7

Me and a colleague are having an argument whether or not the SaaS application we use is hosted in the US or in the EU.

  • The contract says EU.
  • Various traceroutes (example from home below) say US.

In the example below, the lookup of both 4.59.145.42 and the end 199.15.. say they're located in the US. Web based traces from Argentina and Hong Kong also go to the US backbone.

I am inclined to believe the traceroute, but I want to be sure. Is there ANY way that this server can be located in the EU?

 1  fritz.box (192.168.*.*)  3.030 ms  2.583 ms  1.234 ms
 2  lo0.dr13.d12.xs4all.net (194.109.5.212)  18.564 ms  141.379 ms  17.804 ms
 3  1323.ae3.xr3.3d12.xs4all.net (194.109.7.141)  16.790 ms  134.837 ms 16.450 ms
 4  0.ae2.xr4.1d12.xs4all.net (194.109.5.82)  15.918 ms  138.149 ms  156.167 ms
 5  asd2-rou-1043.nl.eurorings.net (134.222.93.144)  15.998 ms  138.796 ms  130.165 ms
 6  ae9.edge3.amsterdam1.level3.net (213.244.164.205)  17.495 ms  136.072 ms  17.150 ms
 7  * * *
 8  4.59.145.42 (4.59.145.42)  101.048 ms  100.554 ms  99.881 ms
 9  199.15.*.* (199.15.*.*)  103.954 ms  103.741 ms  103.530 ms
Von Lion
  • 123
  • 6
  • Proxy perhaps... – Ƭᴇcʜιᴇ007 Jan 14 '16 at 23:10
  • 1
    Technically, it could be located literally anywhere, regardless of what `TRACEROUTE` says. All you can know for sure is where the path from the Internet ends. Once it's on a company's private network (Intranet), you probably won't be able to glean additional information from the trace. As a practical matter, it's _probably_ at or near the physical location where the trace ends. – BillP3rd Jan 14 '16 at 23:22
  • As in, they could have an internal network from San Fran to the Europe server and back.. That makes sense in a way, but it would be a pretty brain dead setup right? – Von Lion Jan 14 '16 at 23:23
  • What lookup are you doing for `4.59.145.42` that shows it as being in the US? I mean the entire `4.0.0.0/8` is owned by level3 which is a US company, but their network goes almost everywhere. What every GeoIP database you are looking at, could be out of date? – Zoredache Jan 15 '16 at 00:06
  • 1
    @Zoredache, I got it on http://ip-lookup.net, but yeah, they just show the owner. What gave it away for me was that all the traceroutes generally took an (apparent, you never know for sure) intercontinental hop over to the USA. – Von Lion Jan 15 '16 at 00:15
  • Is there a bigger issue to the Q of where the server is? Laws in different locations? If a company that operates out of the EU, but has a server located in the US, would it be subject to only EU laws, or US, or both? – Xen2050 Jan 22 '16 at 02:58
  • @Xen2050 Long and boring story I'm afraid, not technical at least :) – Von Lion Jan 22 '16 at 17:00

3 Answers3

10

You can never be sure when it comes to traceroute results. But there is hope for your special case.

The contract says the servers are in the EU. There is a test you can execute which, if successful, would give you 100% guarantee that they are lying. (if unsuccessful, they might be telling the truth, or they might be lying)

The idea is to use something like ping to measure the response time. Since you are using SaaS, it might not be enough to just ping the server. Maybe you want to have something where the software responds.

Now comes the tricky part.

You need to execute this ping from a machine which is located in the US. You need to be sure that this machine is in the US!

If you get a ping which is lower than 50ms, then you can be 100% sure the server is not in the EU. If you get a ping lower than 120ms, the server is likely not in the EU.

But why? The answer is: physics. The distance between US and Europe is so long that a signal traveling at the speed of light through fiber would need ~25ms for the trip (see WolframAlpha). Since ping measures two trips (host-server-host), a ping from the US to Europe needs at least 50ms.

