IETF Logo Mail Archive

Re: [v6ops] Google Alert - IPv6

Mikael Abrahamsson <swmike@swm.pp.se> Thu, 19 October 2017 07:03 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB76134453 for <v6ops@ietfa.amsl.com>; Thu, 19 Oct 2017 00:03:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ceqnrjWh5tDq for <v6ops@ietfa.amsl.com>; Thu, 19 Oct 2017 00:03:22 -0700 (PDT)
Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99F9F133087 for <v6ops@ietf.org>; Thu, 19 Oct 2017 00:03:22 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 7BB89B0; Thu, 19 Oct 2017 09:03:19 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1508396599; bh=zu4XIHA9nx8P3gcasg1Cxhzwl+kPdM4diUbNIdEp1iY=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=z0g1zT+TgAsACkGuo4go4PwfCb4JHlkAx+jEHV77wRw6AmOqxdE8JEik85vAzs15E ncW6UMLMT0Zi3batBKOgkC+j5YOL9xI+AsdjuUUNVpzUnUWP040AiSoVzjooWrbAdz Fxw/FZhfUw27u3/finpeUcZP4wBCdXf8qKtNgWbg=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 63076AF; Thu, 19 Oct 2017 09:03:19 +0200 (CEST)
Date: Thu, 19 Oct 2017 09:03:19 +0200
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Tore Anderson <tore@fud.no>
cc: v6ops@ietf.org
In-Reply-To: <20171019083506.6627a166@echo.ms.redpill-linpro.com>
Message-ID: <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="-137064504-1539955102-1508396599=:31961"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/i1ic3pfarvSjxnWbUog65vHQTPA>
Subject: Re: [v6ops] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2017 07:03:26 -0000

On Thu, 19 Oct 2017, Tore Anderson wrote:

> * Mikael Abrahamsson <swmike@swm.pp.se>
>
>> If they do have a port, then LEA can have a single subscriber.
>
> Reading the original article (linked below) I am left with the feeling
> that the problem is that they generally *don't* know the source port,
> and therefore end up, quote, «[unable] to identify internet subscribers
> on the basis of an IP address».
>
> https://www.europol.europa.eu/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online
>
> The article proceeds to define «CGN» as «technologies which allow
> sharing of IPv4 addresses with multiple internet users». In that
> context, MAP, even though it is not technically CGNAT, is just as
> problematic (to answer Rajiv).
>
> C'est la vie! If Europol don't like IP address sharing, I think the
> only thing they actually could do about it would be to put pressure on
> regulators and/or lawmakers to accelerate IPv6 adoption. I understand
> that's what already happened in Belgium with impressive results.

So I have no idea what's really going on here, but I can imagine someone 
doing CGN and just NATing people left and right, and not logging anything. 
Then it's near impossible to find who did what.

At least when I looked into this issue, the message I got back was that 
narrowing down the user list to a few tens of subscribers was still vastly 
better than no information at all. Of course LEAs don't like it, but it's 
a lot better than nothing.

Also, services who are typically involved in being targeted for crimes 
should start logging the source port of whoever is talking to them. This 
option is available in most web servers and has been for a considerable 
amount of time.

Mandating IPv6 is a hard sell. Mandating ISPs to log what subscriber 
accounts was behind an IPv4 address at a given point in time including 
port used by what account, that's less far fetched.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.23.0 | Report a Bug | By Email