Article discussion: Switch Your Network To IPv6

[Chaz1]

So, my question is how does this affect privacy, tracking, and TOR/proxy use?
Since it's globally unique, I assume it's easier to track and trace back to individual users, even if you do have 18.4 quintillion available addresses, your router will only have 1, easy enough to track down to an individual's doorstep. Besides, from what I've seen, many devices that are setup for IPV6 use the MAC address in the address, making it easier to identify the device and tie to the user. Additional speed is great, less privacy from big brother is not so great.

 

[System Error Message]

Mac addresses can be spoofed but more importantly a lot of devices dont handle ipv6 well.

Additional speed is relative, there are a lot of factors in place.

both ipv6 and ipv4 are quite similar in the basic workings of networks, they are both addresses, just one has a longer address. You can still use NAT, firewall, and all the stuff even VPN or proxies with it, even static routes. Even right now you can trace an ipv4 address the same way to the router. There really isnt any privacy, the question is who do you prefer seeing you, some random guy on TOR or your ISP and the feds. By trying to hide you are just making yourself seem suspicious. Are you worried the feds will catch on to your weird activities?

You can also see devices behind a NAT, there are quite a number of papers on it and so far NAT detection by ISPs are actually much better. I hate it when people say just increment TTL because true NAT detection surpasses that. My ISP blocks devices behind a NAT but i will get around it soon once i figure out what detection techniques they use and how NAT works on the deep.

The question shouldnt be who can see what you're doing but rather who can access you. If you are on TOR network for example others on TOR can also see you if they use the same nodes or even routes or networks exposing yourself to random people who may be able to hack your network. Proxy servers or even TOR for example will be able to see what you do and what you send if you used them. Protection starts from the user, not the machine it uses. The only difference is that TOR network is another LAN so you're more anonymous but it makes no difference in tracking while your internet IP is registered by the ISP. Traffic to and from TOR still passes through your public IP.

 

[microchip]

if you go for stateless IPv6, you should always use SLAAC with security extensions enabled. Not perfect, but better than nothing

 

[Chaz1]

Privacy should be respected, that shouldn't need explanation.

I'm not sure whether the MAC address pulled for IPv6 is directly from the hardware or not, although I was fully aware it could be spoofed. I don't have weird activities as far I can tell, other than desiring privacy and trying to avoid getting hacked, having my financial information and/or identity stolen, having my search results skewed, being spammed by unscrupulous corporations and individuals, etc. I don't like to go to the bathroom without closing the door and I think that those who don't like privacy are the ones with "weird activities." Gentlemen don't read each other's mail.

IP addresses have been shown to not be an indication of an individual's identity, but as far as I know, MAC addresses haven't been used (yet) to identify someone in court. I have seen plenty of DHCP assignments change all 4 quads of an IP address, only to have someone else assigned the old address. The hardware MAC remains the same.

 

[System Error Message]

When you use another network or proxy like TOR that network becomes the middle man in comparison to just using your own connection. This means that if there is a rogue server in the middle they can just steal your financial information. A lot of people have the wrong idea about ads being targetive. The companies in the ad want to make money so they try to show their ad to people who would want their stuff rather than just random. If you want to prevent targeted ads than just simply not have your information online and make sure your information isnt sent to 3rd parties. Any info you place on a website can be used regardless of whether you use a proxy or not. The ip address is only used to identify what country you are browsing from so clustered services can direct you to their best server instead of taking the long route.

The only reason to use a proxy or VPN is if you want to encrypt data but contrary to a lot of beliefs you dont need a service like TOR. Between 2 ends only 1 of them needs a VPN/proxy server with encryption so anyone that connects to them can exchange information securely. private VPNs are better than public ones like TOR which lets other users in the same network see what you are up to.

If you dont use a proxy server you will be able to see if there is some rogue server in the middle because a proxy server is always a man in the middle but there could be other servers along the connection and it would be hard to tell.

 

[Cino]

Since your brought up TWC.. Many of their new modem/router combo (within the last year or 2) do support IPv6 and have it enabled by default. I've been using TWC IPv6 for over a year now with no issues.

If you require more then 1 IPv6 network, TWC honors a /56. I currently have 3 setup at home: LAN, Guest, KidsNet.. Overkill but it works for me.

 

[sinshiva]

Some IPv6 observations from a 6rd user

First, usually devices will connect to the outside from one of the SLAAC generated temp addresses while the static address is the IP you'd host services on.

with dhcp, you can have the router delegate reduced suffixes so your mac address is never used as a static address, via dnsmasq; ie. my router is set to hand out static addresses in the range of ::0 - ::FF

a nice thing about the massive IP ranges is that random scans are completely impractical. I rarely drop a packet on the IPv6 side.

minor observation: routers do weird things when they get their wan prefix; some will use the same IP of prefix::1 (as in, host number 1) for both the wan interface and the bridge whereas other routers (asus) will actually use prefix::0 (as in, host IP 0) for the wan interface and ::1 for the bridge. this seems like the logical way to do things. On a tomato router, I ended up using a script to replace prefix::1 with prefix:: on the wan interface (6rd) just because prefix:: is more aesthetically appealing xD

(I am using CenturyLink 6rd, which hands out dynamic /56 by default)

[edit/] depending on the device, you may need to manually enable the anonymous temp addresses; http://blog.superuser.com/2011/02/1...nclude-your-mac-address-heres-how-to-stop-it/

 

[dreid]

Cino -

You wrote "TWC honors a /56."

What specifically did you do to get the /56?

Thanks in advance for your answer.

 

[sfx2000]

Doug - this is a great set of articles and well written.

At some point, are you thinking about Tunnel Providers and how to setup and use IPv6 for those who might want to experiment a bit and their operator hasn't yet deployed ipV6 (Cox HSI, that means you).

sfx

 

[sfx2000]

Doug - this is a great set of articles and well written.

At some point, are you thinking about Tunnel Providers and how to setup and use IPv6 for those who might want to experiment a bit and their operator hasn't yet deployed ipV6 (Cox HSI, that means you).

Cox HSI hasn't officially announced IPv6 for residential customers, but they are running trials in certain markets...

So getting closer...