你手机上的IPv6

你可能在你的手机上有IPv6的能力，甚至没有意识到它。很明显，在2008年，美国的一些移动电话供应商已经开始在他们的手机中加入IPv6的功能。虽然这是伟大的，但它也让移动电话供应商收到了关于IPv6的安全影响的警钟。问题是，如果在部署新通信协议之前不考虑其安全性，可能会导致不可预见的后果。事实上，那些已经将IPv6连接部署到用户手机上的服务提供商已经因为遇到的安全问题而撤回了一些支持。我有一部来自sprintpc的HTC 6800手机，运行Windows Mobile 6.1 CE OS 5.2.19208 (Build 19208.1.0.1)。即使我的电话有IPv6连接，它有更少的能力时，它有CE OS 5.2.1629 (Build 18136.0.4.8)。有一个工具你可以用在你的Windows移动设备上，叫做Windows移动网络分析仪PowerToy可以告诉你你的电话有IP地址。此实用程序已经使用了相当长一段时间，但它仍然可以用来帮助您了解您的手机是如何连接到互联网的有价值的信息。下面是当我跑在我的SprintPCS HTC 6800您可以看到手机的IPv4地址，其6to4隧道接口和地址，ISATAP接口的开端，并为IPv4和IPv6协议的报文统计信息输出的Windows网络分析仪。*** 1 \ 10 \ 2009年，18时50分一十一秒***网络分析仪运行... +++ AnalyzerIPconfig.dll +++的Windows IP配置以太网适配器本地连接：IP地址.......：0.0.0.0子网掩码.......：0.0.0.0适配器名称......：TNETW12511说明.......：TNETW12511适配器指数.....：2个地址............：00 18 41 5A 65 3A启用DHCP .......：YES DHCP服务器........：主WinsServer：辅助WinsServer：租赁获得上：星期六,February 6 ,2106 23 : 28 : 15 Lease expires on : Tuesday, November 10 ,1970 23 : 50 : 23 AutoConfig Enabled : YES PPP Adapter [Cellular Line]: IP Address ........ : 173.117.187.133 Subnet Mask ....... : 255.255.0.0 Default Gateway ... : 173.117.187.133 Adapter Name ...... : Cellular Line Description ....... : Adapter Index ..... : 1376259 Address............ : 00 00 00 00 00 00 DHCP Enabled....... : NO Tunnel adapter []: Interface Number .. : 4 Tunnel adapter [6to4 Tunneling Pseudo-Interface]: Interface Number .. : 3 IP Address ........ : 2002:ad75:bb85::ad75:bb85 Default Gateway ... : 2002:c058:6301::c058:6301 Tunnel adapter [Automatic Tunneling Pseudo-Interface]: Interface Number .. : 2 IP Address ........ : fe80::5efe:173.117.187.133 Host name.......... : scottsipphone Domain Name........ : DNS Servers........ : 68.28.58.92 68.28.50.91 NODETYPE........... : 8 Routing Enabled.... : NO Proxy Enabled...... : NO Test Module Result: True --- AnalyzerIPconfig.dll --- +++ AnalyzerPing.dll +++ Ping(Logger, localhost) PingLink: Reply from 127.0.0.1:Echo size=32 time=31ms TTL=128 PingLink: Reply from 127.0.0.1:Echo size=32 time=1ms TTL=128 PingLink: Reply from 127.0.0.1:Echo size=32 time<10ms TTL=128 PingLink: Reply from 127.0.0.1:Echo size=32 time=1ms TTL=128 Test Module Result: True --- AnalyzerPing.dll --- +++ AnalyzerHTTPPing.dll +++ HTTPPing(Logger, http://www.microsoft.com) dwBytesToRead=128 dwBytesRead=128 InternetCheckConnection() --> TRUE Test Module Result: True --- AnalyzerHTTPPing.dll --- +++ AnalyzerDeviceInfo.dll +++ OSVERSIONINFO.dwMajorVersion = 5 OSVERSIONINFO.dwMinorVersion = 2 OSVERSIONINFO.dwBuildNumber = 19208 OSVERSIONINFO.dwPlatformId = 3 OSVERSIONINFO.szCSDVersion = Test Module Result: True --- AnalyzerDeviceInfo.dll --- +++ AnalyzerNetStats.dll +++ Interface Statistics Received Sent Bytes 0 0 Unicast Packets 0 0 NonUnicast Packets 0 0 Discards 0 0 Errors 0 0 Unknown Protocols 0 Name = Index =2 Physical Addrress =0018415A3A65 Description =TNETW12511 Type =6 Mtu =1500 Speed - bps =54000000 Administrative Status =1 Oprerational Status =0 Output Queue Length =0 Interface Statistics Received Sent Bytes 2769 3237 Unicast Packets 28 28 NonUnicast Packets 0 0 Discards 0 0 Errors 0 0 Unknown Protocols 0 Name = Index =1376259 Physical Addrress =000000000000 Description = Type =23 Mtu =1500 Speed - bps =28800 Administrative Status =1 Oprerational Status =1 Output Queue Length =0 TCP TABLE Loc Addr Loc Port Rem Addr Rem Port State 192.168.55.101 1528 192.168.55.100 990 ESTAB 192.168.55.101 1533 192.168.55.100 990 ESTAB 192.168.55.101 1534 192.168.55.100 990 ESTAB 192.168.55.101 1540 192.168.55.100 990 ESTAB 192.168.55.101 1546 192.168.55.100 990 ESTAB 192.168.55.101 1554 192.168.55.100 990 ESTAB UDP TABLE Loc Addr Loc Port 0.0.0.0 137 