But it gets better: the fastest cable between the two continents has ~60ms delay. So a ping below 120 indicates that the server is probably in the US.

masgo
  • 2,194
  • 1
  • 16
  • 32
  • 1
    Great suggestion, I found a nifty little website called (wait for it) super-ping.com and they have interesting results: America Ping Averages 36ms; Europe Ping Averages 93.7ms. Pretty conclusive, minimum ping from NYC is 7.2 ms.. Can't argue with Einstein :) – Von Lion Jan 15 '16 at 00:13
  • 1
    `So a ping below 120 indicates that the server is probably in the US.` If you are initiating your ping FROM the US. If you were starting your trace/ping from the Netherlands like the above trace would indicate, then a lower ping would not indicate the US. – Zoredache Jan 15 '16 at 00:14
  • 2
    yes, thats why it is important to ping from the US. If you ping from Europe and get a high ping you know nothing. If you ping from Europe and get a low ping it might still be North Africa, Russia, Turkey, etc. – masgo Jan 15 '16 at 00:21
  • The super-ping.com website is interesting. What makes me curious is the NY server. I get an 84 ping to a server located in germany (~1.5ms away from DE-CIX in Frankfurt). So either their server is not in NY but somehow closer to Europe, or the 60ms cable is not the fastest there is. – masgo Jan 15 '16 at 00:25
  • I think the NYC one is actually in the UK, it's owned by VooServers LTD - "UK Dedicated Servers & Kent Colocation" :-D – Von Lion Jan 15 '16 at 00:30
  • Overall the America's ping significantly lower than the EU ones though (two with <25ms latency), so I think Einstein is still safe – Von Lion Jan 15 '16 at 00:31
  • I want to earn the bounty for that question. Do you need more information? – masgo Jan 20 '16 at 09:07
  • I am satisfied with the physics approach, but I'm afraid it's a bit difficult to use in a discussion with lay people :-) I hope someone knows of a tool called locate-this-damn-server.com that will authoritatively show the country – Von Lion Jan 20 '16 at 13:24
  • This answer is self-contradictory. You can't be 100% certain with ping and not certain with traceroute since ping is a subset of traceroute. – qasdfdsaq Jan 20 '16 at 16:00
  • @masgo: 84ms from NY to DE-CIX is perfectly normal. It doesn't support your claim at all. Also the 60ms cable *isn't* the fastest there is, but that's beside the point. The 60ms is **round trip time** not one way. – qasdfdsaq Jan 20 '16 at 16:40
  • 1
    @VonLion: Wrong: https://www.vooservers.com/dedicated-servers/ – qasdfdsaq Jan 20 '16 at 16:41
2

As BillP3rd mentioned in his comment, "Technically, it could be located literally anywhere, regardless of what TRACEROUTE says. All you can know for sure is where the path from the Internet ends."

Now for the most part we only care where the path from the internet ends because that's where your traffic is going. However it's not a 100% guarantee the physical data is stored there, but at the very least does confirm the location of the server you are connecting to.

Since you've hidden the actual destination IP address, we cannot pinpoint it. But it is most certainly in the U.S..

Evidence supporting this (none of these should be conclusive on their own):

  • The entire 199.0.0.0/8 block is an ARIN block. Source: ARIN
  • Based on traceroute data 4.59.145.42 is in the U.S. East coast NYC area. Source: Your traceroute (And mine)
  • Based on routing data all IP blocks in the 199.15.x.x range are situated in the U.S. Source: HE.net LG
  • Based on your traceroute the destination IP is within ~3ms of 4.59.145.42 Source: Your traceroute
Community
  • 1
qasdfdsaq
  • 6,621
  • 1
  • 26
  • 37
1

There is no definitive way to prove where a server is hosted, short of hacking the connection to the source computer (which i highly DON'T recommend).

Hiding your IP Address is something that even most teenagers have learned to do to skirt security. The company COULD be using a security software that obscures their actual IP (for protection against would-be cyber-criminals), they could be using a proxy, or any number of other possibilities.

The easiest way to find out for sure is to call up a service rep, show them the proof, and see what they say. Then, you can win the bet with your friend, as internal conspiracies are void when it comes to bets, so whatever the company says should suffice :)

darkflux
  • 61
  • 4