Forged IPv6 addresses: are they a threat to privacy ?

4 respostas [Última entrada]
amenex
Desconectado
Joined: 01/03/2015

Chris started this thread on the subject of locked-in proprietary code in hardware:
http://trisquel.info/en/forum/alternate-proposal-fccs-indirect-ban-free-software-require-release-code

Forty years ago I was bothered by unwanted calls that seemed to be trying to find out when I wasn't at home (which was most of the time, as I was working for a living then). My land-line service provider at that time offered Call Blocking, wherein I could press a code (long forgotten ...) to identify unwanted calls. I tried signing up for that service ... whereupon the unwanted calls stopped ... but I hadn't actually blocked any calls ... and after the passage of some time, the unwanted calls resumed ... but my call-blocking code no longer worked. I asked my service provider and was told that the blocking was dropped because I had not used it. Naturally I lost all trust in that service provider.

Fast forward to the Do-Not-Call list. That's useless because of the forging of telephone numbers in Caller ID and because rogue callers pay no attention to the Do-Not-Call list.

I am now a consultant working out of my house. I cannot afford to leave calls unanswered, as I do not know from whom the next assignment will come. I have to answer the phone, caller ID or not. Most of the calls that come in are from rogues and telemarketers. One rogue, pushing a Windows-repair scam, even recognizes my voice, but continues to call anyway. In 1967 I was in Bogota, Colombia, where the same guy tried to sell me emeralds in three different places on succeeding days in the city. We both laughed when he encountered me the third time.

Every electronic device that I have owned or seen has an IPv6 address unique to that device. If I could block that IPv6 addressed device from my system (phone of computer) then the rogue would be prevented from using that particular unique gadget on me ever again.

"Yeah, yeah" ... you say ... "there are too many IPv6 addresses for this to be practical, because the rogues would just spoof them and never run out." That depends on whether or not spoofing is possible in the hardware code.

Cisco has proposed a method whereby their router tests the source of a particular packet identified by a spurious IPv6 address:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_basic/configuration/xe-3s/ip6b-xe-3s-book/ip6-urpf-xe.html

The authors of the following paper lament (?!) the lack of any open hardware in testing a back-door communications technique:
http://cs-conferences.acadiau.ca/ANT-2011/Proceeding/Alll%20Files/3_ANT_papers_part2/ANT_104_Najafizadeh.pdf

Will the FCC implement a rule wherein the hardwired IPv6 address of hardware cannot be changed or spoofed and must be revealed to the recipient of any FCC-regulated communications ? We support the use of non-proprietary code, but that code should not allow anyone to harass or violate the privacy of us or anyone else. Will open-source firmware enable IPv6 spoofing by a [Wi-Fi] device ?

amenex
Desconectado
Joined: 01/03/2015

Oops. That's "phone or computer" not "phone of computer"

onpon4
Desconectado
Joined: 05/30/2012

As has been said in the other thread, those are MAC addresses, not IPv6 addresses. IP addresses have absolutely nothing to do with hardware.

amenex
Desconectado
Joined: 01/03/2015

OK. I was calling the physical address by the wrong name.

My computer's MAC address can be found with "/sbin/ifconfig" but my concern remains the same: Can this physical address be forged with edited firmware ? Certainly there is a big enough address space for every gizmo in international communications to have a unique identity, and I want to curtail access of the physical devices used by rogue operators to my personal telephone.

Will the FCC require disclosure of a device's physical address as a prerequisite to its use in electronic or wireless communications ?

jxself
Desconectado
Joined: 09/13/2010

"Can this physical address be forged with edited firmware ?"

Sure, but the MAC address doesn't cross network boundaries so someone on the other side of the internet will have no idea what it is.

"Will the FCC require disclosure of a device's physical address as a prerequisite to its use in electronic or wireless communications ?"

Um, this already happens but only on your LAN i.e. your DHCP server knows your MAC address. This is necessary to assign IP addresses and keep track of who is who.

Perhaps you should become more familiar with networking first. :)