IPocalypse | Bach Seat

Tag Archive for IPocalypse

RB | July 17, 2012

IPv6 Compromise Smartphones Users’ Privacy

IPv6 Compromise Smartphones Users' Privacy Now that the IPv4 address pool is depleted and the IPocalypse is at hand, wrinkles are emerging in IPv6. One of the wrinkles is with mobile devices. Most of the cool mobiles devices have been able to handle IPv6 for a while. Apple’s (AAPL) iPhones, iPads, and iPods have been capable of handling IPv6 Since version 4 of the iOS operating system and most Google (GOOG) Android devices have been capable since version 2.1. H Security is reporting that these mobile operating systems send information about their users to the network.

A device on an IPv6 network usually determines half of their address (the “interface identifier”) themselves, but H Security says that smartphones are sloppy with this task. According to the article, smartphones simply add the same two bytes to their globally unique MAC address and use it as their identifier. As a result, they transfer a unique hardware ID whenever they communicate with an IPv6-enabled server.

The basic problem isn’t an IPv6 issue because there are other methods for generating the address. The article says that a device can generate a random interface identifier and replace it on a regular basis. This is called the Privacy Extensions method and is the factory-set option in Windows; it can also be enabled in other operating systems. The article points out that devices running Apple’s iOS or Android offer neither the option to enable Privacy Extensions nor the option to disable IPv6, anyone who uses an affected device on an IPv6-enabled wireless network will send their ID.

The only thing the smartphones are lacking is a control option in the user interface, as the Privacy Extensions do come as part of their kernel. For instance, on a (jailbroken) iOS 4 device with root access, they can be enabled with the same command that enables them on a desktop device running Mac OS X:

sysctl -w net.inet6.ip6.use_tempaddr=1

The blog claims the problem is only affecting a small number of users because IPv6 is not yet in widespread use. However, more ISPs plan to offer IPv6 in addition to the old IPv4 in the future. In addition, there are routers like the Cisco (CSCO) Linksys E3000, which will automatically set up an IPv6 connection via a 6to4 conversion when their internet access is purely IPv4.

The author concludes that the issue is particularly sensitive because such devices tend to be used by one specific person. As a result, the MAC address, which is accessible to any server operator and network monitor, allows this user to be identified.

rb-

If this sounds familiar, it is I wrote about mobile apps uploading UDID’s here.

IPv6 and click fraud (net-security.org)
Windows 8 moves to IPv6 Internet (zdnet.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: AAPL, Android, Apple, GOOG, Google, iPad, iPhone, IPocalypse, iPod, IPv6, Networking

RB | April 30, 2011

Comments Off

IPv4 Address Grey Market Emerges

The UK’s Register reports that depletion of the world’s IPv4 address space is spawning a new development in the Internet address space, IPv4 address trading. According to the Register, German Python developer Martin von Loewis launched a site called Tradipv4.com in March. The site is offering IPv4 addresses for $3 for v4 addresses in American Registry for Internet Numbers (ARIN) and $4 for those in the Asia Pacific Network Information Center (APNIC) region.

IPv4 address trading, however, is still a grey market idea now. FireceTelecom reports that to make sure that unmanaged address transfers don’t compromise network operations or security, the Internet Society (ISOC) said that buyers and sellers should make sure any “transfers be affected per appropriate Regional Internet Registry (RIR) processes.” Citing its own estimate of prices reaching $11 per address, ISOC said, “We strongly urge that such transfers be affected per appropriate RIR processes.” Unmanaged address transfers will undermine network operations, and it could raise security issues since anonymous address spaces can be spoofed according to ISOC.

On their FAQ page, Tradeip4.com says its auctions can cover both the sale and lease of addresses, subject to RIR policies. Some of these policies, the site notes, have grey areas. For example, APNIC policy aims to discourage address transfer by applying what amounts to a 12-month embargo on the originating party receiving new addresses. However, Tradeip4.com dismisses this as irrelevant, since APNIC’s space is exhausted and no new blocks are being assigned according to FierceTelecom. Despite these concerns, Tradeip4.com, maintains that it can sell and lease IPv4 addresses and maintains that it follows RIR policies.

