Re: [v6ops] IPv6 new access from Windows to Google: display of a critical security alert
Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 31 October 2019 15:04 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA295120823 for <v6ops@ietfa.amsl.com>; Thu, 31 Oct 2019 08:04:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.977
X-Spam-Level: *
X-Spam-Status: No, score=1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_20_30=1.999, HTML_TAG_BALANCE_HEAD=0.817, HTTP_ESCAPED_HOST=0.1, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001, URI_TRY_3LD=0.69, WEIRD_QUOTING=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n8ly_ipc3sQW for <v6ops@ietfa.amsl.com>; Thu, 31 Oct 2019 08:04:25 -0700 (PDT)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70C09120811 for <v6ops@ietf.org>; Thu, 31 Oct 2019 08:04:24 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x9VF4Jo2003524; Thu, 31 Oct 2019 16:04:19 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 417B5206A00; Thu, 31 Oct 2019 16:04:19 +0100 (CET)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id C8C77203C3B; Thu, 31 Oct 2019 16:04:18 +0100 (CET)
Received: from [10.11.240.55] ([10.11.240.55]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x9VF3nkV011035; Thu, 31 Oct 2019 16:03:50 +0100
To: Owen DeLong <owen@delong.com>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
References: <d15dc3e9-2cd5-fb74-e664-2d91b5c4e3ef@gmail.com> <7649D02C-9252-4F5E-B195-B213F299F6C1@delong.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <f3335c3c-c56f-96fa-73ae-9f09b8d3adce@gmail.com>
Date: Thu, 31 Oct 2019 16:03:49 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.0
MIME-Version: 1.0
In-Reply-To: <7649D02C-9252-4F5E-B195-B213F299F6C1@delong.com>
Content-Type: multipart/mixed; boundary="------------19233F335A7405FEF9E6B9CE"
Content-Language: fr
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/N0sHSO9d_1hyVitHfFMS_8iS5jY>
Subject: Re: [v6ops] IPv6 new access from Windows to Google: display of a critical security alert
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 15:04:31 -0000
Le 31/10/2019 à 15:32, Owen DeLong a écrit : > > >> On Oct 31, 2019, at 3:25 AM, Alexandre Petrescu >> <alexandre.petrescu@gmail.com <mailto:alexandre.petrescu@gmail.com>> >> wrote: >> >> Google alerted me a few days ago during my DHCPv6 experiments, when I >> browsed it with a Windows computer using IPv6 first time, although >> many times previously with IPv4. >> >> > Since I don’t speak French, it’s hard to interpret the error message > and I can’t paste the contents of an image into google translate. > >> Incidentally, the address my Windows used was an address delivered by >> DHCPv6. Being DHCPv6 is visible in its format: in the hextet >> representation, the '::' appears before the last two hextets >> (X::b4cc:8eb9) as opposed to a SLAAC address where the double colon >> appears quasi always before the last _four_ hextets. >> >> > Google can’t tell how you got the address. The position of the :: is > irrelevant. This is simply an artifact of the UI in question. Any > address which contains contiguous hextets of all zeroes (e.g. 0:0:0) > may abbreviate one such group of hextets to ::. > > Example: 2001:d8b:0:0:53a2:0:0:1 can be written as: > 2001:db8::53a2:0:0:1 > 2001:db8:0:0:53a2::1 > > All three of the above expressions represent the same exact 128-bit > address. Well I never seen an IPv6 address that is SLAAC'ed and has so many leftmost 0s. But I agree with the principle you say. >> I am trying to understand why Google complained wiht such a critical >> security alert. >> > Hard to say. Is the security alert about your address or is it about > the site you were trying to visit? It popped up when I tried to visit ipv6.google.com with firefox most recent. But I guess it tried first to sign in on my Google account, or something like that. They should know what they tried to do with my connection. What I know is that it did not deserve such a security alert. > If you can provide an English translation of the message, it might be > possible to provide better advice. Manual translation is hard. See automated translation below. The original html (so one can copy paste), and the result of a button click on 'Info' button on that page, are attached. > Access to your account by a suspicious application has been blocked > alexandru.petrescu@gmail.com > Google has prevented anyone from signing in to your account using an > app that does not belong to Google. If it was not you, it means that > someone else knows your password. We advise you to modify it immediately. > > Unrecognized device > > 17 minutes ago > > Near "City, France" > 2a01: X: Y: ce10 :: b4cc: 8eb9 (IP address) > Have you recently been unable to sign in to your Google Account? > >> - is it because the address was a DHCP address rather than SLAAC? >> > No. Google can’t tell how the address was assigned. It’s just another > 128 bit number from Google’s perspective. > >> - it is because I connect from an address they have never seen before? >> > Without being able to decipher the error message, it’s hard to say. >> >> - is it because it is the first time I connect to them by IPv6 on >> this computer? >> > Not likely. >> >> - is it because when I connect with IPv6 to them I keep changing the >> IPv6 address (as opposed to IPv4 is always the same because behind NAT)? >> > Not likely. Is it because https on IPv6 might not work as well as on IPv4? Alex
- [v6ops] IPv6 new access from Windows to Google: d… Alexandre Petrescu
- Re: [v6ops] IPv6 new access from Windows to Googl… Owen DeLong
- Re: [v6ops] IPv6 new access from Windows to Googl… Alexandre Petrescu