ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!

• Previous message (by thread): ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
• Next message (by thread): ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/17/12 10:24 , valdis.kletnieks at vt.edu wrote:
> On Sun, 17 Jun 2012 13:10:59 -0400, Arturo Servin said:
>> 	Wouldn't BCP38 help?
> 
> The mail I'm replying to has as the first Received: line:
> 
> Received: from ?IPv6:2800:af:ba30:e8cf:d06f:4881:973a:c68?  ([2800:af:ba30:e8cf:d06f:4881:973a:c68]) by mx.google.com with ESMTPS id  b8sm25918444anm.4.2012.06.17.10.11.04 (version=TLSv1/SSLv3 cipher=OTHER);  Sun, 17 Jun 2012 10:11:06 -0700 (PDT)


> Obviously BCP38 doesn't help, as it's an established TCP connection so it can't be
> spoofed traffic (gotta ACK  Google's ISN from the SYN-ACK)  - unless Google is silly
> enough to *still* not be doing RFC1948 properly.  I mean, Steve Bellovin wrote
> that literally last century. ;)
> 
> So - who owns 2800:af:ba30:e8cf:4881:973a:c68?  And how does an LEO
> find that info quickly if they need to figure out who to hand a warrant to?

so first of you introduced a typo

2800:af:ba30:e8cf:4881:973a:c68

2800:af:ba30:e8cf:d06f:4881:973a:c68

which like the wrong address in a search warrant can be a problem.

jjaeggli at cXX-XX-XX0> show route table inet6.0
2800:af:ba30:e8cf:4881:973a:c68
                                              ^
invalid ip address or hostname: 2800:af:ba30:e8cf:4881:973a:c68 at
'2800:af:ba30:e8cf:4881:973a:c68'

jjaeggli at cXX-XX-XX0> show route table inet6.0
2800:af:ba30:e8cf:d06f:4881:973a:c68

inet6.0: 9674 destinations, 38494 routes (9674 active, 0 holddown, 19088
hidden)
+ = Active Route, - = Last Active, * = Both

2800:a0::/28       *[BGP/170] 1w2d 00:00:21, MED 50, localpref 200, from
2620:102:8004::10
                      AS path: 7922 12956 6057 I

XXXX-XXXXX:~ jjaeggli$ whois -h whois.lacnic.net
2800:af:ba30:e8cf:d06f:4881:973a:c68


inetnum:     2800:a0::/28
status:      allocated
aut-num:     N/A
owner:       Administracion Nacional de Telecomunicaciones
ownerid:     UY-ANTA-LACNIC
responsible: ANTELDATA ANTEL URUGUAY
address:     Treinta y Tres, 1418, P.3
address:     11000 - Montevideo -
country:     UY
phone:       +598 2 9028819 []
owner-c:     ANU
tech-c:      ANU
abuse-c:     ANU
inetrev:     2800:a0::/28
nserver:     NS1.ANTELV6.NET.UY
nsstat:      20120615 AA
nslastaa:    20120615
created:     20070115
changed:     20070115

nic-hdl:     ANU
person:      ANTELDATA ANTEL URUGUAY
e-mail:      ipadmin at ANTEL.NET.UY
address:     Mercedes, 876, P. 2
address:     11100 - Montevideo -
country:     UY
phone:       +598 2 9002877 []
created:     20020910
changed:     20111014

scopes it to not being a problem you can solve with policy in the arin
region.

> *THAT* is the problem that needs solving.
> 
> (And who *does* own that IP?   I admit not knowing. ;)

was trivial enough to find the origin, I have nothing to indicate that
any of that information is wrong.

• Previous message (by thread): ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
• Next message (by thread): ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]