Re: IPv6 Interview Questions and critic
However IPv6 has many privacy issues. IPv6 address space uses an ID (indentifier) derived from your hardware or phone. "That allows your packets to be traced back to your PC or cell-phone" said <censored>. <censored> fears abuse as a hardware ID wired into the ipv6 protocol can be used to determine the manufacturer, make and model number, and value of the hardware equipment being used by the end user.
...uhm, and? What is the real difference with a IPv4 address and privacy? You can tell as much (more or less) with a port scan to a IPv4 address...and someone will always track the "ID" (I guess that is what I call IP address). If we are talking about the EUI64, that will disclose the vendor but hardly the make and model number.... - kurtis -
On Tue, 27 Aug 2002, Kurtis Lindqvist wrote:
<censored> fears abuse as a hardware ID wired into the ipv6 protocol can be used to determine the manufacturer, make and model number, and value of the hardware equipment being used by the end user.
...uhm, and? What is the real difference with a IPv4 address and privacy?
The difference is that someone using a dynamic IP address is still recognizable by the lower 64 bits of their dynamic address because this part is always the same. (But cookies do the same thing.)
You can tell as much (more or less) with a port scan to a IPv4 address...
How can I recognize someone by doing a portscan?
On Tue, 27 Aug 2002 23:33:40 +0200, Iljitsch van Beijnum said:
How can I recognize someone by doing a portscan?
http://www.insecure.org/nmap It slices, it dices, it makes julienne fries. (I'm assuming you mean in the same sense as "you can identify a machine's vendor based on the EUI-64..." - neither a portscan or a MAC address will tell you who's machine it is, as far as I know (although doing an nmap to find ports that will tell you who it is... hmm... ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
On Tue, 27 Aug 2002 17:48:24 EDT, Valdis.Kletnieks@vt.edu said:
(I'm assuming you mean in the same sense as "you can identify a machine's vendor based on the EUI-64..." - neither a portscan or a MAC address will tell you who's machine it is, as far as I know (although doing an nmap to find ports that will tell you who it is... hmm... ;)
And yes, I realized after I hit send that a MAC address can be correlated to "the same guy as last time" or "different guy", although other means still need to be used to identify *who* "the same guy" is.... ;)
How can I recognize someone by doing a portscan?
It slices, it dices, it makes julienne fries.
(I'm assuming you mean in the same sense as "you can identify a machine's vendor based on the EUI-64..." - neither a portscan or a MAC address will tell you who's machine it is, as far as I know (although doing an nmap to find ports that will tell you who it is... hmm... ;)
I am inclined to agree. I am pretty sure I will find out more about the user with a portscan than I will by knowing the type of his NIC... - kurtis -
On Tuesday, August 27, 2002, at 05:33 PM, Iljitsch van Beijnum wrote:
On Tue, 27 Aug 2002, Kurtis Lindqvist wrote:
<censored> fears abuse as a hardware ID wired into the ipv6 protocol can be used to determine the manufacturer, make and model number, and value of the hardware equipment being used by the end user.
...uhm, and? What is the real difference with a IPv4 address and privacy?
The difference is that someone using a dynamic IP address is still recognizable by the lower 64 bits of their dynamic address because this part is always the same. (But cookies do the same thing.)
What is interesting is that people can identify a EUI-64 unicast address no matter where you are. For example, i use my laptop at work and at home (assuming I had an ipv6 connection at home). I could be identified as the same computer, without using cookies, since my base 64 address would be the same, despite the network prefix.
What is interesting is that people can identify a EUI-64 unicast address no matter where you are. For example, i use my laptop at work and at home (assuming I had an ipv6 connection at home). I could be identified as the same computer, without using cookies, since my base 64 address would be the same, despite the network prefix.
What I as external viewer could determine would that you where a computer that moved. From the frequency I could probably tell that you where a laptop. I would not tell me what would be home or work, and it would not say who you actually where. - kurtis -
Kurtis Lindqvist wrote:
What is interesting is that people can identify a EUI-64 unicast address no matter where you are. For example, i use my laptop at work and at home (assuming I had an ipv6 connection at home). I could be identified as the same computer, without using cookies, since my base 64 address would be the same, despite the network prefix.
What I as external viewer could determine would that you where a computer that moved. From the frequency I could probably tell that you where a laptop. I would not tell me what would be home or work, and it would not say who you actually where.
You could determine this right now using a cookie and traceroute. And traceroute _could_ tell if you're at home or work (does your path lead into an ISP or a corporation?) and depending on the corporation, might yield enough information to do some simple human engineering and find out who you are as well. A traceroute may also indicate what part of the country you're in. Most ISP's group routers geographically and have somewhat descriptive names. So by looking at the trace, you can usually determine the state, and sometimes town, where the connection is coming from. (This isn't completely accurate, of course...) I don't see the advertisement of a Mac address to be any more or less secure than what we've got right now. Especially since most people do not disable cookies (since a lot of popular web sites don't work without them.) -- David
participants (5)
-
David Charlap
-
Iljitsch van Beijnum
-
Kurtis Lindqvist
-
Peter John Hill
-
Valdis.Kletnieks@vt.edu