[ipv6hackers] Is there a telecom company which adpated IPv6 network on LTE?
Marco Ermini
marco.ermini at gmail.com
Thu Aug 15 13:50:04 CEST 2013
If you are in Europe or anyway outside of USA, it is very unlikely you have
a public IPv4 address on a mobile (cellular) network (be it LTE or just 3G).
Even if it *appears* to be public, you are probably NATted anyway.
The reason is very easy, it's called overbilling and battery drowning
attacks. In 3G networks (and on LTE networks which are still supported by
legacy infrastructure), your IP connectivity is a layer on top of your
mobile connection, and your PDP context (billing record) is allocated when
you are given an IP address, and you are billed for the time you are "on
line". If you are reachable via UDP, an attacker can keep you on line more
than you would like, and also exhaust your battery. Therefore normally a
mobile operator shields you from being "so" reachable.
On "pure" LTE the paradigm is a little different as you are supposed to be
always on line - you have always an IP address, and even your voice and
signalling are transmitted via IP (although there are fallback options to
the older technologies if required/configured).
I am aware of course of the VZW implementation but I am not sure which kind
of LTE is deployed.
PS. NAT was not born to provide security, but it provides _some sort_ of
security, and moreover it allows easier full logging of the traffic...
Hope this helps.
Cheers
On 29 May 2013 12:23, Eric Vyncke (evyncke) <evyncke at cisco.com> wrote:
> I do not want to be rude, but, what is the difference between your use
> case and my smart phone which has a public IPv4 address on its cellular
> interface?
>
> AFAIK, in IPv6 mobile phones get a /64, so, a lot if not all layer-2
> attacks related to IPv6 do not apply
>
> Eric
>
>
>
>
> Le 29 mai 2013 à 08:25, "김무성" <disaster at sk.com> a écrit :
>
> > One of advantage which deploy ipv6 network on telecom is that all
> smart-phone can have a public IPv6 address.
> > But it cause security problem that hacker can attack smart-phone
> directly.
> > If deploy a NAT6/6 or NAT6/4 device for security, availability of ipv6
> is low
> > And have to have ALG (Application Layer Gateway) device for providing
> service. (ex, SIP ALG for VoIP on LTE, etc)
> >
> > Is there a solution that use public IPv6 address on smart-phone and
> strengthen security?
> > _______________________________________________
> > Ipv6hackers mailing list
> > Ipv6hackers at lists.si6networks.com
> > http://lists.si6networks.com/listinfo/ipv6hackers
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>
--
Marco Ermini
root at human # mount -t life -o ro /dev/dna /genetic/research
http://www.linkedin.com/in/marcoermini
"Jesus saves... but Buddha makes incremental back-ups!"
More information about the Ipv6hackers
mailing list