2016-Oct-09
Disclosed is a technology that enables effective GeoIP blocking techniques to protect complex data transactions.

An issue with existing GeoIP blocking technology is that current methods (i.e., blocking solely based on IP range assigned to a specific region or country), are easily circumvented by cheaply (and/or freely) available virtual private network (VPN) services which can provide an Internet protocol (IP) address within the range of a desired country. For example, a malicious user located in one country can leverage VPN service providers in another country to obtain the second country's IP address to facilitate access to sensitive resources (both corporate resources and public filters). Existing technology allows this flow.

One prior art method to address this determines the location (via different methods, usually ping route-trip calculations) of IP addresses. It does not attempt to create intelligence or detect IP spoofing. It would be able to determine the approximate geo-location of a VPN server; however, there is no logic to ascertain whether that is a valid location for the stream.

The proposed solution recognizes that this flow (despite having a country's IP address) has a high likelihood of being sourced outside of that country based on the round-trip time.

The novel technology enables effective GeoIP blocking techniques. While it would not protect against simplified traffic streams (which an intermediary host can proxy), complex transactions, especially those involving data transfers (exfiltration) would be effectively prevented.

The application of this invention could be handled in many way...