blog.darkstar.work - a simple url encoder/decoder

 a simple url encoder/decoder
 http://blog.darkstar.work

Labels

Wirtschaft (152) Pressefreiheit (131) Österreich (123) IT (98) code (62) Staatsschulden (37) EZB (27) Pensionssystem (16)

2024-01-20

Great ipv6 news from austrian mobile networks

Great ipv6 news from austrian mobile networks

Allmost all mobile providers in Austria implemented ipv6 protocol for 3G/4G/5G mobile net. 
When running ifconfig inside an android terminal, you can see, if ipv6 is already enabled at your device.

I tried to ping6 my little amazon server ipv6.darkstar.work and ping6 over icmp succeeded. 


When pinging6 from android, I started a tcpdump on my little amazon server in Oregon, to see if packets are coming well through.
Then, I tried to ping6 in the opposite direction and was so delighted. that the icmp6 ping6 from amazon subnet in Oregon passed without routing or netfilter blocking problems to my android device.



I was courious, if a service broker from the internet could reach a server socket on my android, so I installed Simple HTTP Server:


I tested my local android device http server successfully by using curl, wget, lynx and a test once from Tor Onion Router.
 
You can use of course another http fs server, like:

Future prospects for ipv6 on smartphones

If current configuration from service providers and routing of ipv6 protocol (without adding netfilter, SNAT/DNAT or mangeling chains or tables) will stay, as it is, then we will see some scopes for new apps or improvments or optional add ins.

Endpoint to endpoint ipv6 apps 

Application opening a directly ipv6 socket connection from smartphone endpoint to smartphone endpoint will soonly be a reachable implementation goal.
This means an increase of security in case of new text or voice over ipv6 messenger services, because no central relay will play a key role with a man in the middle anymore.
Even a fast and cheap directly and secured Voice over IP application will be availible in near future.



VPN with several smartphones as a private distributed network 

A virtual private network with exclusive access to all certificates member with a single company gateway to the internet will also be possible in that scenario.
Some very paranoid companies want, that all there employess pass a BlueCoat or similiar gateway, when connecting to the internet to avoid other man in the middle scenarios or unintentional data transfer, that they can't block.

Conclusion

ipv6 is has been neglected for too long, even though there are many problems with SNAT, DNAT and tunneling in ipv4 from private networks or even ugly evil things like SNAT/DNAT on official ipv4 addresses some kind of invisible bending classic (route table) routing.

Risks

Using completley unfiltered ipv6 access to any mobile device is surley a security risk:
  1. Totally unfiltered ipv6 access makes devices vulnarable for port scans, ping, SYN floods and other DDOS attack variants.
    (Please don't oversecure here, because the benefits from direct endpoint to endpoint ipv6 connection access are huge and various!)
  2. When server sockets are reachable from ::/0 spyware could try to get user data or block the server socket for permissible and authorized connection call.
    Normal smartphone users ordinarily don't have root access to underlaying linux os and they neither can't ALLOW nor BLOCK specially selected address space / sconnections.

Links

Keine Kommentare:

Kommentar veröffentlichen