[prev in list] [next in list] [prev in thread] [next in thread]
List: ipng
Subject: Re: [IPv6] [Maprg] Agenda for maprg at 117
From: "Eric Vyncke \(evyncke\)" <evyncke=40cisco.com () dmarc ! ietf ! org>
Date: 2023-07-27 17:53:41
Message-ID: 82DABCC8-BBA0-4B4C-B368-AD539F6CF425 () cisco ! com
[Download RAW message or body]
Interesting: another nail in EUI-64 coffin.
OTOH, not all residentials routers are the home Wi-Fi AP and, if I understand the \
research correctly, it is only the global unicast address of the Wi-Fi AP interface \
that is vulnerable (if using EUI-64), this GUA is probably not sending a lot of \
traffic to the Internet (i.e., it is not widely observable). Of course, once \
observed, it actually leaks the full /64 prefix location which is bad.
Thanks for the forward, and I now know which session to attend tomorrow morning ;-)
-éric
On 26/07/2023, 15:58, "ipv6 on behalf of Xipengxiao" <ipv6-bounces@ietf.org \
<mailto:ipv6-bounces@ietf.org> on behalf of xipengxiao=40huawei.com@dmarc.ietf.org \
<mailto:40huawei.com@dmarc.ietf.org>> wrote:
Hi Mirja,
This looks like a serious IPv6 (operations) issue. Thank you for bringing it to our \
attention. Although EUI-64 issue has been well known, the fact that "we geolocate the \
IPv6 prefixes of >12M routers in the wild across 146 countries and territories " is \
worrysome. I hope IPv6 specialists will attend and think of how to address this.
XiPeng
=============
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation
Authors:
Erik C. Rye and Robert Beverly
Abstract:
We present IPvSeeYou, a privacy attack that permits a remote and unprivileged \
adversary to physically geolocate many residential IPv6 hosts and networks with \
street-level precision. The crux of our method involves: 1) remotely discovering wide \
area (WAN) hardware MAC addresses from home routers; 2) correlating these MAC \
addresses with their WiFi BSSID counterparts of known location; and 3) extending \
coverage by associating devices connected to a common penultimate provider router.
We first obtain a large corpus of MACs embedded in IPv6 addresses via high-speed \
network probing. These MAC addresses are effectively leaked up the protocol stack and \
largely represent WAN interfaces of residential routers, many of which are all-in-one \
devices that also provide WiFi. We develop a technique to statistically infer the \
mapping between a router's WAN and WiFi MAC addresses across manufacturers and \
devices, and mount a large-scale data fusion attack that correlates WAN MACs with \
WiFi BSSIDs available in wardriving (geolocation) databases. Using these \
correlations, we geolocate the IPv6 prefixes of >12M routers in the wild across 146 \
countries and territories. Selected validation confirms a median geolocation error of \
39 meters. We then exploit technology and deployment constraints to extend the attack \
to a larger set of IPv6 residential routers by clustering and associating devices \
with a common penultimate provider router. While we responsibly disclosed our results \
to several manufacturers and providers, the ossified ecosystem of deployed \
residential cable and DSL routers suggests that our attack will remain a privacy \
threat into the foreseeable future.
Publication:
Proceedings of IEEE Symposium on Security and Privacy (IEEE S&P),
San Francisco, CA, May 2023 (to appear).
-----Original Message-----
From: v6ops <v6ops-bounces@ietf.org <mailto:v6ops-bounces@ietf.org>> On Behalf Of \
Mirja Kuehlewind
Sent: Wednesday, July 26, 2023 2:03 PM
To: 6man@ietf.org <mailto:6man@ietf.org>; v6ops@ietf.org <mailto:v6ops@ietf.org>
Subject: [v6ops] FW: [Maprg] Agenda for maprg at 117
Hi IPv6 folks,
please see below the maprg agenda and come to our session on Friday!
Mirja
On 26.07.23, 22:46, "Maprg on behalf of Mirja Kuehlewind" <maprg-bounces@irtf.org \
<mailto:maprg-bounces@irtf.org> on behalf of \
mirja.kuehlewind=40ericsson.com@dmarc.ietf.org \
<mailto:40ericsson.com@dmarc.ietf.org>> wrote:
Hi all,
just a quick announcement about our final agenda for our maprg session on Friday, \
9:30-11:30 in Continental 6:
https://datatracker.ietf.org/meeting/117/materials/agenda-117-maprg-05 \
<https://datatracker.ietf.org/meeting/117/materials/agenda-117-maprg-05>
We have some really nice talks! See you all on Friday (in-person or remote)!
Mirja & Dave
----------------------
IRTF maprg agenda for IETF-116 (San Francisco)
Date: Friday, 28 July 2023, Session I 0930-1130
Full client with Video: \
https://meetecho.ietf.org/conference/?group=maprg&short=maprg&item=1 \
<https://meetecho.ietf.org/conference/?group=maprg&short=maprg&item=1>
Room: Continental 6
IRTF Note Well: https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444 \
5555731-fc0ed5d6f4235b2d&q=1&e=04b05eaa-1842-40fa-8e5d-3fd7cf1b4ddc&u=https%3A%2F%2Firtf.org%2Fpolicies%2Firtf-note-well-2019-11.pdf \
<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-fc0ed5d \
6f4235b2d&q=1&e=04b05eaa-1842-40fa-8e5d-3fd7cf1b4ddc&u=https%3A%2F%2Firtf.org%2Fpolicies%2Firtf-note-well-2019-11.pdf>
Agenda
Overview and Status - Mirja/Dave (5 min)
Internet Scale Reverse Traceroute - Kevin Vermeulen (remote) (15 mins)
Web Privacy By Design: Evaluating Cross-layer Interactions of QUIC, DNS and H/3 - \
Jayasree Sengupta (remote) (15 mins)
Exploring the Cookieverse: A Multi-Perspective Analysis of Web Cookies - Ali Rasaii \
(remote) (15 mins)
User Awareness and Behaviors Concerning Encrypted DNS Settings in Web Browsers - Nick \
Feamster (remote) (15 mins)
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation - \
Robert Beverly (15 mins)
Measurement Lab: Supporting Open Internet Research - Lai Yi Ohlsen (remote) (15 mins)
_______________________________________________
Maprg mailing list
Maprg@irtf.org <mailto:Maprg@irtf.org>
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-231d4bac \
0946a7a6&q=1&e=04b05eaa-1842-40fa-8e5d-3fd7cf1b4ddc&u=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fmaprg \
<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-231d4ba \
c0946a7a6&q=1&e=04b05eaa-1842-40fa-8e5d-3fd7cf1b4ddc&u=https%3A%2F%2Fwww.irtf.org%2Fmailman%2Flistinfo%2Fmaprg>
_______________________________________________
v6ops mailing list
v6ops@ietf.org <mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops \
<https://www.ietf.org/mailman/listinfo/v6ops>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org <mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 \
<https://www.ietf.org/mailman/listinfo/ipv6>
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic