.
Re: (Score:2)
Bruce Schneier is almost certainly a lot smarter than anyone posting on this page so it would be foolish to simply dismiss anything he says out of hand. OF COURSE all the subtle nuances of their work won't fit into a Slashdot summary. Don't you think it's likely that they did some testing and determined that their results had X accuracy Y percent of the time before they published their findings? This isn't just two morons BSing in a coffee shop saying "Hey, I bet we could..." and then publishing a blog post
Location steganography (Score:3)
Seems like this would be easy to counteract (although at the kernel hack level). All you would have to do is introduce a 30-50 msec time variable delay into all new packet sends (i.e., ICMP responses, first packet of a TCP session, etc.).
In fact, if you encrypt everything, you may get these sorts of delays "for free."
Also, this will not work well if you are using encrypted tunnels or VPNs to access the web. Your delay then is (tunnel delay) + (tunnel end point to attacker delay) + (encryption delays), so you seem a good deal further away than you really are.
Re: (Score:2)
The problem with this is that you are further away from *everywhere*. That is, you are further away from all landmarks equally. For all intents and purposes, then, you are saying you are "straight down" from where you really are. Even then, you are only affecting the last leg of the route. You only have limited control over who you directly connect to, and that would seem to provide the maximum bound over which you have control. Of course, if you have a single link to the outside world through your da
Re: (Score:2)
Well, if you are going to introduce an arbitrary delay to foil geolocation, it should certainly be a random delay.
However, I think that even a constant delay (or a tunnel) would still work pretty well.
Suppose I am using a tunnel, and the tunnel delay is 20 msec, and the tunnel end point is in Boston. Now, they can certainly find out that the lowest latency is for a probe from Boston, and so Boston is "closer" to me than LA or Seattle or Washington. But, they cannot be sure that this means that
- I am in Bost
Re: (Score:2)
So ? You can already assume that I am on the planet. If I increase the search area to 200 msec, you won't be able to be much more precise than that. I don't see how a geolocation to "Earth" is doing you any good.
Marco Polo (Score:2)
I wonder how many they had already kicked back when they came up with their idea?
Don't get me wrong--it's cool tech, but I continue to be amazed by how so many "new" technologies simply mimic things that already exist in other parts of life. Kudos to the researchers. I think I'd rather spend time at the lake.
Similiar Technique used 20 years ago (Score:5, Interesting)
Re: (Score:2)
I don't believe there are currently any onion routers on the moon and... tor connections typically have plenty of latency, no need to add a lunar round trip anywhere in the circuits.
Re: (Score:2)
I missed your point until I was watching the Nova documentary that discussed the subject.
1. The person used Kermit to transfer his data and Cliff Stoll measured the packet delay.
2. His initial data for the latency was 3 seconds and he used this delay to calculate that the individual was somewhere on the moon.
http://www.youtube.com/watch?v=v1swbLfrP6g [youtube.com]
Re: (Score:3)
Clifford Stoll is the author (https://secure.wikimedia.org/wikipedia/en/wiki/Clifford_Stoll), and that was my first thought too.
And he's on Slashdot occasionally, too:
http://slashdot.org/~Cliff+Stoll [slashdot.org]
Re: (Score:3)
If you are just now hearing about Cliff Stoll, get off my lawn!
But not before I tell you about these investment opportunities in blocked Nigerian accounts !
i see 2 points cropping up in the comments: (Score:5, Interesting)
1.. "my connection is too weird/ unique/ confabulated/ etc..."
yes, but you are 1% of internet users. the average bloke on a cable modem is reliably caught with this method
2. "there is traffic/ no way to ping/ etc..."
you have a speck of javascript on a webpage that keeps track of timestamps, opens an AJAX XMLHTTPRequest and pings alot, and the server averages things out. voila: you could get 60 samples in the time it takes you to read this comment, and therefore a good lock on your location
INCOMING...
