[nycbug-talk] WiFi use liability. . .

Isaac Levy ike
Fri Apr 22 17:16:21 EDT 2005 

Hi Ray, George,

On Apr 22, 2005, at 9:46 AM, George R. wrote:

> On Apr 22, 2005, at 9:39 AM, Ray wrote:
>
>> On Fri, Apr 22, 2005 at 01:35:22AM -0400, Isaac Levy wrote:

[snip: IPV6- source IP maintained in routing with dest. IP, plus many 
addresses]

>> So Criminal connects to Friendly's AP, gets a unique IPv6 from
>> Friendly, does something illegal which gets traced back to Criminal
>> _but_ Criminal runs away afterwards.  One hop less from Friendly's
>> AP.  How does Police know that Friendly didn't use a certain computer
>> with Criminal's MAC to do illegal things?  I understand that IPv4
>> would make it seem like illegal things are coming from the AP itself,
>> which I'm assuming to be a single IP doing NAT or something; however,
>> the traffic still originates from your IPv6 block.  So how does
>> IPv6 protect people like you and me who want to openly share their
>> AP?
>>
>
> Valid point Ray. . . it doesn't in itself. . . all new schemes like 
> this open the door to other problems.
>
> It would actually become a bid more nasty in some scenarios. . . ie, 
> assuming everyone has a unique IP assigned to them, I get a list of 
> MAC and the relevant IP addresses of someone I don't like, spoof them, 
> and I can start getting my enemies in trouble.  Wait, maybe this isn't 
> such a bad idea. . . <g>
>
> Unless everyone had unspoofable unique addresses per box with 
> unspoofable MAC adddresses. . . but of course it doesn't deal with 
> using someone else's box. . .
>
> g

I'll agree with both of you that the large numbers of IP addresses 
doesn't really do anything to mitigate this problem, but the 
statefulness of the IPV6 protocol (maintaining both destination and 
source IP's when routing packets) enables a whole new world of 
possibilities-

For example, in the above scenario, "Friendly's" open AP could be 
sophisticated enough to do something intelligent with the routed packet 
information- it's forwarding routing information as 'Criminal' uses the 
wires?  (i.e. something in the routing that would make it clear that 
'Criminal' is not mr. or mrs. 'Friendly'?)

To be honest, this is where I break down with my knowledge of IPV6 
since I'm not *doing* anything practical with it- so my knowledge is 
purely academic- which is boring and misses loads of real-life 
details...

So I'll shut my yap on this for now.  Good thoughtful stuff from 
everyone- these are all important sub-topics, regardless of where we 
all stand with things.

Rocket all-
.ike

More information about the talk mailing list