This is not just an SMB issue Microsoft (MSFT), recently bought Nortel’s IPv4 addresses (Which I wrote about here). Craig Labovitz, Chief Scientist for network security vendor Arbor Networks, told FierceTelecom that Nortel’s deal with Microsoft reflects how IPv4 depletion is becoming a more pressing issue, now that IPv4 is a scarce resource.

IPv4 addresses have not been a scarce resource and no one has had to pay more, but what really is starting to change is Microsoft spending money to buy Nortel’s IPv4 address space. For the first time, there’s now a price associated with V4, and one you have a price you start having providers charge for it and start seeing people having a reason to care.

The Register article notes that the Canadian government, via its Industry Canada department, is also against the trade of IPv4 addresses, and it has weighed in on the sale of Nortel’s addresses to Microsoft. In a letter discussed on CircleID, Industry Canada expressed its support for the long-standing position that addresses are not property and therefore cannot be traded.

rb-

I see several problems with the IPv4 grey market. Trading in IPv4 is just another sign of resistance to IPv6. Firms with a global view have to realize that the reallocation of a handful of IPv4 will not make a difference in an IPv6 world. Another issue could be the routability of an IPv4 address originally assigned to APIC and traded on the grey market to RIPE. Right now there is no guarantee that these types of addresses will be recognized. There are also political issues, the Canadian government opposes the IP grey market. Industry Canada has expressed its support for the long-standing position that addresses are not property and therefore cannot be traded.

The ISOC says IPv4 addresses are worth $11.00, MSFT paid $11.25 and ARIN addresses are now (04-30-11) trading $7.00 per IP. on tradeipv4.com so MSFT appears to have overpaid for the Nortel address range. The bigger issue is the change in the nature of an IP address.

What do you think?

Are grey market IPv4 addresses worth it?

Has your firm started its transition to IPv6?

Court Approves Nortel’s Sale of IPv4 Addresses to Microsoft (circleid.com)
Need IPv4 Addresses? Get ’em Here (pcworld.com)

Category: Uncategorized | Tags: 2011, Arbor Networks, ARIN, arpageddon, Asia-Pacific Network Information Centre, Industry Canada, IPocalypse, IPV4, IPv6, Microsoft, MSFT, Nortel, Regional Internet registry

RB | April 17, 2011

Comments Off

Asia out of IPv4 addresses

The Asia Pacific Network Information Center (APNIC) has run out of free IPv4 addresses. APNIC is the first of the Internet’s five regional Internet registries to deplete its free pool of IPv4 address space according to reports from Networks Asia. (I wrote about China’s IPv4 struggles here.)

APNIC’s news is another sign that CIOs and other IT executives need to begin migrating to IPv6.”For anybody who hasn’t figured out that it’s time to do IPv6, this is another wake-up call for them,” Owen DeLong, an IPv6 evangelist at Hurricane Electric and a member of the board of ARIN told Networks Asia. Any CIO who isn’t planning for IPv6 is “driving toward a brick wall and closing your eyes and hoping that it’s going to disappear before you get there,” Mr. DeLong says ignoring IPv6 “is not the best strategy.”

Paul Wilson, Director General of APNIC tells Networks Asia that, if a business is thinking of doing on the Internet, they need to have a plan to transition to IPv6 in place. “If you want to do business with China in the future for example, you will be to be on IPv6 or you won’t be able to reach your customers,” Mr. Wilson said.

The Asia-Pacific region has been gobbling up the most IPv4 address space in recent years; APNIC has apparently distributed more than 32 million IPv4 addresses to network operators in this region in the last two months alone. APNIC has depleted its IPv4 address space “dramatically faster than people expected,” Mr. DeLong says. “My guess is that a lot of operators in the Asia-Pacific region realized the time of IPv4 depletion was drawing near and they rushed to get their applications in.” But countries in the region are doing well with their IPv6 transition plans Mr. Wilson said.

But counties with developing markets also had the advantage where they could leapfrog any potential problems and move straight to greenfield IPv6 infrastructure Wilson said. APNIC is holding 16.7 million IPv4 addresses (a /8 in network engineering terms) in reserve to distribute in tiny allotments of around 1,000 addresses each to new and emerging IPv6-based networks so they can continue to communicate with the largely IPv4-based Internet infrastructure.

