dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2837
share rss forum feed


ipv6

@comcast.net

[IPv6] Is Comcast spying on it's native ipv6 customers?

Why is it that every web site I visit also establishes an ipv6 http connection to the following 2 ipv6 addresses. There may be more.

2001:559:0:301::6011:6d31
2001:559:0:301::6011:6d21

Sample netstat
TCP [2601:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]:54057 [2001:559:0:301::6011:6d31]
:http ESTABLISHED
TCP [2601:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]:54057 [2001:559:0:301::6011:6d31]
:http ESTABLISHED

A whois shows that they belong to Comcast.
NetRange: 2001:558:: - 2001:559:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR: 2001:558::/31
OriginAS:
NetName: COMCAST6NET
NetHandle: NET6-2001-558-1
Parent: NET6-2001-400-0
NetType: Direct Allocation
RegDate: 2003-01-06
Updated: 2012-03-02
Ref: »whois.arin.net/rest/net/NET6-2001-558-1



Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:3

Can ya give us some examples of websites that you visit?


derekivey

join:2006-03-30
San Jose, CA
kudos:1
reply to ipv6

That port appears to be used by Apache ActiveMQ. Sounds like it does messaging.... hmmm



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to ipv6

Keep in mind it could be a CDN (eg. Akamai). I've seen them use Comcast address space for nodes inside their network.

You really need to provide more information here. IPvFoo might be useful here if you're using Chrome. »code.google.com/p/ipvfoo/

FYI, if Comcast were spying on you, they just look at flow data or if it was CALEA related, do a passive tap.



ipv6

@comcast.net
reply to Mike Wolf

www.pandora.com
www.engadget.com
www.hulu.com



ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

Yep, for those sites I would say a CDN connection.



Mike Wolf

join:2009-05-24
Beachwood, NJ
kudos:3
reply to ipv6

out of the three you listed only engadget has an IPv6 AAAA DNS record 2001:4b0:1668:2c0d:1::2


voiptalk

join:2010-04-10
Gainesville, VA

2 recommendations

reply to ipv6

I just did an http get to those hosts and captured it with Wireshark, they are identifying themselves as AkamaiGHosts.

So, yes it is CDN. Nobody is spying on you.

Nothing to see here, please move along.



tshirt
Premium,MVM
join:2004-07-11
Snohomish, WA
kudos:4
Reviews:
·Comcast

1 recommendation

reply to ipv6

Get used to it, unless you only visit blank pages.
Vritually everypage you visit will have ads and video and trackers and features such as rollovers and popups that require a 2 way link be established on opening.
The fact that you see comcast addresses only means ComCast is warehousing some of those "cloud" functions a little closer to you, which helps speed up the process.
This happened under v4 too, it's just more visible under v6.



ipv6

@comcast.net
reply to voiptalk

"Nothing to see here, please move along."

Or next time someone wants to know why ipv6 addresses living in the Comcast network establish http connections while visiting ipv4 only sites like www.hulu.com for example they'll search google and google will take them here.

Anyways it would appear that both ipv4 only sites and ipv6 sites pull a lot of their content using ipv6 from akamai, amazonaws, 1e100. That's nice to see as I get lower latency on ipv6.



tshirt
Premium,MVM
join:2004-07-11
Snohomish, WA
kudos:4
Reviews:
·Comcast

1 recommendation

reply to voiptalk

said by voiptalk:

I just did an http get to those hosts and captured it with Wireshark, they are identifying themselves as AkamaiGHosts.

So, yes it is CDN. Nobody is spying on you.

Nothing to see here, please move along.

I agree 100%... Except I commend the OP for asking.
ANY time ANY one is unsure of a process or risk, it is far better ASK first, than be sorry later.
With all the bad things on the web (especially bots) ignoring potential security threat jeopordizes not only that user but potentially everyone else they can reach, known or unknown to them.


whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

1 recommendation

reply to ipv6

said by ipv6 :

Anyways it would appear that both ipv4 only sites and ipv6 sites pull a lot of their content using ipv6 from akamai, amazonaws, 1e100. That's nice to see as I get lower latency on ipv6.

Slightly off topic but probably worth bringing up. There is actually an incentive for CDN/CDN like companies to deploy IPv6. You'll likely see a lot of this.

Because those companies have widgets on many pages (eg. Google's jquery API used by slashdot, reddit, etc..), they're likely to face IPv4 port exhaustion when dealing with IPv4 users behind a CGN. The port exhaustion can occur on either end - CGN (more likely) or even on the web server if a lot of connections timeout.

While Comcast isn't doing CGN yet, many mobile providers are already doing it. AT&T apparently will also be doing it for their DSL users.

AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL

1 recommendation

I don't think carrier grade NAT (CGN) is a given for Comcast or any US based provider at this point. Those that are actively working on CGN generally seem to have other motivations rather than IPv4 address exhaustion.



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast

1 recommendation

said by AVonGauss:

I don't think carrier grade NAT (CGN) is a given for Comcast or any US based provider at this point. Those that are actively working on CGN generally seem to have other motivations rather than IPv4 address exhaustion.

Well ARIN will likely run out in Q2 of 2013 so if you're a new operator or rolling out new infrastructure you might consider it. CGN introduces a lot of complexities into a network, so you can't just flip a switch when you exhaust IPv4.

Three of the four mobile operators in the US are already running CGN.


NathanO

join:2008-08-21
Moorestown, NJ

1 recommendation

reply to AVonGauss

AT&T appears to be doing CGN for DSL and uVerse.


AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL

It's just my personal opinion, but I don't really think AT&T's motivations for CGN are related to IPv4 exhaustion.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to NathanO

said by NathanO:

AT&T appears to be doing CGN for DSL and uVerse.

And they have been using it for years for cell phone connectivity, so it is not really a surprise that they would go with technology that they already are using:


C:\>rasdial "AT&T Mobility"
Connecting to AT&T MOBILITY...
Verifying username and password...
Registering your computer on the network...
Successfully connected to AT&T MOBILITY.
Command completed successfully.
 
C:\>ipconfig
 
Windows IP Configuration
 
Ethernet adapter Local Area Connection:
 
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.9.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.9.1
 
PPP adapter AT&T Mobility:
 
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 10.41.24.59
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 10.41.24.59
 


--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower


joako
Premium
join:2000-09-07
/dev/null
kudos:6
reply to ipv6

Comcast proxies all HTTP traffic.
--
PRescott7-2097



EG
The wings of love
Premium
join:2006-11-18
Union, NJ
kudos:9

1 recommendation

Got proof ?



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to joako

said by joako:

Comcast proxies all HTTP traffic.

BS. Again, they have no reason to run transparent proxies when they could just set up a SPAN port or do another type of passive tap.

Oedipus

join:2005-05-09
kudos:1
reply to EG

said by EG:

Got proof ?

No.


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2
reply to joako

said by joako:

Comcast proxies all HTTP traffic.

We absolutely do not do that.
--
JL
Comcast


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:2

3 recommendations

reply to AVonGauss

said by AVonGauss:

I don't think carrier grade NAT (CGN) is a given for Comcast or any US based provider at this point. Those that are actively working on CGN generally seem to have other motivations rather than IPv4 address exhaustion.

We have no CGN plans at this time and think your Internet experience is much better without CGN.
--
JL
Comcast


EG
The wings of love
Premium
join:2006-11-18
Union, NJ
kudos:9
reply to Oedipus

said by Oedipus:

said by EG:

Got proof ?

No.

You neither ?