[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISP customer assignments

Subject: ISP customer assignments
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
Date: Mon, 05 Oct 2009 18:35:09 -0400
In-reply-to: Your message of "Mon, 05 Oct 2009 16:13:37 CDT." <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Mon, 05 Oct 2009 16:13:37 CDT, Dan White said:

> a publicly routeable stateless auto configured address is no less
> secure than a publicly routeable address assigned by DHCP. Security is, and
> should be, handled by other means.

The problem is user tracking and privacy.

RFC4941's problem statement:

Addresses generated using stateless address autoconfiguration
[ADDRCONF] contain an embedded interface identifier, which remains
constant over time. Anytime a fixed identifier is used in multiple
contexts, it becomes possible to correlate seemingly unrelated
activity using this identifier.

The correlation can be performed by

o An attacker who is in the path between the node in question and
the peer(s) to which it is communicating, and who can view the
IPv6 addresses present in the datagrams.

o An attacker who can access the communication logs of the peers
with which the node has communicated.

Since the identifier is embedded within the IPv6 address, which is a
fundamental requirement of communication, it cannot be easily hidden.
This document proposes a solution to this issue by generating
interface identifiers that vary over time.

Note that an attacker, who is on path, may be able to perform
significant correlation based on

o The payload contents of the packets on the wire

o The characteristics of the packets such as packet size and timing

Use of temporary addresses will not prevent such payload-based
correlation.
(end quote)

Or phrased differently - if I DCHP my laptop in a Starbuck's, on Comcast, at
work, at a hotel, and a few other places, you'll get a whole raft of answers
which will be very hard to cross-corrolate. But if all those places did
IPv6 autoconfig, the correlation would be easy, because my address would
always end in 215:c5ff:fec8:334e - and no other users should have those
last 64 bits.

Amazingly enough, some people think making it too easy to Big-Brother you
is a security issue...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20091005/3564061b/attachment.bin>

Follow-Ups:
- ISP customer assignments
  - From: dwhite at olp.net (Dan White)
- ISP customer assignments
  - From: trejrco at gmail.com (TJ)

References:
- ISP customer assignments
  - From: bjohnson at drtel.com (Brian Johnson)
- ISP customer assignments
  - From: herrin-nanog at dirtside.com (William Herrin)
- ISP customer assignments
  - From: bjohnson at drtel.com (Brian Johnson)
- ISP customer assignments
  - From: herrin-nanog at dirtside.com (William Herrin)
- ISP customer assignments
  - From: jfbeam at gmail.com (Ricky Beam)
- ISP customer assignments
  - From: dwhite at olp.net (Dan White)

Prev by Date: ISP customer assignments
Next by Date: ISP customer assignments
Previous by thread: ISP customer assignments
Next by thread: ISP customer assignments
Index(es):
- Date
- Thread