Re: [v6ops] IPv6 new access from Windows to Google: display of a critical security alert

Alexandre Petrescu <> Thu, 31 October 2019 15:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CA295120823 for <>; Thu, 31 Oct 2019 08:04:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.977
X-Spam-Level: *
X-Spam-Status: No, score=1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_20_30=1.999, HTML_TAG_BALANCE_HEAD=0.817, HTTP_ESCAPED_HOST=0.1, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001, URI_TRY_3LD=0.69, WEIRD_QUOTING=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id n8ly_ipc3sQW for <>; Thu, 31 Oct 2019 08:04:25 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 70C09120811 for <>; Thu, 31 Oct 2019 08:04:24 -0700 (PDT)
Received: from ( []) by (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x9VF4Jo2003524; Thu, 31 Oct 2019 16:04:19 +0100
Received: from (localhost []) by localhost (Postfix) with SMTP id 417B5206A00; Thu, 31 Oct 2019 16:04:19 +0100 (CET)
Received: from ( []) by (Postfix) with ESMTP id C8C77203C3B; Thu, 31 Oct 2019 16:04:18 +0100 (CET)
Received: from [] ([]) by (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x9VF3nkV011035; Thu, 31 Oct 2019 16:03:50 +0100
To: Owen DeLong <>
Cc: "" <>
References: <> <>
From: Alexandre Petrescu <>
Message-ID: <>
Date: Thu, 31 Oct 2019 16:03:49 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/mixed; boundary="------------19233F335A7405FEF9E6B9CE"
Content-Language: fr
Archived-At: <>
Subject: Re: [v6ops] IPv6 new access from Windows to Google: display of a critical security alert
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 31 Oct 2019 15:04:31 -0000

Le 31/10/2019 à 15:32, Owen DeLong a écrit :
>> On Oct 31, 2019, at 3:25 AM, Alexandre Petrescu 
>> < <>> 
>> wrote:
>> Google alerted me a few days ago during my DHCPv6 experiments, when I 
>> browsed it with a Windows computer using IPv6 first time, although 
>> many times previously with IPv4.
> Since I don’t speak French, it’s hard to interpret the error message 
> and I can’t paste the contents of an image into google translate.
>> Incidentally, the address my Windows used was an address delivered by 
>> DHCPv6. Being DHCPv6 is visible in its format: in the hextet 
>> representation, the '::' appears before the last two hextets 
>> (X::b4cc:8eb9) as opposed to a SLAAC address where the double colon 
>> appears quasi always before the last _four_ hextets.
> Google can’t tell how you got the address. The position of the :: is 
> irrelevant. This is simply an artifact of the UI in question. Any 
> address which contains contiguous hextets of all zeroes (e.g. 0:0:0) 
> may abbreviate one such group of hextets to ::.
> Example: 2001:d8b:0:0:53a2:0:0:1 can be written as:
> 2001:db8::53a2:0:0:1
> 2001:db8:0:0:53a2::1
> All three of the above expressions represent the same exact 128-bit 
> address.

Well I never seen an IPv6 address that is SLAAC'ed and has so many 
leftmost 0s.

But I agree with the principle you say.

>> I am trying to understand why Google complained wiht such a critical 
>> security alert.
> Hard to say. Is the security alert about your address or is it about 
> the site you were trying to visit?

It popped up when I tried to visit with firefox most 
recent.  But I guess it tried first to sign in on my Google account, or 
something like that.  They should know what they tried to do with my 
connection.  What I know is that it did not deserve such a security alert.

> If you can provide an English translation of the message, it might be 
> possible to provide better advice.

Manual translation is hard.  See automated translation below. The 
original html (so one can copy paste), and the result of a button click 
on 'Info' button on that page, are attached.

> Access to your account by a suspicious application has been blocked
> Google has prevented anyone from signing in to your account using an 
> app that does not belong to Google. If it was not you, it means that 
> someone else knows your password. We advise you to modify it immediately.
> 
> Unrecognized device
> 
> 17 minutes ago
> 
> Near "City, France"
> 2a01: X: Y: ce10 :: b4cc: 8eb9 (IP address)
> Have you recently been unable to sign in to your Google Account?

>> - is it because the address was a DHCP address rather than SLAAC?
> No. Google can’t tell how the address was assigned. It’s just another 
> 128 bit number from Google’s perspective.
>> - it is because I connect from an address they have never seen before?
> Without being able to decipher the error message, it’s hard to say.
>> - is it because it is the first time I connect to them by IPv6 on 
>> this computer?
> Not likely.
>> - is it because when I connect with IPv6 to them I keep changing the 
>> IPv6 address (as opposed to IPv4 is always the same because behind NAT)?
> Not likely.

Is it because https on IPv6 might not work as well as on IPv4?