Re: (Score:2)
the average bloke on a cable modem is reliably caught with this method
Well, the average bloke is narrowed down to 1km, that's still a good 50-100 residential properties, and no way for the "attacker" to know which, so this attack on it's own doesn't do much. This coupled with perhaps someone's surname and a telephone book, might get a hit for a malicious attacker, but a lot of folks don't list in telephone books anymore. Ahh.. who knows. It might be useful for something. :)
Re: (Score:2)
the average bloke is narrowed down to 1km, that's still a good 50-100 residential properties, and no way for the "attacker" to know which, so this attack on it's own doesn't do much
It'd be plenty good for showing him ads for restaurants and stores that he'd probably drive past on a regular basis, though.
Re: (Score:2)
i think you could do better than that by triangulating with different servers and averaging out over time
i think law enforcement/ counterterrorism/ etc. could make good use of this methodology. yeah, those guys could just subpoena the ip address, but in time sensitive issues, this is a pretty neat trick
heck, your average stalker weirdo with access to a number of servers in different farms/ colos either because of his job or just because he's a very committed stalker weirdo could do this
you could triangulate (Score:2)
Same-Origin-Policy enforcement in the AJAX means means the javascript can't hook out to other servers... unless you control 3 or 7 or 37 different servers in different farms/ colos under the same domain name. the distant servers couldn't receive the info, but you could have each server fire in cycle, and have one receiving server take the timestamps in. so with a heavy rotation of pings over a brief period of time, and a bunch of different servers to triangulate ping times over time, and some extraneous inf
Re: (Score:3)
How does this get +5, Interesting?
How far do you think that this "average bloke" on a cable modem is from his CMTS? How far in any other arbitrary direction do you think that another "average bloke" with a CM in the same addressing pool is from the same CMTS?
Re: (Score:2)
say i control a number of servers under the same domain, and i use a simple script to run many pings quickly. can't i correct for errors and refine the technique researched here and resolve you apart from your neighbor?
Re: (Score:3)
No. Not realistically possible even with a single CMTS feeding a single neighborhood.
Completely impossible is telling your location apart from another customer on the same CMTS, in the same addressing pool, topologically located as far from the CMTS as you are, but in the opposite direction. Unless your electrons carry a compass.
Re: (Score:2)
ok, thanks, that's useful. i understand what a ring is. so you can narrow it down to 2 possibilities then? i mean a ping time is a ping time, right?
Re: (Score:2)
What you can narrow it down to, if you're conducting your delay measurements from an external network, is that the IP address /might/ be leased to a CM that's somewhere within a radius of 20 miles from the CMTS. Then you need to figure out where the CMTS is.
This kind of accuracy is already being achieved by regular location databases.
Re: (Score:2)
why doesn't the ping supply info about location past the CMTS? assuming you could lock someone down to a particular CMTS, you could infer what portion of that ping time is due to travel beyond the CMTS to the CM, no? i understand one ping isn't reliable. but if you were talking about a scheme where you were bouncing off a number of servers and averaging out over say, 60-120 pings, with extraneous traffic, time of day, and internet provider recon mixed in, you could have reliable data, no?
but you are correct
Re: (Score:2)
Ping certainly could provide information about /delay/ past the CMTS, assuming that the delay between the source system and the CMTS is constant and predictable, but you cannot know where the target CM is located past the CMTS merely by examining delay from an external source. One interface on a CMTS can provide service to hundreds of homes, many miles apart, so you have absolutely no way of knowing whether two CMs to which the measured delay is identical are in neighboring houses, or equally far from the C
Re: (Score:2)
alright, you schooled me, thanks
i assumed that it's just a ring past a CMTS, so you have 2 options, rather than 1. however, you are telling me the topology past a CMTS is more variable. additionally, the most useful piece of info you tell me is that if a neighbor starts downloading a movie, or the other neighbor starts playing WoW, variances in ping time become completely meaningless from one day to another, one hour to another, or even one second to another
got it, case closed, this method is useless
It may just find your ISP (Score:2)
All the location based adverts I see in the UK (mainly "hot girls in are waiting for you", but I digress...) seem to centre on the location of my ISP's data centre.