“RIPE [the European Internet registry] is going to be the next one to run out. I wouldn’t count on them making it until July[2011],” DeLong says. “I think ARIN (which doles out IPv4 and IPv6 address space to companies operating in North America,) will make it to the end of this year; maybe we’ll run out in October or November[2011].”

Spock – the router is under here

According to Mr. Wilson, the move to IPv6 should be the last we will experience. “We should be afraid of a situation where we exhaust IPv6. If the move from Ipv4 was difficult, the next will be a disaster,” he said.

rb-

The regional Internet registries will have handed out most IPv4 address space by the end of 2011. Lots of organizations need to get on their transition plan. I have noted the need for IPv6 planning here, here, and here.

Related articles:

Asia Pacific IPv4 Exhausted, Becomes First Region Unable to Meet IPv4 Demand

What do you think?

Is IPv6 a real topic in your organization?
Has your organization even formed a team to discuss IPv6 addresses?

Category: Uncategorized | Tags: 2011, APNIC, ARIN, arpageddon, Asia, ASPNIC, China, Hurricane Electric, IPocalypse, IPV4, IPv6, Regional Internet registry

RB | April 4, 2011

Comments Off

IPv4 Address Worth $11.25

IPv4 Address Worth $11.25 Now that the last IPv4 addresses are gone, the Internet numbers are increasing in value. Microsoft is spending $7.5 million for 666,625 IPv4 addresses from Nortel (NRTLQ). As Google (GOOG) and Apple (AAPL) fight over Nortel’s 4G bones (which I noted earlier), DownloadSquad reports that Microsoft (MSFT) jumped all over Nortel’s stash of IPv4 addresses when they became available for purchase through bankruptcy proceedings.

NORTEL Microsoft ponied up $7.5 million for the Nortel pool, which works out to $11.25 per IP address. There were 13 other interested buyers, but only Microsoft and three others actually submitted bids according to DownloadSquad. With the last block of IPv4 addresses already issued (which I wrote about when it happened), snatching up over 666,000 IPv4 addresses in one fell swoop is a smart move by Microsoft.

rb-

Could Ballmer‘s boys be planning a cloud-based IPv6 <–> IPv4 transition service?

Are they trying to jump-start an IPv4 address space underground economy?

As the authors say, we’ll just have to wait and see.

What do you think?

What is Redmond up to?

No IPv6 Doomsday In 2012 (tech.slashdot.org)

Category: Uncategorized | Tags: 2011, Apple, arpageddon, Cloud computing, Google, IPocalypse, IPV4, IPv6, Microsoft, Nortel

RB | January 31, 2011

One comment

The IPocalypse is Nigh

The IPocalypse will cause users with improperly configured computers to experience slowdowns, timeouts, or other connectivity issues when the Internet moves to the IPv6 protocol unless they are ready. To see if you are ready to endure the IPocalypse ghacks point us to IPv6-Test.com. The site has an Open Source script that runs using JavaScript. Just visit the website click and wait until the test has finished. The IPv6 test runs a series of tests including the browser’s IPv4 and IPv6 capabilities, IPv4 and IPv6 connectivity with and without DNS records, and a test that checks if the ISP’s DNS server uses IPv6.

According to ghacks the most important test for users to run is the dual-stack test. There will be a transition period where websites and services can be reached via IPv4 or IPv6. The user’s computer needs to pick one of the protocols and use it for the connection which means that devices that only support IPv4 at this time can still connect to the websites. Connectivity issues occur if this is broken.

Major services and websites will switch to IPv6 for a 24 hour period on World IPv6 day on June 8. Among them are Google, Facebook, and Yahoo. That’s where the dual-stack DNS record support can be tested in a live environment.

This gadget was developed by Takashi Arano, Intec NetCore

What do you think?

Is this really the IPocalypse or just marketing hype?
Have you tested your connection?

Category: Uncategorized | Tags: 2011, arpageddon, Dual stack test, IPocalypse, IPv6, Testing, World IPv6 Day

« Older Entries Recent Entries »

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Bach Seat

Tag Archive for IPocalypse

IPv6 Compromise Smartphones Users’ Privacy

Related articles

IPv4 Address Grey Market Emerges

Related articles

Asia out of IPv4 addresses

IPv4 Address Worth $11.25

Related articles

The IPocalypse is Nigh

What do you think?

Meta