Well, that was interesting, but a warning for anyone testing from Plusnet...
Shadow Hawkins on Sunday, 10 March 2013 18:43:27
Well, that was an interesting brief foray into the world of IP V6.
Unfortunately, having gone through the whole signup/verify/get myself IPV6-ready thing, I subsequently found that when you switch to a static IP with Plusnet, that maps back to your username, and of course that opens up large security problems.
They say they can give me another fixed IP without the personal details in the rDNS, but it will be a different IP. And as I don't have enough credits to re-request a tunnel with the new IP, I guess that's the end of the experiment here.
I feel slightly guilty as human intervention was involved in verifying the account and tunnel request, on the other hand, I feel annoyed at Plusnet for a clear breach of personal data. So let that be a warning for anyone else in the UK with Plusnet! One day I might put my Raspberry PI to good use as a Heartbeat server and see if I can use a dynamic IP.
For now, though, I'd like to thank SixXs for helping put me onto the V6 path.
I can now telnet into and configure my router, I have a much better (if not complete) understanding of IPV6 addressing and subnets, and that can't be a bad thing :)
Well, that was interesting, but a warning for anyone testing from Plusnet...
Jeroen Massar on Sunday, 10 March 2013 19:33:11 I subsequently found that when you switch to a static IP with Plusnet, that maps back to your username, and of course that opens up large security problems.
What kind of "security problem" would that be?
And as I don't have enough credits to re-request a tunnel with the new IP, I guess that's the end of the experiment here.
One can always change the endpoint of the tunnel. Log in to the user home, click on the tunnel in the tunnel list and there you get a wealth of options, amongst others one to change the endpoint of the tunnel.
Well, that was interesting, but a warning for anyone testing from Plusnet...
Shadow Hawkins on Monday, 11 March 2013 00:10:39 One can always change the endpoint of the tunnel. Log in to the user home, click on the tunnel in the tunnel list and there you get a wealth of options, amongst others one to change the endpoint of the tunnel.
Ah, thank you. But am I looking in the right place?
My account says:
Credits:10 ISK
The credit system says:
Moving a tunnel's endpoint / Change Tunnel Type debits 15
https://www.sixxs.net/home/tunnelinfo/?xxxxx offers me the chance to change type and endpoint, but seeing as it costs 15C and I have 10C, even if I wanted to move it to a different type, I'm still stuck, no?
Should I at least disable the tunnel for now until I can figure this out, so I don't suddenly find myself booted for inactivity?
What kind of "security problem" would that be?
Problems! Not least when your username is your real name.
Then of course, let's say your job is to certify that importers aren't importing endangered species product, and you're sending an email pretending to be someone interested in importing ivory. I don't know about you, but everywhere I've worked, incoming customer emails are logged against a looked-up IP address. If your name is fairly well known as a certifier, then it's going to look a bit odd if Mrs Chen is posting from a Mr Harris' account. And so on.
But that's not your problem, just a gripe between myself, my ISP and a whole bunch of customers who only just discovered this.
Well, that was interesting, but a warning for anyone testing from Plusnet...
Jeroen Massar on Monday, 11 March 2013 07:51:29 I'm still stuck, no?
You can still change it, you'll just go negative. If you don't go negative too much there is no problem though.
If your name is fairly well known as a certifier, then it's going to look a bit odd if Mrs Chen is posting from a Mr Harris' account.
Then do not lie....
If you need to be anonymous on the Internet, there is a magic tool called Tor that resolves most of the issue (that is, the transport, not the content).
Well, that was interesting, but a warning for anyone testing from Plusnet...
Shadow Hawkins on Tuesday, 12 March 2013 21:49:24
Jeroen Massar wrote:
You can still change it, you'll just go negative.
You're right! I hadn't spotted that before. OK, so about 5 hours ago I re-activated the tunnel and changed the static IP to reflect the new one.
I logged into the router and double checked everything:
# ifname encap mtu sourceintf source destination flags
2 6in4tunnel 6in4 1280 Internet 84.92.52.xx 77.75.104.xx
I checked and double checked that nothing else had changed. But 5 hours later, I'm still not getting IPV6 goodness happening.
On my log, it says:
2013-03-12 16:46:44Moved tunnel T118586 from 81.174.169.xx to 84.92.52.xx
On the tunnel info page it says:
Your IPv4 Static, currently 81.174.169.xx
Config State Enabled
Last Alive 2013-03-09 02:15:45 UTC
Last Dead 2013-03-12 16:46:44 UTC
On the tunnel type endpoint, it says:
84.92.52.xx < [correct].
On the pop status page it says:
Outer Us 77.75.104.126
Outer Them 81.174.169.242 < [old IP]
Tunnel State disabled
When I first set it up, it took just under 2 hours to get the tunnel going after requesting it.
Do I need to just be patient here, or does it look like something has got stuck somewhere?
Well, that was interesting, but a warning for anyone testing from Plusnet...
Shadow Hawkins on Tuesday, 12 March 2013 20:53:57
Jonathan Harris wrote:
Well, that was an interesting brief foray into the world of IP V6.
Unfortunately, having gone through the whole signup/verify/get myself IPV6-ready thing, I subsequently found that when you switch to a static IP with Plusnet, that maps back to your username, and of course that opens up large security problems.
They say they can give me another fixed IP without the personal details in the rDNS, but it will be a different IP. And as I don't have enough credits to re-request a tunnel with the new IP, I guess that's the end of the experiment here.
I feel slightly guilty as human intervention was involved in verifying the account and tunnel request, on the other hand, I feel annoyed at Plusnet for a clear breach of personal data. So let that be a warning for anyone else in the UK with Plusnet! One day I might put my Raspberry PI to good use as a Heartbeat server and see if I can use a dynamic IP.
For now, though, I'd like to thank SixXs for helping put me onto the V6 path.
I can now telnet into and configure my router, I have a much better (if not complete) understanding of IPV6 addressing and subnets, and that can't be a bad thing :)
You could just use the tunnel for other things for a week or two until you have enough credit?
Or you could use a proxy. tor is slow and a bit of overkill, but there are nearly unlimited numbers of simple web proxies you could use, many for free
Posting is only allowed when you are logged in. |