ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!
Joel jaeggli
joelja at bogus.com
Sun Jun 17 17:53:52 UTC 2012
On 6/17/12 10:24 , valdis.kletnieks at vt.edu wrote:
> On Sun, 17 Jun 2012 13:10:59 -0400, Arturo Servin said:
>> Wouldn't BCP38 help?
>
> The mail I'm replying to has as the first Received: line:
>
> Received: from ?IPv6:2800:af:ba30:e8cf:d06f:4881:973a:c68? ([2800:af:ba30:e8cf:d06f:4881:973a:c68]) by mx.google.com with ESMTPS id b8sm25918444anm.4.2012.06.17.10.11.04 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 17 Jun 2012 10:11:06 -0700 (PDT)
> Obviously BCP38 doesn't help, as it's an established TCP connection so it can't be
> spoofed traffic (gotta ACK Google's ISN from the SYN-ACK) - unless Google is silly
> enough to *still* not be doing RFC1948 properly. I mean, Steve Bellovin wrote
> that literally last century. ;)
>
> So - who owns 2800:af:ba30:e8cf:4881:973a:c68? And how does an LEO
> find that info quickly if they need to figure out who to hand a warrant to?
so first of you introduced a typo
2800:af:ba30:e8cf:4881:973a:c68
2800:af:ba30:e8cf:d06f:4881:973a:c68
which like the wrong address in a search warrant can be a problem.
jjaeggli at cXX-XX-XX0> show route table inet6.0
2800:af:ba30:e8cf:4881:973a:c68
^
invalid ip address or hostname: 2800:af:ba30:e8cf:4881:973a:c68 at
'2800:af:ba30:e8cf:4881:973a:c68'
jjaeggli at cXX-XX-XX0> show route table inet6.0
2800:af:ba30:e8cf:d06f:4881:973a:c68
inet6.0: 9674 destinations, 38494 routes (9674 active, 0 holddown, 19088
hidden)
+ = Active Route, - = Last Active, * = Both
2800:a0::/28 *[BGP/170] 1w2d 00:00:21, MED 50, localpref 200, from
2620:102:8004::10
AS path: 7922 12956 6057 I
XXXX-XXXXX:~ jjaeggli$ whois -h whois.lacnic.net
2800:af:ba30:e8cf:d06f:4881:973a:c68
inetnum: 2800:a0::/28
status: allocated
aut-num: N/A
owner: Administracion Nacional de Telecomunicaciones
ownerid: UY-ANTA-LACNIC
responsible: ANTELDATA ANTEL URUGUAY
address: Treinta y Tres, 1418, P.3
address: 11000 - Montevideo -
country: UY
phone: +598 2 9028819 []
owner-c: ANU
tech-c: ANU
abuse-c: ANU
inetrev: 2800:a0::/28
nserver: NS1.ANTELV6.NET.UY
nsstat: 20120615 AA
nslastaa: 20120615
created: 20070115
changed: 20070115
nic-hdl: ANU
person: ANTELDATA ANTEL URUGUAY
e-mail: ipadmin at ANTEL.NET.UY
address: Mercedes, 876, P. 2
address: 11100 - Montevideo -
country: UY
phone: +598 2 9002877 []
created: 20020910
changed: 20111014
scopes it to not being a problem you can solve with policy in the arin
region.
> *THAT* is the problem that needs solving.
>
> (And who *does* own that IP? I admit not knowing. ;)
was trivial enough to find the origin, I have nothing to indicate that
any of that information is wrong.
More information about the NANOG
mailing list