[ipv6hackers] Is there a telecom company which adpated IPv6 network on LTE?

김무성 disaster at sk.com
Fri Aug 23 03:13:38 CEST 2013


Earnestly,

Our country do not use public IP on mobile.
One of Telecommunication company has 27,000,000 customer.
Public IP pool can't cover it.
But, IPv6 can.

Nowadays, there are many applications (300,000~500,000).
Their server send a push msg to mobile. Whenever.

It is not easy work that configure ruleset of firewall for IPv6 environment.



-----Original Message-----
From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-bounces at lists.si6networks.com] On Behalf Of Marco Ermini
Sent: Thursday, August 15, 2013 8:50 PM
To: IPv6 Hackers Mailing List
Subject: Re: [ipv6hackers] Is there a telecom company which adpated IPv6 network on LTE?

If you are in Europe or anyway outside of USA, it is very unlikely you have a public IPv4 address on a mobile (cellular) network (be it LTE or just 3G).

Even if it *appears* to be public, you are probably NATted anyway.

The reason is very easy, it's called overbilling and battery drowning attacks. In 3G networks (and on LTE networks which are still supported by legacy infrastructure), your IP connectivity is a layer on top of your mobile connection, and your PDP context (billing record) is allocated when you are given an IP address, and you are billed for the time you are "on line". If you are reachable via UDP, an attacker can keep you on line more than you would like, and also exhaust your battery. Therefore normally a mobile operator shields you from being "so" reachable.

On "pure" LTE the paradigm is a little different as you are supposed to be always on line - you have always an IP address, and even your voice and signalling are transmitted via IP (although there are fallback options to the older technologies if required/configured).

I am aware of course of the VZW implementation but I am not sure which kind of LTE is deployed.

PS. NAT was not born to provide security, but it provides _some sort_ of security, and moreover it allows easier full logging of the traffic...

Hope this helps.


Cheers


On 29 May 2013 12:23, Eric Vyncke (evyncke) <evyncke at cisco.com> wrote:

> I do not want to be rude, but, what is the difference between your use 
> case and my smart phone which has a public IPv4 address on its 
> cellular interface?
>
> AFAIK, in IPv6 mobile phones get a /64, so, a lot if not all layer-2 
> attacks related to IPv6 do not apply
>
> Eric
>
>
>
>
> Le 29 mai 2013 à 08:25, "김무성" <disaster at sk.com> a écrit :
>
> > One of advantage which deploy ipv6 network on telecom is that all
> smart-phone can have a public IPv6 address.
> > But it cause security problem that hacker can attack smart-phone
> directly.
> > If deploy a NAT6/6 or NAT6/4 device for security, availability of
> > ipv6
> is low
> > And have to have ALG (Application Layer Gateway) device for 
> > providing
> service. (ex, SIP ALG for VoIP on LTE, etc)
> >
> > Is there a solution that use public IPv6 address on smart-phone and
> strengthen security?
> > _______________________________________________
> > Ipv6hackers mailing list
> > Ipv6hackers at lists.si6networks.com
> > http://lists.si6networks.com/listinfo/ipv6hackers
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>



--
Marco Ermini
root at human # mount -t life -o ro /dev/dna /genetic/research http://www.linkedin.com/in/marcoermini
"Jesus saves... but Buddha makes incremental back-ups!"
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers


More information about the Ipv6hackers mailing list