Re: ISP customer assignments

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: ISP customer assignments

From: Valdis.Kletnieks
Date: Mon Oct 05 18:36:19 2009

List-archive: <http://mailman.nanog.org/mailman/nanog>
List-help: <mailto:nanog-request@nanog.org?subject=help>
List-id: North American Network Operators Group <nanog.nanog.org>
List-post: <mailto:nanog@nanog.org>
List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=subscribe>
List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=unsubscribe>

On Mon, 05 Oct 2009 16:13:37 CDT, Dan White said:

> a publicly routeable stateless auto configured address is no less
> secure than a publicly routeable address assigned by DHCP. Security is, and
> should be, handled by other means.

The problem is user tracking and privacy.

RFC4941's problem statement:

   Addresses generated using stateless address autoconfiguration
   [ADDRCONF] contain an embedded interface identifier, which remains
   constant over time.  Anytime a fixed identifier is used in multiple
   contexts, it becomes possible to correlate seemingly unrelated
   activity using this identifier.

   The correlation can be performed by

   o  An attacker who is in the path between the node in question and
      the peer(s) to which it is communicating, and who can view the
      IPv6 addresses present in the datagrams.

   o  An attacker who can access the communication logs of the peers
      with which the node has communicated.

   Since the identifier is embedded within the IPv6 address, which is a
   fundamental requirement of communication, it cannot be easily hidden.
   This document proposes a solution to this issue by generating
   interface identifiers that vary over time.

   Note that an attacker, who is on path, may be able to perform
   significant correlation based on

   o  The payload contents of the packets on the wire

   o  The characteristics of the packets such as packet size and timing

   Use of temporary addresses will not prevent such payload-based
   correlation.
(end quote)

Or phrased differently - if I DCHP my laptop in a Starbuck's, on Comcast, at
work, at a hotel, and a few other places, you'll get a whole raft of answers
which will be very hard to cross-corrolate.  But if all those places did
IPv6 autoconfig, the correlation would be easy, because my address would
always end in 215:c5ff:fec8:334e - and no other users should have those
last 64 bits.

Amazingly enough, some people think making it too easy to Big-Brother you
is a security issue...

Attachment: pgp00018.pgp
Description: PGP signature

Follow-Ups:
- RE: ISP customer assignments TJ
- Re: ISP customer assignments Dan White

References:
- ISP customer assignments Brian Johnson
- Re: ISP customer assignments William Herrin
- RE: ISP customer assignments Brian Johnson
- Re: ISP customer assignments William Herrin
- Re: ISP customer assignments Ricky Beam
- Re: ISP customer assignments Dan White

Prev by Date: Re: ISP customer assignments
Next by Date: Re: ISP customer assignments
Date Index
Thread Index
Author Index
Historical