IPv6的移动电话上

您可以在手机上使用IPv6的能力，甚至没有意识到这一点。它在2008年已经很明显的是，在美国一些手机供应商已经开始包括在自己的手机IPv6功能。虽然这是伟大的，它也造成了手机供应商收到有关IPv6的安全性问题敲响了警钟。问题是，如果它部署之前不被视为一个新的通信协议的安全性无法预见的后果可能会导致。事实上，谁已经部署了IPv6连接到他们的用户手机的服务供应商，因为遇到的安全问题拉回一些支持。我从运行Windows Mobile 6.1 CE操作系统5.2.19208（构建19208.1.0.1）SprintPCS一部HTC手机6800。虽然我的手机有IPv6连接，它具有比当它有CE操作系统1629年2月5日（构建18136.0.4.8）较少的能力。有一个工具，您可以使用您的称为Windows Mobile设备Windows Mobile的网络分析仪的PowerToy可以告诉你你的电话有IP地址。此实用程序已经使用了相当长一段时间，但它仍然可以用来帮助您了解您的手机是如何连接到互联网的有价值的信息。下面是当我跑在我的SprintPCS HTC 6800您可以看到手机的IPv4地址，其6to4隧道接口和地址，ISATAP接口的开端，并为IPv4和IPv6协议的报文统计信息输出的Windows网络分析仪。*** 1 \ 10 \ 2009年，十八点50分11秒***网络分析仪运行... +++ AnalyzerIPconfig.dll +++的Windows IP配置以太网适配器本地连接：IP地址.......：0.0.0.0子网掩码.......：0.0.0.0适配器名称......：TNETW12511说明.......：TNETW12511适配器指数.....：2个地址..。。。。。。。... : 00 18 41 5a 3a 65 DHCP Enabled....... : YES DHCP Server........ : Primary WinsServer : Secondary WinsServer: Lease obtained on : Saturday, February 6 ,2106 23 : 28 : 15 Lease expires on : Tuesday, November 10 ,1970 23 : 50 : 23 AutoConfig Enabled : YES PPP Adapter [Cellular Line]: IP Address ........ : 173.117.187.133 Subnet Mask ....... : 255.255.0.0 Default Gateway ... : 173.117.187.133 Adapter Name ...... : Cellular Line Description ....... : Adapter Index ..... : 1376259 Address............ : 00 00 00 00 00 00 DHCP Enabled....... : NO Tunnel adapter []: Interface Number .. : 4 Tunnel adapter [6to4 Tunneling Pseudo-Interface]: Interface Number .. : 3 IP Address ........ : 2002:ad75:bb85::ad75:bb85 Default Gateway ... : 2002:c058:6301::c058:6301 Tunnel adapter [Automatic Tunneling Pseudo-Interface]: Interface Number .. : 2 IP Address ........ : fe80::5efe:173.117.187.133 Host name.......... : scottsipphone Domain Name........ : DNS Servers........ : 68.28.58.92 68.28.50.91 NODETYPE........... : 8 Routing Enabled.... : NO Proxy Enabled...... : NO Test Module Result: True --- AnalyzerIPconfig.dll --- +++ AnalyzerPing.dll +++ Ping(Logger, localhost) PingLink: Reply from 127.0.0.1:Echo size=32 time=31ms TTL=128 PingLink: Reply from 127.0.0.1:Echo size=32 time=1ms TTL=128 PingLink: Reply from 127.0.0.1:Echo size=32 time<10ms TTL=128 PingLink: Reply from 127.0.0.1:Echo size=32 time=1ms TTL=128 Test Module Result: True --- AnalyzerPing.dll --- +++ AnalyzerHTTPPing.dll +++ HTTPPing(Logger, http://www.microsoft.com) dwBytesToRead=128 dwBytesRead=128 InternetCheckConnection() --> TRUE Test Module Result: True --- AnalyzerHTTPPing.dll --- +++ AnalyzerDeviceInfo.dll +++ OSVERSIONINFO.dwMajorVersion = 5 OSVERSIONINFO.dwMinorVersion = 2 OSVERSIONINFO.dwBuildNumber = 19208 OSVERSIONINFO.dwPlatformId = 3 OSVERSIONINFO.szCSDVersion = Test Module Result: True --- AnalyzerDeviceInfo.dll --- +++ AnalyzerNetStats.dll +++ Interface Statistics Received Sent Bytes 0 0 Unicast Packets 0 0 NonUnicast Packets 0 0 Discards 0 0 Errors 0 0 Unknown Protocols 0 Name = Index =2 Physical Addrress =0018415A3A65 Description =TNETW12511 Type =6 Mtu =1500 Speed - bps =54000000 Administrative Status =1 Oprerational Status =0 Output Queue Length =0 Interface Statistics Received Sent Bytes 2769 3237 Unicast Packets 28 28 NonUnicast Packets 0 0 Discards 0 0 Errors 0 0 Unknown Protocols 0 Name = Index =1376259 Physical Addrress =000000000000 Description = Type =23 Mtu =1500 Speed - bps =28800 Administrative Status =1 Oprerational Status =1 Output Queue Length =0 TCP TABLE Loc Addr Loc Port Rem Addr Rem Port State 192.168.55.101 1528 192.168.55.100 990 ESTAB 192.168.55.101 1533 192.168.55.100 990 ESTAB 192.168.55.101 1534 192.168.55.100 990 ESTAB 192.168.55.101 1540 192.168.55.100 990 ESTAB 192.168.55.101 1546 192.168.55.100 990 ESTAB 192.168.55.101 1554 192.168.55.100 990 ESTAB UDP TABLE Loc Addr Loc Port 0.0.0.0 137 0.0.0.0 138 0.0.0.0 9204 127.0.0.1 1883 TCP6 Statistics: -------------- Active Opens = 0 Passive Opens = 0 Connect Attempt Fails = 0 Reset Connections = 0 Current Connections = 0 Segments Received = 0 Segments Sent = 0 Segments Retransmitted = 0 Errors Received = 0 Sgmnts sent w/Reset Flag= 0 Cumulative Connections = 0 Time-Out Algorithm = 4 Time-Out Minimim = 300 Time-Out Maximum = 240000 Maximum Connections = Dynamic (-1) TCP Statistics: -------------- Active Opens = 260 Passive Opens = 0 Connect Attempt Fails = 1 Reset Connections = 188 Current Connections = 6 Segments Received = 11982 Segments Sent = 16572 Segments Retransmitted = 75 Errors Received = 0 Sgmnts sent w/Reset Flag= 79 Cumulative Connections = 6 Time-Out Algorithm = 4 Time-Out Minimim = 300 Time-Out Maximum = 120000 Maximum Connections = Dynamic (-1) UDP6 Statistics: -------------- Datagrams Received = 0 No Ports = 0 Receive Errors = 0 Datagrams Sent = 0 Number UDP entries = 1 UDP Statistics: -------------- Datagrams Received = 2035 No Ports = 59 Receive Errors = 2 Datagrams Sent = 2142 Number UDP entries = 4 IP6 Statistics: -------------- Packets Received = 0 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 0 Output Requests = 17 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Fragmented OK = 0 Datagrams Fragmented Fail = 0 Fragments Created = 0 DefaultTTL = 128 Datagrams All Frgs Not Rcvd = 120 Number of Interfaces = 5 Number of Addresses = 5 Number of Routes in Table = 0 Forwarding Enabled = 1 IP Statistics: -------------- Packets Received = 28160 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 14080 Output Requests = 18815 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 69 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Fragmented OK = 0 Datagrams Fragmented Fail = 0 Fragments Created = 0 DefaultTTL = 128 Datagrams All Frgs Not Rcvd = 60 Number of Interfaces = 3 Number of Addresses = 3 Number of Routes in Table = 8 Forwarding Enabled = 2 ICMP6 Statistics Received Sent --------------- ------ ------ Messages 0 27 Errors 0 0 Destination Unreachable 0 0 Packet Too Big 0 0 Time Exceeded 0 0 Param Problem 0 0 Echo Request 0 17 Echo Reply 0 0 Membership Query 0 0 Membership report 0 2 Membership reduction 0 0 Router Solicitation 0 8 Router Advertisment 0 0 Neighbor Solicitation 0 0 Neighbor Advertisment 0 0 Redirect 0 0 ICMP Statistics Received Sent --------------- ------ ------ Messages 60 67 Errors 0 0 Destination Unreachable 52 59 Time Exceeded 0 0 Parmeter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echos 4 4 Echo Replies 4 4 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 Test Module Result: True --- AnalyzerNetStats.dll --- *** 1\10\2009, 18:50:14 *** Once we have this information we can try to communicate with the phone. An IPv4 ping doesn’t provide any results. This is probably a good thing because if we could send many packets to the mobile phones they might run out of battery life quickly. This might cause the phone to get hot to the touch because it is so busy communicating with the Internet. That hasn’t happened to you recently has it? C:\Users\scott>ping 173.117.187.133 Pinging 173.117.187.133 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 173.117.187.133: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), At this point we can also perform an nmap scan of the IPv4 address to see what protocols the phone is listening on. This provides some interesting results as we can see that the phone has several open TCP ports. Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 19:28 Mountain Standard Time Initiating Ping Scan at 19:28 Scanning 172.117.187.133 [2 ports] Completed Ping Scan at 19:28, 1.10s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 19:28 Completed Parallel DNS resolution of 1 host. at 19:28, 0.81s elapsed Initiating SYN Stealth Scan at 19:28 Scanning 172.117.187.133 [1000 ports] Discovered open port 25/tcp on 172.117.187.133 Discovered open port 80/tcp on 172.117.187.133 Discovered open port 8080/tcp on 172.117.187.133 Discovered open port 3128/tcp on 172.117.187.133 Completed SYN Stealth Scan at 19:28, 4.54s elapsed (1000 total ports) Initiating Service scan at 19:28 Scanning 4 services on 172.117.187.133 Completed Service scan at 19:30, 123.67s elapsed (4 services on 1 host) Initiating OS detection (try #1) against 172.117.187.133 Initiating Traceroute at 19:30 172.117.187.133: guessing hop distance at 1 Completed Traceroute at 19:30, 0.09s elapsed Initiating Parallel DNS resolution of 3 hosts. at 19:30 Completed Parallel DNS resolution of 3 hosts. at 19:30, 0.03s elapsed SCRIPT ENGINE: Initiating script scanning. Initiating SCRIPT ENGINE at 19:30 Completed SCRIPT ENGINE at 19:30, 20.77s elapsed Host 172.117.187.133 appears to be up ... good. Interesting ports on 172.117.187.133: Not shown: 996 filtered ports PORT STATE SERVICE VERSION 25/tcp open smtp? 80/tcp open http Apache httpd 3128/tcp open http Apache httpd 8080/tcp open http-proxy Squid webproxy 2.5.STABLE14 Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|router|firewall|VoIP phone Running: Linux 2.4.X, MikroTik RouterOS 2.X, Secure Computing embedded, WebVOIZE embedded OS details: Linux 2.4.18 - 2.4.32 (likely embedded), Linux 2.4.21 - 2.4.33, Linux 2.4.28 - 2.4.30, MicroTik RouterOS 2.9.46, Secure Computing SnapGear SG300 firewall, WebVOIZE 120 IP phone Uptime guess: 15.056 days (since Mon Dec 22 18:10:30 2008) TCP Sequence Prediction: Difficulty=200 (Good luck!) IP ID Sequence Generation: All zeros TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 29.00 172.117.187.133 Read data files from: C:\Program Files\Nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 155.48 seconds Raw packets sent: 2042 (92.272KB) | Rcvd: 27 (1252B) However, from my IPv6 Internet-attached laptop I can ping IPv6 sites on the Internet as well as the IPv6 address of the phone. C:\Users\scott>ping -6 ipv6.google.com Pinging ipv6.l.google.com [2001:4860:0:2001::68] from 2001:5c0:1000:b::17b3 with 32 bytes of data: Reply from 2001:4860:0:2001::68: time=139ms Reply from 2001:4860:0:2001::68: time=136ms Reply from 2001:4860:0:2001::68: time=137ms Reply from 2001:4860:0:2001::68: time=145ms Ping statistics for 2001:4860:0:2001::68: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 136ms, Maximum = 145ms, Average = 139ms As you may know, the IPv4 address of a device is used when forming its 6to4 IPv6 address. The IPv4 address of my phone is 172.117.187.133 and if we convert each of these octets into hex characters we then get something that can be used inside an IPv6 address notation. (172 = 0xAC, 117 = 0x75, 187 = 0xBB, 133 = 0x85) Therefore, the 6to4 address of my phone is 2002:ad75:bb85::ad75:bb85. C:\Users\scott>ping -6 2002:ad75:bb85::ad75:bb85 Pinging 2002:ad75:bb85::ad75:bb85 from 2001:5c0:1000:b::17b3 with 32 bytes of data: Request timed out. Reply from 2002:ad75:bb85::ad75:bb85: time=441ms Reply from 2002:ad75:bb85::ad75:bb85: time=432ms Reply from 2002:ad75:bb85::ad75:bb85: time=531ms Ping statistics for 2002:ad75:bb85::ad75:bb85: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 432ms, Maximum = 531ms, Average = 468ms There are others within the North American IPv6 Task Force (NAv6TF) who are trying to determine which manufacturers of mobile phones and service providers have and permit IPv6 communications. Jeff Doyle recently got aT-Mobile G1的谷歌Android电话，发现它没有任何IPv6连接。Command Information的大卫·格林(David Green)和乔·克莱因(Joe Klein)也一直在试验支持IPv6的手机，并在最近的文章中描述了这类IPv6连接的安全含义简报。您可以使用这些技术来实验用自己的手机。您可能会为你的发现感到惊讶。如果你的手机拥有IPv6连接，哪些功能有，请随时与我们分享。斯科特