The only routers visible to the outside world will be upstream of my ISP. Latency might tell someone how far I am from them +/- the distance from my ISP, but last time I looked my ISP blocked ping anyway.
I would imagine this would apply to the majority of UK DSL users.
Re: (Score:2)
Indeed. They'd be cold by the time you got there.
Bad Internet Connections FTW (Score:2)
Good luck, boys, my cable modem is two miles from the house.
Re: (Score:2)
Being able to find your repeater is as good as finding you... Now if you have multiple hops with directionals only on your side then it could take them a minute...
Re: (Score:2)
Yeah, I'm almost 20 devices, 4 houses, and multiple VDSL/802.11 conversions away from the Internet connection. One of the VDSL lines is buried and goes over a ridge.
But, really, I'd give up any anonymity that provides for a cable or DSL line to the house - doing tech support for your neighborhood after an ice storm sucks.
so where is the demo? (Score:2)
I want to try this out and see how they do. Every other geoplocation service I have tried puts me miles from where I am at. I take that back infosniper.com may have gotten it exactly right. They only show the town but the marker was right one my office.
Re: (Score:2)
Try infosniper.com it was only a few hundred meters off.
Won't work if the ISP PoP isn't nearby (Score:2)
I have DSL. My ISP's closest PoP is over 500KM away in a Toronto (I'm in Montreal). My PPPoE session is carried over an L2TP tunnel; my first hop is 500KM away. This is actually a very common scenario for anyone in Ontario or Quebec, since that's how all DSL in the region works. If you're on Bell Canada, your PoP is probably in the same city, but if you're using a wholesaler, it's probably not. Because the lowest possible latency to me is in Toronto, that's where this technique would see me.
As such, it'd be
Network Topology (Score:2)
Note that it is not enough that there is a "landmark" router physically near you, it also has to be near you from a network topology sense. It doesn't help geolocation much if the museum next door has a landmark router if the peering point between your networks is 1000 km away.
Now, if you are in a city on a major ISP, this is likely not to be problem. If, on the other hand, you are out in the country, then there is unlikely to be a landmark router near, and if there is one, it is quite possibly on a differe
So, with ICMP responses blocked... (Score:2)
... and sitting behind the mystical, seven anonymous proxies, the method is useless to find anyone actually smart enough to properly operate a computer.
I suppose it'll be helpful to find the average user who's playing at cyberstalking or sending threatening emails.
Without using Visual Basic? (Score:2)
Color me skeptical.
heck i was going for the cheap shot
Ha ha, joke's on you! (Score:2)
Hogan's Heros (Score:2)
Sounds like he is using ICMP (Score:2)
Ok, so he is using ping. Who in their right mind still allows their computer to respond to ICMP requests?
Re: (Score:2)
A server you know the location of.
If you know the spacial location of example.com, and the route to example.net is the same except for the last couple of very short hops, you can guess they're quite close.
Re: (Score:2)
It isn't example.com you need though.
it is the gateway servers of a given city, combined with the internal routers of what ever the local ISP is.
a traceroute to my home on Time warner shows all packets route first through NY city, then Syracuse , NY and then to my home city with at least 2 different gateways inbetween.
The trick is the first gateway is located in my home city and the second isn't. so you really can't narrow it down on ping time times as 1 ms can be several dozen kilometers apart.
Re:Google Landmark Server? (Score:5, Funny)
What is a Google Landmark Server?
Always on the lookout for more places to put their server farms, Google has a deal with the National Park Service to rent out unused space in national landmarks. For example, the Washington Monument is hundreds of feet tall, but it has almost no windows. It would be a waste not to fill up the lower floors with server racks. The same goes for other buildings that have no other practical function, such as the Lincoln Memorial and Grant's Tomb.
Unfortunately however, unless a deal is reached within the next few hours, all those servers will probably have to go offline tonight at midnight.
Re: (Score:2)
Plus at least with O2 3G connections are behind ISP level NAT.
Re: (Score:2)
...I connect to the internet with a 15 km fibre optic cable.
In the middle of the LHC Token Ring, eh?