| [IPv6] Is Comcast spying on it's native ipv6 customers? Why is it that every web site I visit also establishes an ipv6 http connection to the following 2 ipv6 addresses. There may be more.
2001:559:0:301::6011:6d31
2001:559:0:301::6011:6d21
Sample netstat
TCP [2601:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]:54057 [2001:559:0:301::6011:6d31]
:http ESTABLISHED
TCP [2601:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]:54057 [2001:559:0:301::6011:6d31]
:http ESTABLISHED
A whois shows that they belong to Comcast.
NetRange: 2001:558:: - 2001:559:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR: 2001:558::/31
OriginAS:
NetName: COMCAST6NET
NetHandle: NET6-2001-558-1
Parent: NET6-2001-400-0
NetType: Direct Allocation
RegDate: 2003-01-06
Updated: 2012-03-02
Ref: »whois.arin.net/rest/net/NET6-2001-558-1 |
|
|
|
| Can ya give us some examples of websites that you visit?  |
|
derekivey
join:2006-03-30
Mechanicsburg, PA
kudos:1 | reply to ipv6
That port appears to be used by Apache ActiveMQ. Sounds like it does messaging.... hmmm |
|
 whfsdudePremium
join:2003-04-05
Washington, DC
 ·T-Mobile US
| reply to ipv6
Keep in mind it could be a CDN (eg. Akamai). I've seen them use Comcast address space for nodes inside their network.
You really need to provide more information here. IPvFoo might be useful here if you're using Chrome. »code.google.com/p/ipvfoo/
FYI, if Comcast were spying on you, they just look at flow data or if it was CALEA related, do a passive tap. |
|
| reply to Mike Wolf
www.pandora.com
www.engadget.com
www.hulu.com |
|
 ropeguruPremium
join:2001-01-25
Mechanicsville, VA | Yep, for those sites I would say a CDN connection. |
|
| reply to ipv6
out of the three you listed only engadget has an IPv6 AAAA DNS record 2001:4b0:1668:2c0d:1::2 |
|
| reply to ipv6
I just did an http get to those hosts and captured it with Wireshark, they are identifying themselves as AkamaiGHosts.
So, yes it is CDN. Nobody is spying on you.
Nothing to see here, please move along. |
|
 tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3
 ·Comcast
| reply to ipv6
Get used to it, unless you only visit blank pages.
Vritually everypage you visit will have ads and video and trackers and features such as rollovers and popups that require a 2 way link be established on opening.
The fact that you see comcast addresses only means ComCast is warehousing some of those "cloud" functions a little closer to you, which helps speed up the process.
This happened under v4 too, it's just more visible under v6. |
|
| reply to voiptalk
"Nothing to see here, please move along."
Or next time someone wants to know why ipv6 addresses living in the Comcast network establish http connections while visiting ipv4 only sites like www.hulu.com for example they'll search google and google will take them here.
Anyways it would appear that both ipv4 only sites and ipv6 sites pull a lot of their content using ipv6 from akamai, amazonaws, 1e100. That's nice to see as I get lower latency on ipv6. |
|
tshirtPremium,MVM
join:2004-07-11
Snohomish, WA
kudos:3 Reviews:
·Comcast
| reply to voiptalk
said by voiptalk:I just did an http get to those hosts and captured it with Wireshark, they are identifying themselves as AkamaiGHosts.
So, yes it is CDN. Nobody is spying on you.
Nothing to see here, please move along.
I agree 100%... Except I commend the OP for asking.
ANY time ANY one is unsure of a process or risk, it is far better ASK first, than be sorry later.
With all the bad things on the web (especially bots) ignoring potential security threat jeopordizes not only that user but potentially everyone else they can reach, known or unknown to them. |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| reply to ipv6
said by ipv6 :Anyways it would appear that both ipv4 only sites and ipv6 sites pull a lot of their content using ipv6 from akamai, amazonaws, 1e100. That's nice to see as I get lower latency on ipv6. Slightly off topic but probably worth bringing up. There is actually an incentive for CDN/CDN like companies to deploy IPv6. You'll likely see a lot of this.
Because those companies have widgets on many pages (eg. Google's jquery API used by slashdot, reddit, etc..), they're likely to face IPv4 port exhaustion when dealing with IPv4 users behind a CGN. The port exhaustion can occur on either end - CGN (more likely) or even on the web server if a lot of connections timeout.
While Comcast isn't doing CGN yet, many mobile providers are already doing it. AT&T apparently will also be doing it for their DSL users. |
|
AVonGaussPremium
join:2007-11-01
Boynton Beach, FL | I don't think carrier grade NAT (CGN) is a given for Comcast or any US based provider at this point. Those that are actively working on CGN generally seem to have other motivations rather than IPv4 address exhaustion. |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| said by AVonGauss:I don't think carrier grade NAT (CGN) is a given for Comcast or any US based provider at this point. Those that are actively working on CGN generally seem to have other motivations rather than IPv4 address exhaustion.
Well ARIN will likely run out in Q2 of 2013 so if you're a new operator or rolling out new infrastructure you might consider it. CGN introduces a lot of complexities into a network, so you can't just flip a switch when you exhaust IPv4.
Three of the four mobile operators in the US are already running CGN. |
|
| reply to AVonGauss
AT&T appears to be doing CGN for DSL and uVerse. |
|
AVonGaussPremium
join:2007-11-01
Boynton Beach, FL | It's just my personal opinion, but I don't really think AT&T's motivations for CGN are related to IPv4 exhaustion. |
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
·Comcast Business..
 ·Vonage
·Cingular Wireless
·Comcast
| reply to nate1234
said by nate1234:AT&T appears to be doing CGN for DSL and uVerse.
And they have been using it for years for cell phone connectivity, so it is not really a surprise that they would go with technology that they already are using:
C:\>rasdial "AT&T Mobility"
Connecting to AT&T MOBILITY...
Verifying username and password...
Registering your computer on the network...
Successfully connected to AT&T MOBILITY.
Command completed successfully.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.9.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.9.1
PPP adapter AT&T Mobility:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.41.24.59
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.41.24.59
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
 joakoPremium
join:2000-09-07
/dev/null
kudos:5 | reply to ipv6
Comcast proxies all HTTP traffic.
--
PRescott7-2097 |
|
 EGThe wings of lovePremium
join:2006-11-18
Union, NJ
kudos:9 | Got proof ? |
|
whfsdudePremium
join:2003-04-05
Washington, DC Reviews:
·T-Mobile US
| reply to joako
said by joako:Comcast proxies all HTTP traffic.
BS. Again, they have no reason to run transparent proxies when they could just set up a SPAN port or do another type of passive tap. |
|
