FritzBox setup
Carmen Sandiego on Saturday, 05 March 2011 12:52:25
I requested an ayiya tunnel, which I *can't* setup on [my] Windows 7 as creation of a TAP device fails: https://www.sixxs.net/forum/?msg=setup-3778033
To escape this shortcoming, I may configure a Heartbeat tunnel on my FritzBox; present ISK is 15: As far as I understand, I have to request a new Heartbeat tunnel (-10 ISK), create it [on Ubuntu] for a couple of weeks (+2x5 ISK), request a subnet for this tunnel (-10 ISK), get it approved (-4 ISK) and a name server configured (-1 ISK).
After this I may get it working my FritzBox, right?
I need to work on my Windows system. All I can do is to boot Ubuntu once a day and create the tunnel for a minute or two. Will this be sufficient to get the credits?
By the way, what is this weird ISK system supposed to be good for? Do you believe we would otherwise request a hell of a lot of unnecessary things all the time?
FritzBox setup
Carmen Sandiego on Saturday, 05 March 2011 13:07:39
Just noticed:
...request a new Heartbeat tunnel (-10 ISK), get the tunnel approved (-5 ISK), create it [on Ubuntu] for three weeks (+3x5 ISK)...
FritzBox setup
Shadow Hawkins on Saturday, 05 March 2011 15:33:20 Do you believe we would otherwise request a hell of a lot of unnecessary things all the time?
You wouldn't but there is probably someone out there who would (even if they had no actual use for the resources).
FritzBox setup
Jeroen Massar on Saturday, 05 March 2011 15:38:58 I need to work on my Windows system. All I can do is to boot Ubuntu once a day and create the tunnel for a minute or two. Will this be sufficient to get the credits?
It would not be at all.
After this I may get it working my FritzBox, right?
Or you could look in your log and see that that has been resolved now so that you can actually directly use it.
By the way, what is this weird ISK system supposed to be good for? Do you believe we would otherwise request a hell of a lot of unnecessary things all the time?
Check the history, SixXS exists for a long time, and yes it happened a lot.
The credit system serves two main purposes and resolve a number of others:
- Get people to care about their tunnel
(if it does not ping they lose credits for static ones, if dynamic ones don't ping they can't request a subnet or more tunnels, set up reverse DNS)
- Stop people wasting resources.
The credit system is not there to stop people from using IPv6 for good purposes though. See the FAQ for more details.
FritzBox setup
Carmen Sandiego on Saturday, 05 March 2011 19:59:07 Or you could look in your log and see that that has been resolved now so that you can actually directly use it.
Works like a charm. Thanks a lot.
I apologize for criticizing the ISK system. After I figured out what to do next it seemed to be a little over-tight...
FritzBox setup
Carmen Sandiego on Sunday, 06 March 2011 00:53:38
Well, I directly set it up and use it courageously. I am not sure whether I really want this. Is there a page about privacy implications? Couldn't find anything in the FAQs.
My IPv6 can easily be queried in the RIPE database or your whois, thus leading to my details. This means, that after a look to the web server's log an admin could mail me to express his appreciation for visiting his site again. And I can't circumvent this for any server with IPv6 connection? Do I get this right?
FritzBox setup
Shadow Hawkins on Sunday, 06 March 2011 03:17:46 My IPv6 can easily be queried in the RIPE database or your whois, thus leading to my details.
You've tried this?
FritzBox setup
Carmen Sandiego on Sunday, 06 March 2011 08:28:34
Sure !
FritzBox setup
Carmen Sandiego on Sunday, 06 March 2011 08:57:40
Try it yourself:
SixXS Whois
-----------
Log out at SixXS to make sure this doesn't affect results and
https://www.sixxs.net/tools/ipv6calc/
http://www.sixxs.net/tools/whois/
Regional Internet Registry database query
-----------------------------------------
For me this is http://www.db.ripe.net/whois ,
for you very likely
https://www.arin.net/ , search slot top right, or
http://whois.arin.net/ui/advanced.jsp
Let me know your findings, please.
FritzBox setup
Jeroen Massar on Sunday, 06 March 2011 09:06:12
That is correct. The moment you get assigned resources you are linked to those resources and thus whois allows one to find them. That is the whole point of WHOIS.
As you have a RIPE handle, you should have realized that you registered your details in a public database.
FritzBox setup
Carmen Sandiego on Sunday, 06 March 2011 10:48:17 As you have a RIPE handle, you should have realized that you registered your details in a public database.
Yes, and its also mentioned in your FAQ.
Why does SixXS need my valid address information?
See it like the case where you are a client of SixXS and that we are your ISP.
Usually an ISP registers its IP range at RIPE, *not* me. Presently, I get a daily changing public IPv4 from this range, which grants me privacy. Why didn't SixXS register its whole IPv6 range at RIPE, thus giving me at least some privacy?
Even if SixXS had done this, and wouldn't have made its whois database publicly available, I will always have to use a global unicast address of my subnet. This wouldn't reveal my details but still leave me trackable by subnet. Are there generally any plans to circumvent this?
Please don't misunderstand me, I don't intend to blame SixXS. In fact, finding answers to such questions is more or less why I requested access.
FritzBox setup
Carmen Sandiego on Sunday, 06 March 2011 10:50:51
*, how do I quote like everybody else?
FritzBox setup
Jeroen Massar on Sunday, 06 March 2011 11:20:58 Usually an ISP registers its IP range at RIPE, *not* me.
that is the case here also, SixXS assigns a prefix to you, and registers it in the RIPE database, as it is required to by RIPE NCC.
