• Activity
  • Votes
  • Comments
  • New
  • All activity
  • Showing only topics in ~comp with the tag "ipv4". Back to normal view / Search all groups
    1. How reliable is IP ownership information?

      I have interactive firewalls like OpenSnitch running on most of my desktop OS's. I like to see what is going on with my machines' network connections to learn about networking, infosec, and to...

      I have interactive firewalls like OpenSnitch running on most of my desktop OS's. I like to see what is going on with my machines' network connections to learn about networking, infosec, and to have have some peace of mind.

      Example workflow:

      1. Get a firewall notification of a new incoming connection to some process running on my machine
      2. If no DNS entry exists and only the IP address is provided, then I google the IP
      3. I find something like https://ipinfo.io/74.125.20.189
      4. I make a decision as to whether allow/deny based on the ownership info which I found in step 3.

      Aside from trusting the particular site presenting the ownership info, how reliable is this information regarding IP ownership?

      For example, if an IP came back as "Google" could it really be a GCP instance running a command and control server?

      Another example, I know that large corps own big blocks of IPv4, but they must lease these IP's out to whomever, right? I imagine there is some wild-west market for these with little accountability?

      Are either of these scenarios realistic? If so, is my entire workflow for "do I trust this IP" pointless?


      edit: btw, I used to catch and deny incoming connections from *.ru to the Windows legacy Skype client all the time. I cannot think of any non-evil reason why that should have been happening. That particular series of events is what really validated me doing this. If you can think of a non-evil reason for any incoming connections to skype from *.ru, please let me know.
      5 votes
    2. Why are so many websites (and CDNs) IPv4 only?

      One of the people in an IRC channel I frequent pointed out a site I've been building uses CDNs that are IPv4 only. I never realized this, I just assumed every major provider had deployed IPv6. Oh,...

      One of the people in an IRC channel I frequent pointed out a site I've been building uses CDNs that are IPv4 only. I never realized this, I just assumed every major provider had deployed IPv6. Oh, how very wrong I was. A quick check of some major (to me) sites shows a shocking lack of IPv6, including:

      • Bootstrap (stackpath.bootstrapcdn.com)
      • Discord
      • FontAwesome (use.fontawesome.com)
      • GitHub/GitHub pages
      • GitLab/GitLab pages (self-hosted supports IPv6, but officially hosted GitLab only supports IPv4 due to Azure limitations)
      • jQuery, IF you use code.jquery.com (some tutorials use ajax.googleapis.com, which does have IPv6, but an unfortunate amount use code.jquery.com, including the getting started page for Bootstrap)
      • Parts of Amazon/AWS (Amazon is IPv4 only, some of AWS is IPv4 only, including S3)
      • Reddit
      • Stack Overflow/Exchange/etc
      • Twitter

      An honorable mention goes to Angular's websites because the websites themselves are IPv4 only but the libraries are hosted on ajax.googleapis.com, which is IPv6 accessible. I checked npm, PyPI, RubyGems, and Tildes, and they all support IPv6.

      I can understand why companies like Amazon have partial support (upgrading can be a PITA if you're a cloud service provider with uptime requirements), but then you have services like Discord (launched in 2015 with no obligation to maintain service) that only support IPv4. At the very least, I'd expect CDNs referenced by thousands (if not millions) of webpages to be on IPv6 by now.

      Am I missing something? CDNs are pretty static, it's just a matter of choosing one that supports IPv6, you don't even need to update your application if you just change the DNS entries.

      13 votes