[LAC-TF] Fwd: IPv6 Address Analysis - Privacy In, Transition Out
Julio Cesar Balderrama
juliocesar at balderrama.com.ar
Fri May 17 09:48:17 BRT 2013
Muchas gracias por tu aporte, hay mucho por hacer todavía, esto rcien es
Julio César Balderrama
Sent from a mobile device
On May 17, 2013 12:15 AM, "Fernando Gont" <fgont at si6networks.com> wrote:
> ---- cut here ----
> IPv6 Address Analysis - Privacy In, Transition Out
> Mat Ford
> IPv6 addresses come in a variety of forms. Examining the bit-patterns of
> an IPv6 address can tell us, or give a strong indication, about the way
> that it was generated. In early work on the subject, Dave Malone
> explains, "IPv6 addresses are longer than IPv4 addresses, and are so
> capable of greater expression. Given an IPv6 address, conventions and
> standards allow us to draw conclusions about how IPv6 is being used on
> the node with that address."
> At the recent Internet Engineering Protocol Group (IEPG) meeting in
> Orlando, Florida, Fernando Gont presented his work on Scanning the IPv6
> Internet: theory & practice. The much larger address space of IPv6 makes
> crude brute-force network scans unfeasible. In his presentation Fernando
> talked about the ways in which IPv6 changes the network reconnaissance
> game because of this and he also presented the IPv6 Toolkit suite of
> IPv6 security and troubleshooting tools that he has developed.
> Gont has built on Malone's earlier work by providing a tool (address6)
> to analyse large numbers of IPv6 addresses and classify them into
> various categories depending on whether they appear to be
> auto-generated, randomised privacy addresses, manually configured
> low-byte or IPv4-based addresses and so on. These categories are
> described in more detail in the IETF Operational Security Capabilities
> for IP Network Infrastructure (opsec) Working Group document, "Network
> Reconnaissance in IPv6 Networks."
> Malone's results are presented in Figure 1. As the opsec WG document
> observes, '[Malone's] are the most comprehensive address-measurement
> results that have so far been made publicly available', and, 'evolution
> of IPv6 implementations, changes in the IPv6 address selection policy,
> etc. since [Malone2008] was published might limit (or even obsolete) the
> validity of these results.'
> [Figure 1 - Results from Malone2008]
> Given some webserver logs and Gont's address6 tool it is fairly trivial
> to explore whether the ratios of client address types have in fact
> changed since 2008. Using the last 12 months worth of webserver logs for
> the Internet Society's website, comprising over 50,000 unique IPv6
> addresses, the following results were obtained.
> Less than 2% of connections used the 6to4 transition technology while
> the remainder were native IPv6 connections, a mark of the growing
> maturity of the IPv6 Internet. This result is mirrored in the IPv6
> statistics produced by Google that show that the use of transition
> technology has been declining since 2010 and now less than 1% of users
> that access Google over IPv6 are using a transition technology. It's
> also probably worth noting that we saw no Teredo connections in the period.
> Figure 2 shows a more detailed analysis of the interface identifiers in
> the sample. This is very strikingly different to Malone's results from
> 2008 and clearly shows the impact of changes to IPv6 implementations in
> the intervening period. The vast majority (nearly 70%) of addresses are
> now classified as 'Randomized', while the auto-configured addresses that
> previously comprised 50% of the sample are now less than 8%. IPv4-based
> addresses are still a significant proportion (nearly 14%) and the
> manually-generated 'low-byte' addresses are just over 6%, similar to
> Malone's result.
> [Figure 2 - IPv6 Interface ID analysis]
> These measurement results update the public understanding of IPv6
> address types in use today and show us that randomized interface
> identifiers are far more prevalent than they used to be. It is also
> notable that transition technologies (Teredo and 6to4) are either
> non-existent or very little used on the IPv6 Internet of 2013.
> Acknowledgements: Thanks to Peter Godwin at the Internet Society for
> providing access to the webserver logs necessary for this analysis.
> ---- cut here ----
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> LACTF mailing list
> lactf at lac.ipv6tf.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LACTF