Re: [v6ops] Google Alert - IPv6
<mohamed.boucadair@orange.com> Thu, 19 October 2017 09:23 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB032134874 for <v6ops@ietfa.amsl.com>; Thu, 19 Oct 2017 02:23:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B-tsZCTS7ako for <v6ops@ietfa.amsl.com>; Thu, 19 Oct 2017 02:23:27 -0700 (PDT)
Received: from relais-inet.orange.com (mta239.mail.business.static.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E53A134873 for <v6ops@ietf.org>; Thu, 19 Oct 2017 02:23:27 -0700 (PDT)
Received: from opfedar06.francetelecom.fr (unknown [xx.xx.xx.8]) by opfedar22.francetelecom.fr (ESMTP service) with ESMTP id E0F0E603FC; Thu, 19 Oct 2017 11:23:25 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.34]) by opfedar06.francetelecom.fr (ESMTP service) with ESMTP id BC9D98006C; Thu, 19 Oct 2017 11:23:25 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM6F.corporate.adroot.infra.ftgroup ([fe80::bd00:88f8:8552:3349%17]) with mapi id 14.03.0361.001; Thu, 19 Oct 2017 11:23:25 +0200
From: mohamed.boucadair@orange.com
To: Mikael Abrahamsson <swmike@swm.pp.se>, Tore Anderson <tore@fud.no>
CC: "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] Google Alert - IPv6
Thread-Index: AQHTSKhj49TWRMwWqEmCerSkbOZYgqLq5VOg
Date: Thu, 19 Oct 2017 09:23:25 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se>
In-Reply-To: <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/m8_NuxINgArufdOuf4yMGpfx3BM>
Subject: Re: [v6ops] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2017 09:23:30 -0000
Hi Mikael, Tore, all, You may want read: https://tools.ietf.org/html/draft-daveor-cgn-logging-00 which relies on the Europol threat assessment report (https://www.europol.europa.eu/sites/default/files/documents/europol_iocta_web_2016.pdf) As far as the IETF is concerned, I do believe that we have done our part of the job: 1. Identify logging as an issue in address sharing: RFC 6269 2. Require address sharing to enable a logging function: RFC 6269 and RFC 6888 3. Identify a minimal set of information to be logged: RFC 6269, RFC 6888, and RFC 6908 4. Identify and discuss trade-offs of solutions to achieve logging: RFC 6269, RFC 6908 5. Specify means to optimize logging (port range allocation, deterministic NAT): draft-ietf-softwire-stateless- 4v6-motivation, RFC 7596, RFC 7597, RFC 7599, RFC 7753, and RFC7422 6. Recommend servers to log source port: RFC 6302 7. An initial survey of servers supporting source port logging: RFC 7768 8. Retrieve NAT session loggings: draft-ietf-behave-syslog-nat- logging, draft-ietf-behave-ipfix-nat-logging 9. Enable address sharing logging function by means of NETCONF: draft-ietf-opsawg-nat-yang 10. CPU and memory issues: RFC 6908 Cheers, Med > -----Message d'origine----- > De : v6ops [mailto:v6ops-bounces@ietf.org] De la part de Mikael > Abrahamsson > Envoyé : jeudi 19 octobre 2017 09:03 > À : Tore Anderson > Cc : v6ops@ietf.org > Objet : Re: [v6ops] Google Alert - IPv6 > > On Thu, 19 Oct 2017, Tore Anderson wrote: > > > * Mikael Abrahamsson <swmike@swm.pp.se> > > > >> If they do have a port, then LEA can have a single subscriber. > > > > Reading the original article (linked below) I am left with the feeling > > that the problem is that they generally *don't* know the source port, > > and therefore end up, quote, «[unable] to identify internet subscribers > > on the basis of an IP address». > > > > https://www.europol.europa.eu/newsroom/news/are-you-sharing-same-ip- > address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to- > increase-accountability-online > > > > The article proceeds to define «CGN» as «technologies which allow > > sharing of IPv4 addresses with multiple internet users». In that > > context, MAP, even though it is not technically CGNAT, is just as > > problematic (to answer Rajiv). > > > > C'est la vie! If Europol don't like IP address sharing, I think the > > only thing they actually could do about it would be to put pressure on > > regulators and/or lawmakers to accelerate IPv6 adoption. I understand > > that's what already happened in Belgium with impressive results. > > So I have no idea what's really going on here, but I can imagine someone > doing CGN and just NATing people left and right, and not logging anything. > Then it's near impossible to find who did what. > > At least when I looked into this issue, the message I got back was that > narrowing down the user list to a few tens of subscribers was still vastly > better than no information at all. Of course LEAs don't like it, but it's > a lot better than nothing. > > Also, services who are typically involved in being targeted for crimes > should start logging the source port of whoever is talking to them. This > option is available in most web servers and has been for a considerable > amount of time. > > Mandating IPv6 is a hard sell. Mandating ISPs to log what subscriber > accounts was behind an IPv4 address at a given point in time including > port used by what account, that's less far fetched. > > -- > Mikael Abrahamsson email: swmike@swm.pp.se
- Re: [v6ops] Google Alert - IPv6 Paul Marks
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Brian E Carpenter
- Re: [v6ops] Google Alert - IPv6 Rajiv Asati (rajiva)
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Erik Kline
- Re: [v6ops] Google Alert - IPv6 Mikael Abrahamsson
- Re: [v6ops] Google Alert - IPv6 Tore Anderson
- Re: [v6ops] Google Alert - IPv6 Mikael Abrahamsson
- Re: [v6ops] Google Alert - IPv6 mohamed.boucadair
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Lorenzo Colitti
- Re: [v6ops] Google Alert - IPv6 Alexandre Petrescu
- Re: [v6ops] Google Alert - IPv6 Warren Kumari
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 mohamed.boucadair
- Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - I… Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - I… mohamed.boucadair
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] Google Alert - IPv6 Erik Nygren
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 Fernando Gont
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Gert Doering
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Mark Smith
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Mark Smith
- Re: [v6ops] Google Alert - IPv6 DY Kim
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 DY Kim
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Mark Andrews
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 t.petch
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Mark Smith