Presently, I get a daily changing public IPv4 from this range, which grants me privacy.
It does not grant you any privacy at all. There are a lot of ways to track who you are. You might want to look at the presentation I gave at CCC's 27C3.
Also note that when one queries the SixXS whois database that it will also show the current IPv4 endpoint of the tunnel.
Why didn't SixXS register its whole IPv6 range at RIPE
The covering prefix is registered, ask for the /40 and you will see that. Also note that the IRT object and various other objects point to SixXS next to abuse remarks etc.
thus giving me at least some privacy?
because RIPE NCC requires that all assignments are properly registered in their whois database.
Note that you won't gain any 'privacy' from this as one can't automatically (at least at query rates high enough for it to be useful) query the RIPE database, nor the SixXS one.
The big question of course is what you are trying to hide.
FritzBox setup
Carmen Sandiego on Sunday, 06 March 2011 13:39:30 You might want to look at the presentation I gave at CCC's 27C3.
Watched the live stream; also copied to review in detail.
because RIPE NCC requires that all assignments are properly registered in their whois database.
Interesting future prospects. Presently, I believe, a judgment is needed to get the personal details for an IP address. This is going to be brushed away with IPv6? No discussion to prevent that?
The FritzBox' IPv6-Forwarding help page allows the conclusion that the network prefix changes in regular intervals!?
The big question of course is what you are trying to hide.
Nothing yet. Just don't wish customers of my favorite sites ringing on my door to offer services. It is definitely interesting to know what somebody may be able to collect how.
FritzBox setup
Jeroen Massar on Sunday, 06 March 2011 14:01:44 Interesting future prospects. Presently, I believe, a judgment is needed to get the personal details for an IP address. This is going to be brushed away with IPv6? No discussion to prevent that?
Depends on the ISP and the IP address. If your data is in the WHOIS server, then no such thing is needed. In other cases, depends on the ISP if they are willing to cooperate or if they indeed enforce that the LEO goes the route they are supposed to take, but they can just hand the data over if they want to, that is their call, they do not need to though.
For IPv4 most people do not get a direct assignment and generally only get a single non-static IP address. If you do get a static IPv4 assignment (eg a /28 or larger) you generally also get correctly registered in the relevant registry. Same for IPv6.
If LEO comes to SixXS asking about information we don't mind providing them with information necessary though and we rather avoid that problem at all by proper screening of users at signup time already. People who have LEO after them generally are not fit for our service as they are probably causing too much trouble already.
The FritzBox' IPv6-Forwarding help page allows the conclusion that the network prefix changes in regular intervals!?
Ask AVM about that. I do not use Fritz!Box for IPv6 forwarding as it has too many shortcomings compared to a host I have full control over.
Just don't wish customers of my favorite sites ringing on my door to offer services.
If you have a -SIXXS handle you can hide your address details. See the FAQ.
As you have a RIPE handle though, you already opted to publish it publicly.
FritzBox setup
Shadow Hawkins on Sunday, 06 March 2011 14:57:27 Let me know your findings, please.
My IPv6 IP reverses to my tunnel provider just as my IPv4 IP reverses to my ISP. I am not in the ARIN database because I have not put myself there.
Why did you get a RIPE handle if you did not want to be in the RIPE database? That's what it's for!
FritzBox setup
Jeroen Massar on Sunday, 06 March 2011 15:17:33 My IPv6 IP reverses to my tunnel provider just as my IPv4 IP reverses to my ISP. I am not in the ARIN database because I have not put myself there.
Unless you own the prefix you can't put yourself in there either.
Do note that ARIN has IMHO quite a crappy delegation model.
It is high time they started deploying an RPSL capable WHOIS database.
They can do "rwhois" style delegations, but those are not very useful.
Then again, from the hostnames seen in traceroutes it should be apparent that it is address space assigned to SixXS and then people can always query whois.sixxs.net which contains the information from all the prefixes managed by SixXS.
FritzBox setup
Shadow Hawkins on Sunday, 06 March 2011 15:42:05 Do note that ARIN has IMHO quite a crappy delegation model. It is high time they started deploying an RPSL capable WHOIS database.
It seems unlikely that when IPv6 takes over they are going to publish several hundred million names and addresses.
Then again, from the hostnames seen in traceroutes it should be apparent that it is address space assigned to SixXS and then people can always query whois.sixxs.net which contains the information from all the prefixes managed by SixXS.
I've never labored under the delusion that my name and address were secret and I can think of no reason I should be ashamed of being associated with SixXS.
FritzBox setup
Jeroen Massar on Sunday, 06 March 2011 18:11:58 It seems unlikely that when IPv6 takes over they are going to publish several hundred million names and addresses.
Theoretically they are already doing so. The problem is that ARIN does not require the RWHOIS instances at the ISPs to be publicly available, and on top of that they are generally really badly maintained.
FritzBox setup
Shadow Hawkins on Sunday, 06 March 2011 19:12:41 The problem is that ARIN does not require the RWHOIS instances at the ISPs to be publicly available...
Why should they?
FritzBox setup
Carmen Sandiego on Sunday, 06 March 2011 22:49:00
In the FAQ, the '10 easy mini steps' starts with an either-or. As the almost only reason why I requested access is understanding IPv6 more detailed, I chose the RIPE-handle variant. Thought that otherwise SixXS will create it for me anyway. I had actually no idea what exactly I was doing.
Posting is only allowed when you are logged in. |