Re: [Int-area] [Captive-portals] [homenet] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 29 September 2020 18:41 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 988CC3A1043; Tue, 29 Sep 2020 11:41:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mT516XJ7vEq8; Tue, 29 Sep 2020 11:41:26 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E4C83A103D; Tue, 29 Sep 2020 11:41:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 9C3CD389D4; Tue, 29 Sep 2020 14:46:18 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id lcHtrGGy5jTJ; Tue, 29 Sep 2020 14:46:18 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1D261389D3; Tue, 29 Sep 2020 14:46:18 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 64C0150C; Tue, 29 Sep 2020 14:41:24 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brian Dickson <brian.peter.dickson@gmail.com>
cc: "int-area@ietf.org" <int-area@ietf.org>, "captive-portals@ietf.org" <captive-portals@ietf.org>, "homenet@ietf.org" <homenet@ietf.org>
In-Reply-To: <CAH1iCip7UBe+FR-Cz+sP6SdS11NUQC9gV_s=99yO0tjcvCcX6A@mail.gmail.com>
References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <D81695FF-973F-472D-BC0A-9B0F57278B21@comcast.com> <ca575a6b-987e-d998-2713-91e45190f5ea@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <af0451b1-8eae-4714-849f-d6e384dda075@huitema.net> <19117.1601400596@localhost> <CAH1iCip7UBe+FR-Cz+sP6SdS11NUQC9gV_s=99yO0tjcvCcX6A@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 29 Sep 2020 14:41:24 -0400
Message-ID: <4215.1601404884@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/h0j56j6ZkWFDGltWRI-UzM5Mcqs>
Subject: Re: [Int-area] [Captive-portals] [homenet] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 18:41:29 -0000
<#secure method=pgpmime mode=sign> Brian Dickson <brian.peter.dickson@gmail.com> wrote: > Any host/interface that uses ARP (not sure whether any flavor of WiFi > does, or if so which flavors), exposes the L3/L2 mapping. Yes, WIFI does use ARP. On all flavours. Encrypted WIFI, which is mostly the default now, encrypts everything above the L2, so the L3 part of the mapping is not seen by passive EM observers. ARP broadcasts as you mention, so other stations on the network could see the mapping, and the AP by default helpfully re-encrypts broadcasts to every station. But, that's not a passive observer: the observer is on the network. Many APs filter ARP broadcasts as being useless chatter. > So, wired > IPv4 for certain (except in very locked-down enterprise settings with > static MAC addresses, perhaps) leaks this information to every host on > the same broadcast domain (same subnet and possibly additional subnets > on the same LAN/VLAN). Yes, but that's not wifi. Phones do not have wired connections. > ARP L2 broadcasts solicit information about IP addresses, and at a > minimum each such query exposes its own MAC and IP address. Responses > may be unicast or broadcast, not sure which. An active compromised > host can easily solicit that information by iterating over all the IP > addresses on the subnet and performing an ARP for each one. It will be good if we can get a document from the MAC randomization proponents (if there is such a group), to explain the thread profile. I don't think it includes active compromised hosts. Such hosts can also ARP/ND spoof, and can even do that for the router (".1"), capturing all the traffic on the network. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [Int-area] Evaluate impact of MAC address randomi… Lee, Yiu
- Re: [Int-area] Evaluate impact of MAC address ran… Andy Smith
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] [EXTERNAL] Re: Evaluate impact of … Lee, Yiu
- Re: [Int-area] [Captive-portals] Evaluate impact … Peter Yee
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] Evaluate impact of MAC address ran… Lee, Yiu
- Re: [Int-area] [homenet] Evaluate impact of MAC a… David R. Oran
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Lee, Yiu
- Re: [Int-area] [EXTERNAL] Re: [homenet] Evaluate … Lee, Yiu
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Bob Hinden
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Brian Dickson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] [Captive-portals] [EXTERNAL] Re: [… Martin Thomson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Ralf Weber
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Pascal Thubert (pthubert)
- Re: [Int-area] Evaluate impact of MAC address ran… Stewart Bryant
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [Captive-portals] [homenet] Evalua… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Eric Vyncke (evyncke)
- Re: [Int-area] Evaluate impact of MAC address ran… Joseph Touch
- Re: [Int-area] Evaluate impact of MAC address ran… Stewart Bryant
- Re: [Int-area] Evaluate impact of MAC address ran… Alan DeKok
- Re: [Int-area] Evaluate impact of MAC address ran… tom petch
- Re: [Int-area] [Captive-portals] Evaluate impact … Derek Fawcus
- Re: [Int-area] [Captive-portals] [homenet] Evalua… Malay Vadher
- Re: [Int-area] [Captive-portals] [EXTERNAL] Re: [… Christian Huitema
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Brian Dickson
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Christian Huitema
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Peter Yee
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Juan Carlos Zuniga
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Weil, Jason
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Rolf Winter
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Carsten Bormann
- Re: [Int-area] Evaluate impact of MAC address ran… Andrew G. Malis
- Re: [Int-area] [EXTERNAL] Re: Evaluate impact of … Lee, Yiu
- Re: [Int-area] [Captive-portals] [homenet] Re: Ev… Livingood, Jason