On 24 May 2013, at 10:31, Fernando Gont <[email protected]> wrote:
> On 05/22/2013 03:34 AM, Dave Thaler wrote: >>> I attend an IETF meeting, and learn the IID of your laptop. Then I can >>> actively >>> probe your node regarding "Is David at the office?" "Is David at home?", >>> etc.... simply because your IID is known and constant. >> >> Since you're making this personal... please explain how you can probe >> whether >> I'm at the office or at home, both of which are behind firewalls (so won't >> respond >> to arbitrary probes) and have address prefixes you don't know to begin with. > > As noted, this wasn't meant to be personal -- it was just meant to be an > example. > > Now, given the example under discussion: > > I could learn your IID when we both attend the IETF meeting. And I could > learn your prefixes when you post to mailing-lists from such places. > Then I could use Prefix|IID to track you. Or you can sometimes get the user's IID in their home network via email headers, e.g. Received: from login.ecs.soton.ac.uk (login.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::22]) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id r4OBbV6x027652 (version=TLSv1/SSLv3 ... Well, that's not a great example, but that information is available to anyone on a mail list you post to, though not usually in web archives of the same list. > The fact that you use a firewall is mostly irrelevant. I'd bet your > firewall still reponds to some packets (e.g., packets with unsupported > options?). And, if that were not the case, I could rely on the > ICMPv6 "address resolution failed" error messages sent by your local > router (i.e., if I receive one of such messages, you're not there. If I > don't, you are). > > I've seen similar discussions for different kinds of IDs in the past, > and every time someone pushed a flawed/sub-optimal approach, they got > bitten. Moral of the story: don't leak more than necessary to achieve > your desired goal, or you'll be bitten. Indeed. Which is why I was keen to see the "harvesting" methods also in the reconnaissance draft. Tim -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
