[dns-operations] "How Dynamic are IP Addresses?" (SIGCOMM, January 2007)

Jeroen Massar jeroen at unfix.org
Mon Sep 3 09:34:48 UTC 2007


bmanning at vacation.karoshi.com wrote:
> On Fri, Aug 31, 2007 at 01:15:56AM +0000, paul at vix.com wrote:
>>>> sorry about that, dunno what happened.
>>> Want to try the link, again?
>> http://www.sigcomm.org/ccr/drupal/files/fp179-xie.pdf
>> _______________________________________________
> 
> 
> 	it was a nifty preso - a couple of points that I brought
> 	up w/ the author:

Very nifty and insightful indeed. (Also the part which effectively
states that they actually have a log of from which IP every person ever
logged in from... very insightful... ;)

> 	a) how does one get "off" the dynamic pool?

I guess by not having multiple people login from your IP address
(range). When you are the sole person always logging in from that
address then if I read the paper correctly it should deem you as static.
Not using hotmail and/or most likely any of the other "live" services
will also help out quite a bit. As such, "colo" facilities should be
safe, unless somebody installs a tool like bitlbee with which one can
login to MSN on a console, then have multiple users use it and you are
dynamic again.

> 	b) granularity of pooling algo? - it does hid small static blocks
> 	c) no IPv6 support - e.g. RA/ND is invisable to this approach

Actually, RA/ND can be 'detected' in one way at least as they all have
the EUI-64 format. Then you can make a wild assumption that the address
is more or less 'static', but even better you can track that
laptop/workstation when it changes networks around based on it's EUI-64.
One can't "track" RFC3041 based on that part of course, but you can
easily see that the first 64 or even 48 bits remain the same. Also, the
keypart in tracking people there is really the login. As such the most
information you get is whether the person likes to move around or not,
as the address of the host might change already because of RFC3041,
which is enabled per default for Vista&XP.

Of course, collecting addresses can be done in quite an number of ways,
as detailed in http://www.cs.columbia.edu/~smb/papers/v6worms.pdf

I guess (it is to be seen how it really gets deployed) and hope that
IPv6 will be of quite a less dynamic nature than IPv4, with most homes
getting a static IPv6 allocation for use, which is more or less required
when you give a /48 to an enduser as ISPs are supposed to be doing
according to current RIR policies.

What is the 'bad' problem is that hotmail doesn't have IPv6 support yet.
I actually hoped that along with Vista they would be starting to operate
support for all their websites and MX's.

Greets,
 Jeroen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20070903/af14cdbd/attachment.sig>


More information about the dns-operations mailing list