[LAC-TF] Fwd: IPv6 Address Analysis - Privacy In, Transition Out

Julio Cesar Balderrama juliocesar at balderrama.com.ar
Fri May 17 09:48:17 BRT 2013 

Fernando

Muchas gracias por tu aporte,  hay mucho por hacer todavía,  esto rcien es
el comienzo.

Abrazo
Julio César Balderrama
-----
Sent from a mobile device
On May 17, 2013 12:15 AM, "Fernando Gont" <fgont at si6networks.com> wrote:

> FYI.
>
> Fuente:
> <
> http://www.internetsociety.org/blog/2013/05/ipv6-address-analysis-privacy-transition-out
> >
>
> ---- cut here ----
> IPv6 Address Analysis - Privacy In, Transition Out
> Mat Ford
>
> IPv6 addresses come in a variety of forms. Examining the bit-patterns of
> an IPv6 address can tell us, or give a strong indication, about the way
> that it was generated. In early work on the subject, Dave Malone
> explains, "IPv6 addresses are longer than IPv4 addresses, and are so
> capable of greater expression. Given an IPv6 address, conventions and
> standards allow us to draw conclusions about how IPv6 is being used on
> the node with that address."
>
> At the recent Internet Engineering Protocol Group (IEPG) meeting in
> Orlando, Florida, Fernando Gont presented his work on Scanning the IPv6
> Internet: theory & practice. The much larger address space of IPv6 makes
> crude brute-force network scans unfeasible. In his presentation Fernando
> talked about the ways in which IPv6 changes the network reconnaissance
> game because of this and he also presented the IPv6 Toolkit suite of
> IPv6 security and troubleshooting tools that he has developed.
>
> Gont has built on Malone's earlier work by providing a tool (address6)
> to analyse large numbers of IPv6 addresses and classify them into
> various categories depending on whether they appear to be
> auto-generated, randomised privacy addresses, manually configured
> low-byte or IPv4-based addresses and so on. These categories are
> described in more detail in the IETF Operational Security Capabilities
> for IP Network Infrastructure (opsec) Working Group document, "Network
> Reconnaissance in IPv6 Networks."
>
> Malone's results are presented in Figure 1. As the opsec WG document
> observes, '[Malone's] are the most comprehensive address-measurement
> results that have so far been made publicly available', and, 'evolution
> of IPv6 implementations, changes in the IPv6 address selection policy,
> etc. since [Malone2008] was published might limit (or even obsolete) the
> validity of these results.'
>
>
> [Figure 1 - Results from Malone2008]
>
> Given some webserver logs and Gont's address6 tool it is fairly trivial
> to explore whether the ratios of client address types have in fact
> changed since 2008. Using the last 12 months worth of webserver logs for
> the Internet Society's website, comprising over 50,000 unique IPv6
> addresses, the following results were obtained.
>
> Less than 2% of connections used the 6to4 transition technology while
> the remainder were native IPv6 connections, a mark of the growing
> maturity of the IPv6 Internet. This result is mirrored in the IPv6
> statistics produced by Google that show that the use of transition
> technology has been declining since 2010 and now less than 1% of users
> that access Google over IPv6 are using a transition technology. It's
> also probably worth noting that we saw no Teredo connections in the period.
>
> Figure 2 shows a more detailed analysis of the interface identifiers in
> the sample. This is very strikingly different to Malone's results from
> 2008 and clearly shows the impact of changes to IPv6 implementations in
> the intervening period. The vast majority (nearly 70%) of addresses are
> now classified as 'Randomized', while the auto-configured addresses that
> previously comprised 50% of the sample are now less than 8%. IPv4-based
> addresses are still a significant proportion (nearly 14%) and the
> manually-generated 'low-byte' addresses are just over 6%, similar to
> Malone's result.
>
> [Figure 2 - IPv6 Interface ID analysis]
>
> These measurement results update the public understanding of IPv6
> address types in use today and show us that randomized interface
> identifiers are far more prevalent than they used to be. It is also
> notable that transition technologies (Teredo and 6to4) are either
> non-existent or very little used on the IPv6 Internet of 2013.
>
> Acknowledgements: Thanks to Peter Godwin at the Internet Society for
> providing access to the webserver logs necessary for this analysis.
> ---- cut here ----
>
> Saludos,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
> _______________________________________________
> LACTF mailing list
> lactf at lac.ipv6tf.org
> https://mail.lacnic.net/mailman/listinfo/lactf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.lacnic.net/pipermail/lactf/attachments/20130517/85df9582/attachment.html>

More information about the LACTF mailing list