[ppml] IPv6, child pornographers and Ray Plzak

Joe Baptista baptista at dot-god.com
Thu Oct 10 13:35:11 EDT 2002


The subject line says it all - IPv6 is a great protocol for free speech
and other sorted activities.

Now the problem I'm having is trying to get ARIN to answer some questions.

It seems Mr. Plzak does not seem to take his job seriously.

It's my position were watching IPv4 and IPv6 assets be squandered with all
these price fixing plans.  And all I get from ARIN is the standard no
comment.

---------- Forwarded message ----------

   http://www.circleid.com/articles/2543.asp

   IPv6: In Search Of Internet Security
   October 9, 2002 By Joe Baptista

   My recent articles on IPv6 published this past September 12 and
   25 have left many users with the impression that IPv6 (Internet
   Protocol version 6) is secure. This is a false assumption. Internet
   security is more an act of faith in a complex science draped in a
   religious mystery - in other words non-existent. In my opinion,
   Internet security has never existed. Any protocol can be violated.
   IPv6 has the power to make users' communication more secure during
   transmission. It also can be a security nightmare. So be warned, users
   of IPv6 - it will bypass your firewall settings but it will give your
   users enhanced privacy. But the experts are working on it.

   To understand Internet security it's always a good idea to go back in
   history. The Internet was a military sponsored communication project
   developed under DARPA (The Defense Advanced Research Projects Agency).
   The idea at the time was to distribute computer resources by
   decentralizing control and increasing redundancy on United States
   military and government networks. The goal was to prevent a first
   strike from taking out computational and communication facilities
   essential to operations. If the red menace (Soviet Union) bombed a
   computer facility in Kansas the network would route around the damage
   and survive.

   DARPA planners unfortunately were short sighted and did not
   anticipate the technology would become an international standard for
   communications. The community of users and networks connected to DARPA
   were small and trusted so security concerns were a low priority. The
   end result was the deployment of insecure protocols that have kept
   many security experts gainfully employed. Even secure protocols are
   hacked. Today there are millions of compromised computer systems busy
   trying to hack other computers. And many of those busy hacking
   computers may no longer be under the control of the original script
   kiddy hacker who launched them. In fact I suspect many such computers
   are operating independently of a human operator.

   IPv6 does fix a lot of the privacy issues and has some added security
   features that make it a better transport. Keith Moore, a researcher
   with the computer science department at the University of Tennessee,
   points out that "security is not an IPv6 issue any more than it is an
   IPv4 issue - probably slightly less." Moore, a former applications
   area director to the Internet Engineering Steering Group, points out
   that users of IPv6 will have an added advantage over IPv4. IPv6
   transports traffic using the IPsec security protocol.

   IPv4 connections move traffic around in the clear (plain text). It is
   up to the user to ensure traffic is encrypted. Sniffer programs at
   various Internet exchange points can easily intercept most user web
   and email traffic. Cable users sometimes install sniffer programs to
   monitor and record IPv4 transmissions. In most cases they don't have
   the means to decrypt security protocols and they do it mostly for the
   fun and entertainment value. So don't panic, your credit card is still
   confidential provided you used it over a secure web session. However
   don't expect to send your credit card data to Uncle Steve via email.
   If you have however emailed confidential information to someone
   chances are your message was transported as plain text and can be
   subject to interception.

   The industry would agree that IPv4 is a brain dead protocol and those
   predicting it's death have good reasons for their position. Government
   programs like carnivore depended on IPv4 vulnerabilities to be
   successful. Carnivore is a tool that has revitalized worldwide respect
   for the FBI in the intelligence community. The program intercepts and
   analyzes Internet traffic and is classified by the FBI as a diagnostic
   tool. Carnivore is also a motivating factor in the transition to IPv6
   by American, European and Japanese governments.

   Governments understand their vulnerabilities under IPv4; their
   intelligence departments have diagnostic tools too. IPsec makes IPv6
   less prone to man in the middle interception or attacks. User data
   under IPv6 is encrypted across the transmission end points. Sure the
   intelligence establishment has the means to break encrypted protocols
   but that's an expensive affair. Carnivore has not been effective in
   catching terrorists who communicate using encrypted channels. But it's
   been very effective in catching child pornographers that have yet to
   discover the privacy features available to them under IPv6. It is easy
   to envision that Carnivore will become a useless diagnostic tool under
   the new protocol.

   But in many cases IPv6 systems can be less secure. Your firewall may
   prevent access to your Microsoft shares under IPv4 but they will be
   wide open to IPv6 users. Iljitsch van Beijnum a freelance network
   specialist and author of "Border Gateway Protocol" the network routing
   howto manual has some concerns when it comes to security. Beijnum
   warns that many Unix boxes are heavily firewalled in IPv4 but not in
   IPv6. "If you happen to be on their local link (hello wireless)" said
   Beijnum "you can circumvent the IPv4 access restrictions for services
   that are v6-enabled". He explains that in most cases users don't even
   know the box is doing IPv6. User should secure their systems prior to
   turning on or installing IPv6 services.

   On the brighter side of the IPv6 universe, workstations will be easier
   to hide from the evil hacker. An IPv6 allocation contains addresses in
   the trillions. This means old hacker tricks like scanning a network
   will become less affective. When your workstation uses one address out
   of trillions it makes targeted probes a less likely menace to an
   individual or organization. IPv6 workstations, which use privacy
   extensions for stateless address autoconfiguration, will certainly
   benefit. However systems which are using old IPv6 protocol stacks that
   do not incorporate the privacy extensions developed by Thomas Narten
   of IBM and Track Draves at Microsoft Research will most likely be
   targets for tracking. Old IPv6 protocols may publish your workstation
   or laptops unique electronic fingerprint. Make sure your IPv6 system
   is RFC 3041 compliant or else your privacy may be at risk.

   Conclusion: IPv6 is a protocol that delivers on user privacy. If you
   want your enterprise servers to provide privacy to your facilities
   then IPv6 is the way to go. If you want security the best advise I can
   give any Internet user is that you pray and have faith or disconnect
   your computer when not in use. Enterprises, non-profit organizations,
   governments and small business that have a need for privacy should
   consider a transition to IPv6. But make sure you get a security check
   done on your systems. Those interested in connecting to the IPv6
   network should visit the IPv6 forum and I maintain a [28]list of
   providers. Enjoy!

   --

   Joe Baptista is a managing director of The dot.GOD Registry,
   Limited a not for profit provider of network infrastructure, and
   domain names inclusive namespace. Joe is also involved in Internet
   governance as a member of the General Assembly of the Domain Name
   Supporting Organization (DNSO) of The Internet Corporation for
   Assigned Names and Numbers (ICANN). Joe has been interviewed by the
   leading Canadian newspapers, radio and television on various Internet
   issues.










More information about the ARIN-PPML mailing list