dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1436
share rss forum feed


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL

1 recommendation

How much of an IPv6 Address can be shown safely

While I know with IPv4 only the first three octets can be shown safely, IPv6 is new to me,

So I was wondering if someone wants to others to know that they have IPv6, how much of an IPv6 Address can be shown safely?

Thank you
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


Ray
Mahnahmahna
Premium
join:2001-04-02
Gilbert, AZ

2 recommendations

The first 64 bits are the network, the other half is the host.

Showing the first three octets of an IPv4 address leaves a whopping 254 guesses to find to the host (assuming a /24 network)... Not exactly making it hard for someone.

Editorial: If your safety depends on someone not knowing your IP, something is wrong.
--
ON DELETE CASCADE

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

2 recommendations

reply to aefstoggaflm
said by aefstoggaflm:

While I know with IPv4 only the first three octets can be shown safely,

Says who?

All you're doing by censoring one octet is giving 256 different possibilities for your address. It's not like the choice of censoring one octet (rather than two, there, or four) has any bearing on reality: what if you're in a /16 subnet? Or a /28 subnet?

If you're afraid of giving out one of the bytes, why give any of them?

And choosing the right-most byte as the byte you're going to keep a secret seems like the wrong end: you've probably told us your network number, guessing the host is easier. You should censor the most significant byte for more "safety".

P.S. My IPv4 address is 192.168.1.4

(tl;dr - this is silly)


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
reply to aefstoggaflm
Ok. Upon reflection, only the first two octets of IPv4 are safe to show.

But what about IPv6?

Thank you
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
I'd guess everything but the last four characters, which would give you 16^4 possibilities or 65,536.

nonymous
Premium
join:2003-09-08
Glendale, AZ

1 recommendation

reply to aefstoggaflm
What do you mean by shown safely. If you are running say email or a web server people will know yout IP.
If you are only giving out part of your IP why do you even need to give it out at all?
Plus as others have said if you are secure who cares who knows your IP. Now I would not just post it and say try and hack me. That only because DDOS attacks can happen.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
said by nonymous:

What do you mean by shown safely...

With IPv6 there is tunnel or native and also what ISP ID.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.
Expand your moderator at work

JoelC707
Premium
join:2002-07-09
Lanett, AL
kudos:5

1 recommendation

reply to aefstoggaflm

Re: How much of an IPv6 Address can be shown safely

Regarding IPv4, leaving off the last octet or first octet only doesn't really matter. You still have 256 possible combinations that can go in that octet, whether they are at the beginning or end is irrelevant. If you want to make things harder, leave out two octets.

Regarding IPv6, as mentioned, the first 4 segments are the network (just like the first three octets are the network in a IPv4 /24 subnet), assuming you are using a /64 subnet. You are free to use whatever subnet you want potentially so the network/host split could change. Leaving off one segment in IPv6 gives you more possible combinations to work through simply because IPv6 is hex (0-9, A-F) and IPv4 is just 0-255.

Overall, I don't think it matters. If you have a worthwhile firewall system, you should be able to withstand any attack thrown at you aside from a DDoS. If someone is going to take the time to guess at the last octet you left out to find you, you've got bigger things to worry about IMO (like what have you done to piss someone off? lol).


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

1 recommendation

reply to aefstoggaflm

said by Ray :
If your safety depends on someone not knowing your IP, something is wrong.
Why Ray???

Many ppl like to stay AS PRIVATE AS THEY CAN!! (Nothing wrong with that)


Clever_Proxy
Premium
join:2004-05-14
Villa Park, IL

1 recommendation

That's up for debate. Security by obscurity (or anonymity) is a false sense of security in my opinion. If your security is dependent on someone not knowing your address, then you need to revisit how secure your network really is.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
reply to aefstoggaflm

Re: How much of an IPv6 Address can be shown safely

Consider IP address on a same privacy level as your phone number. You can make it un-listed, you can reveal only few digits, but ultimately there are relatively easy ways to find your phone number or IP.

redwolfe_98
Premium
join:2001-06-11
kudos:1
reply to aefstoggaflm
as far as i know, using IPv6 is not safe under any circumstances..


Clever_Proxy
Premium
join:2004-05-14
Villa Park, IL

1 recommendation

If your firewall is up to snuff, v6 should be no different than v4. ip6tables does a very nice job with it.


Ray
Mahnahmahna
Premium
join:2001-04-02
Gilbert, AZ

1 recommendation

reply to Dude111

Re: ‏

said by Dude111:

said by Ray :
If your safety depends on someone not knowing your IP, something is wrong.
Why Ray???

Many ppl like to stay AS PRIVATE AS THEY CAN!! (Nothing wrong with that)

I certainly understand the desire for privacy. It's just that the IP is so integral to any communication on the Internet, trying to keep it a secret is like damming a river with a screen door. It's going to get past you with normal usage (unless you go to great effort like doing EVERYTHING through Tor or the like).
--
ON DELETE CASCADE

IamGimli

join:2004-02-28
Canada
kudos:2

1 recommendation

reply to aefstoggaflm

Re: How much of an IPv6 Address can be shown safely

Weird thread.

If something requires your IP address, it requires all of it. If it doesn't require it, why give up any of it, it's useless?


vaxvms
ferroequine fan
Premium
join:2005-03-01
Wormtown
kudos:3
Reviews:
·Charter
reply to Dude111

Re: ‏

said by Dude111:

Many ppl like to stay AS PRIVATE AS THEY CAN!! (Nothing wrong with that)

Then don't display any of the IP address.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8

2 recommendations

I think I can safely reveal that one of the bits in my IPv4 address is 0.

TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3
Reviews:
·Optimum Online
reply to Clever_Proxy
said by Clever_Proxy:

That's up for debate.

Not really

Security by obscurity (or anonymity) is a false sense of security in my opinion.

So I guess everyone should post their SSN and Name and Address without concern. By not posting them, we certainly are practicing security by obscurity.

If your security is dependent on someone not knowing your address, then you need to revisit how secure your network really is.

It is not that anyone's security depends on not posting their IP or Name or Address, it is more about, are there any risks associated with posting something, and do you know the risk and do you want to accept the risk. Certainly the risk of posting your IP address is minimal but certainly it does increase the chance of a DDoS if you aggravate someone who normally would not have access to your IP address.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.


neochu

join:2008-12-12
Windsor, ON

1 recommendation

said by TheWiseGuy:

said by Clever_Proxy:

That's up for debate.

Not really

Security by obscurity (or anonymity) is a false sense of security in my opinion.

So I guess everyone should post their SSN and Name and Address without concern. By not posting them, we certainly are practicing security by obscurity.

If your security is dependent on someone not knowing your address, then you need to revisit how secure your network really is.

It is not that anyone's security depends on not posting their IP or Name or Address, it is more about, are there any risks associated with posting something, and do you know the risk and do you want to accept the risk. Certainly the risk of posting your IP address is minimal but certainly it does increase the chance of a DDoS if you aggravate someone who normally would not have access to your IP address.

You have clearly never heard of running netstat and similar commands when you are directly connected to that server or in one on one communication :P

Its a really neat way to freak people out :P

Most applications will squack your full ip to someone else's application completely and totally (as it needs the full IP to transfer data or it fails totally) internally on their own systems. Its something that breaks the internet to do.

Unlike a PTSN code or Mac address which can be faked (outside of a proper trace phone companies will only do in legal situations), you cannot "hide" or fake your IP address.

You can however proxy or redirect to make it harder to trace with services like VPNs and TOR. That will make it "harder" (not impossible) to find you and any attacks will be at whatever forward computer they see.

You can also encrypt packets to prevent poeple from listening. Though like an article before has said. Heavy use of encryption out of the norm will have that data flagged and analyzed by governmental listening posts.


Clever_Proxy
Premium
join:2004-05-14
Villa Park, IL
reply to TheWiseGuy
While I understand that point, I can assure you that when I put a SIP server on an IP, it's no more than 3 days and scripts are attempting to compromise it... and I gave the address out to no one. My point is that if someone feels that by not giving out their IP address that their network is "more secure", then they are in for a surprise. Obviously, if you make enemies you don't want those enemies those enemies to have your addresses for malicious reasons. The fact that we're debating this point clearly makes the topic debatable.

TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3
Reviews:
·Optimum Online
reply to neochu
No question when you use the Internet some people will be able to get your IP address. Just as in life some people will have your street address. I can assure you, that does not mean that there is not an added risk if you carry around a sign giving everyone your address. It makes it easier for you to be targeted. Just as posting your IP in a forum makes it easier for you to be targeted.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.

TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3
Reviews:
·Optimum Online
reply to Clever_Proxy
What is not debatable is that people have a right to decide what info they give out, which was the point of the post to which you responded.

Yes, what the risks are in giving out your IP address certainly is debatable, but arguing it is security by obscurity certainly misses the mark since anytime we do not give out information, including our passwords, when we will be on vacation etc, is security by obscurity and any security expert who thinks that obscurity is not a basic security need is a fool.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.

nonymous
Premium
join:2003-09-08
Glendale, AZ

2 recommendations

reply to redwolfe_98

Re: How much of an IPv6 Address can be shown safely

said by redwolfe_98:

as far as i know, using IPv6 is not safe under any circumstances..

I am presuming sarcasm?


sivran
Seamonkey's back
Premium
join:2003-09-15
Irving, TX
kudos:1
reply to TheWiseGuy

Re: ‏

There's a difference between obscurity and secrecy.
--
Oh, Opera, what have you done?


mackey
Premium
join:2007-08-20
kudos:12

1 recommendation

reply to aefstoggaflm

Re: How much of an IPv6 Address can be shown safely

It depends on of it's native or tunneled. If it's an AT&T 6rd address, 32 of the top 64 bits is your full IPv4 address, so even showing which /60 you have gives away your IPv4 address.

I do agree with some of the others here though; giving out your IP should have no effect on your security. Privacy maybe, security no.

/M


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to aefstoggaflm
said by aefstoggaflm:

How much of an IPv6 Address can be shown safely

Strictly speaking -- all of it.

If your security depends on concealing your IP address, then you are in deep problems. Any web site you visit can see your IP address.
--
AT&T Uverse; Buffalo WHR-300HP router (behind the 2wire gateway); openSuSE 12.3; firefox 24.0

ducalen

join:2008-10-23
Canada
reply to aefstoggaflm
I could tell you the first 11 digits of my IP address, leaving you with 10 choices and you wouldn't be able to tell which address I'm at. In fact I could tell you my real IP address plus a fake one and you wouldn't know for certain which one was me. How would you? Even if I narrowed it down to 2 addresses, I could be behind a corporate router with 10,000 other users, or I could be at home with only 3 other devices using the same IP. Or I could be directly connected to my cable modem with no firewall running at all (that would not be smart obviously).


fartness
computersoc dot com
Premium
join:2003-03-25
Look Outside
reply to aefstoggaflm
I'd post my IP address without caring but my post would probably get edited by a moderator who has the "old way" of thinking. Not much most people would be able to do anyway that some bot hasn't tried on me and everyone else. These aren't the Zone Alarm/Black ICE days....


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
said by fartness:

I'd post my IP address without caring...

In doing so you would prove what?