[v6ops] IPv6 new access from Windows to Google: display of a critical security alert
Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 31 October 2019 10:26 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C2BB1200F1 for <v6ops@ietfa.amsl.com>; Thu, 31 Oct 2019 03:26:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.387
X-Spam-Level: **
X-Spam-Status: No, score=2.387 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_24=1.618, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, SPOOFED_FREEMAIL=1.999] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UpGA2FjssuvY for <v6ops@ietfa.amsl.com>; Thu, 31 Oct 2019 03:26:00 -0700 (PDT)
Received: from sainfoin-smtp-out.extra.cea.fr (sainfoin-smtp-out.extra.cea.fr [132.167.192.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1A1C1200F6 for <v6ops@ietf.org>; Thu, 31 Oct 2019 03:25:59 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x9VAPvLC015111 for <v6ops@ietf.org>; Thu, 31 Oct 2019 11:25:57 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id C8461203BA4 for <v6ops@ietf.org>; Thu, 31 Oct 2019 11:25:57 +0100 (CET)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id B7359203BA2 for <v6ops@ietf.org>; Thu, 31 Oct 2019 11:25:57 +0100 (CET)
Received: from [10.11.240.4] ([10.11.240.4]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x9VAPoU7016147 for <v6ops@ietf.org>; Thu, 31 Oct 2019 11:25:51 +0100
To: "v6ops@ietf.org" <v6ops@ietf.org>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <d15dc3e9-2cd5-fb74-e664-2d91b5c4e3ef@gmail.com>
Date: Thu, 31 Oct 2019 11:25:50 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------21FA509471B2502024ED670C"
Content-Language: fr
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/TIFJKTu6LDhUDur-leXzYkq2HoM>
Subject: [v6ops] IPv6 new access from Windows to Google: display of a critical security alert
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 10:26:02 -0000
Google alerted me a few days ago during my DHCPv6 experiments, when I browsed it with a Windows computer using IPv6 first time, although many times previously with IPv4. Incidentally, the address my Windows used was an address delivered by DHCPv6. Being DHCPv6 is visible in its format: in the hextet representation, the '::' appears before the last two hextets (X::b4cc:8eb9) as opposed to a SLAAC address where the double colon appears quasi always before the last _four_ hextets. I am trying to understand why Google complained wiht such a critical security alert. - is it because the address was a DHCP address rather than SLAAC? - it is because I connect from an address they have never seen before? - is it because it is the first time I connect to them by IPv6 on this computer? - is it because when I connect with IPv6 to them I keep changing the IPv6 address (as opposed to IPv4 is always the same because behind NAT)? The messages they displayed are not helpful to understand what's happening, because they talk about 'application security', 'wrong device', etc. Neither is the case: I have a running anti-virus so my apps are healthy and the device is always the same Windows device I use to connect to Google.
- [v6ops] IPv6 new access from Windows to Google: d… Alexandre Petrescu
- Re: [v6ops] IPv6 new access from Windows to Googl… Owen DeLong
- Re: [v6ops] IPv6 new access from Windows to Googl… Alexandre Petrescu