nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!

From: Joel jaeggli <joelja () bogus com>
Date: Sun, 17 Jun 2012 10:53:52 -0700
On 6/17/12 10:24 , valdis.kletnieks () vt edu wrote:

On Sun, 17 Jun 2012 13:10:59 -0400, Arturo Servin said:

     Wouldn't BCP38 help?


The mail I'm replying to has as the first Received: line:

Received: from ?IPv6:2800:af:ba30:e8cf:d06f:4881:973a:c68?  ([2800:af:ba30:e8cf:d06f:4881:973a:c68]) by mx.google.com 
with ESMTPS id  b8sm25918444anm.4.2012.06.17.10.11.04 (version=TLSv1/SSLv3 cipher=OTHER);  Sun, 17 Jun 2012 10:11:06 
-0700 (PDT)




Obviously BCP38 doesn't help, as it's an established TCP connection so it can't be
spoofed traffic (gotta ACK  Google's ISN from the SYN-ACK)  - unless Google is silly
enough to *still* not be doing RFC1948 properly.  I mean, Steve Bellovin wrote
that literally last century. ;)

So - who owns 2800:af:ba30:e8cf:4881:973a:c68?  And how does an LEO
find that info quickly if they need to figure out who to hand a warrant to?


so first of you introduced a typo

2800:af:ba30:e8cf:4881:973a:c68

2800:af:ba30:e8cf:d06f:4881:973a:c68

which like the wrong address in a search warrant can be a problem.

jjaeggli@cXX-XX-XX0> show route table inet6.0
2800:af:ba30:e8cf:4881:973a:c68
                                              ^
invalid ip address or hostname: 2800:af:ba30:e8cf:4881:973a:c68 at
'2800:af:ba30:e8cf:4881:973a:c68'

jjaeggli@cXX-XX-XX0> show route table inet6.0
2800:af:ba30:e8cf:d06f:4881:973a:c68

inet6.0: 9674 destinations, 38494 routes (9674 active, 0 holddown, 19088
hidden)
+ = Active Route, - = Last Active, * = Both

2800:a0::/28       *[BGP/170] 1w2d 00:00:21, MED 50, localpref 200, from
2620:102:8004::10
                      AS path: 7922 12956 6057 I

XXXX-XXXXX:~ jjaeggli$ whois -h whois.lacnic.net
2800:af:ba30:e8cf:d06f:4881:973a:c68


inetnum:     2800:a0::/28
status:      allocated
aut-num:     N/A
owner:       Administracion Nacional de Telecomunicaciones
ownerid:     UY-ANTA-LACNIC
responsible: ANTELDATA ANTEL URUGUAY
address:     Treinta y Tres, 1418, P.3
address:     11000 - Montevideo -
country:     UY
phone:       +598 2 9028819 []
owner-c:     ANU
tech-c:      ANU
abuse-c:     ANU
inetrev:     2800:a0::/28
nserver:     NS1.ANTELV6.NET.UY
nsstat:      20120615 AA
nslastaa:    20120615
created:     20070115
changed:     20070115

nic-hdl:     ANU
person:      ANTELDATA ANTEL URUGUAY
e-mail:      ipadmin () ANTEL NET UY
address:     Mercedes, 876, P. 2
address:     11100 - Montevideo -
country:     UY
phone:       +598 2 9002877 []
created:     20020910
changed:     20111014

scopes it to not being a problem you can solve with policy in the arin
region.


*THAT* is the problem that needs solving.

(And who *does* own that IP?   I admit not knowing. ;)


was trivial enough to find the origin, I have nothing to indicate that
any of that information is wrong.
Previous By Date Next
Previous By Thread Next

Current thread: