Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1468
Views
0
Helpful
1
Replies

Can servers derive the user IPv6 block of an address?

Saimonhashmi08
Level 1
Level 1

‎11-29-2021 01:15 AM - edited ‎11-29-2021 01:16 AM

Internet Service Providers (ISPs) assign users large IPv6 blocks (~/64) containing millions of IPv6 addresses. If a user was to ping a server using 2 different IPv6 addresses from his given IPv6 block, would the server be able to trace the IPs back to the same Internet user (i.e. same IPv6 block)? Website

My understanding is that they could easily find out the IPv6 block of the ISP as this information is publicly available, but I'm not so sure about the IPv6 block of the user as this depends on how the ISP decides to split its block internally.

OLANSICHINA
Labels:
0 Helpful
1 Reply 1

Seb Rupik
VIP Alumni
VIP Alumni

‎12-01-2021 01:04 PM

Hi there,

There are two feasible ways a single device could be identified via an IPv6 connection (notice I say device and not user!). If the IPv6 interface was not using privacy extensions and used a standard EUI-64 address, a MAC address could be easily identified as it appeared on different IPv6 prefixes. A device would have to have a very old IPv6 network stack for this to occur as privacy extensions being enabled is the more likely scenario.

The second method of identification, depends on the protocol, in particular I am thinking of HTTP/S and browser fingerprinting, which would help identify a browser as its IPv6 (and also IPv4) address changed. That is a passive method of identification.

It may be possible to actively probe an IPv6 (or IPv4) address and derive an OS fingerprint, although this does not give very high fidelity nor many attributes to unique identify a host. It also requires network security devices along the path to permit an active scan and for the host to stay online long enough for it to complete. This is also the least scalable method of identification!

 

The only way for a user to be tied to multiple IP addresses would be for the user to go through some authentication process and your server to have visibility of the contents of that traffic flow.

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card