0.0.0.0 138 0.0.0.0 9204 127.0.0.1 1883 TCP6 Statistics: -------------- Active Opens = 0 Passive Opens = 0 Connect Attempt Fails = 0 Reset Connections = 0 Current Connections = 0 Segments Received = 0 Segments Sent = 0 Segments Retransmitted = 0 Errors Received = 0 Sgmnts sent w/Reset Flag= 0 Cumulative Connections = 0 Time-Out Algorithm = 4 Time-Out Minimim = 300 Time-Out Maximum = 240000 Maximum Connections = Dynamic (-1) TCP Statistics: -------------- Active Opens = 260 Passive Opens = 0 Connect Attempt Fails = 1 Reset Connections = 188 Current Connections = 6 Segments Received = 11982 Segments Sent = 16572 Segments Retransmitted = 75 Errors Received = 0 Sgmnts sent w/Reset Flag= 79 Cumulative Connections = 6 Time-Out Algorithm = 4 Time-Out Minimim = 300 Time-Out Maximum = 120000 Maximum Connections = Dynamic (-1) UDP6 Statistics: -------------- Datagrams Received = 0 No Ports = 0 Receive Errors = 0 Datagrams Sent = 0 Number UDP entries = 1 UDP Statistics: -------------- Datagrams Received = 2035 No Ports = 59 Receive Errors = 2 Datagrams Sent = 2142 Number UDP entries = 4 IP6 Statistics: -------------- Packets Received = 0 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 0 Output Requests = 17 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Fragmented OK = 0 Datagrams Fragmented Fail = 0 Fragments Created = 0 DefaultTTL = 128 Datagrams All Frgs Not Rcvd = 120 Number of Interfaces = 5 Number of Addresses = 5 Number of Routes in Table = 0 Forwarding Enabled = 1 IP Statistics: -------------- Packets Received = 28160 Received Header Errors = 0 Received Address Errors = 0 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 14080 Output Requests = 18815 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 69 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Fragmented OK = 0 Datagrams Fragmented Fail = 0 Fragments Created = 0 DefaultTTL = 128 Datagrams All Frgs Not Rcvd = 60 Number of Interfaces = 3 Number of Addresses = 3 Number of Routes in Table = 8 Forwarding Enabled = 2 ICMP6 Statistics Received Sent --------------- ------ ------ Messages 0 27 Errors 0 0 Destination Unreachable 0 0 Packet Too Big 0 0 Time Exceeded 0 0 Param Problem 0 0 Echo Request 0 17 Echo Reply 0 0 Membership Query 0 0 Membership report 0 2 Membership reduction 0 0 Router Solicitation 0 8 Router Advertisment 0 0 Neighbor Solicitation 0 0 Neighbor Advertisment 0 0 Redirect 0 0 ICMP Statistics Received Sent --------------- ------ ------ Messages 60 67 Errors 0 0 Destination Unreachable 52 59 Time Exceeded 0 0 Parmeter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echos 4 4 Echo Replies 4 4 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 Test Module Result: True --- AnalyzerNetStats.dll --- *** 1\10\2009, 18:50:14 *** Once we have this information we can try to communicate with the phone. An IPv4 ping doesn’t provide any results. This is probably a good thing because if we could send many packets to the mobile phones they might run out of battery life quickly. This might cause the phone to get hot to the touch because it is so busy communicating with the Internet. That hasn’t happened to you recently has it? C:\Users\scott>ping 173.117.187.133 Pinging 173.117.187.133 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 173.117.187.133: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), At this point we can also perform an nmap scan of the IPv4 address to see what protocols the phone is listening on. This provides some interesting results as we can see that the phone has several open TCP ports. Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-10 19:28 Mountain Standard Time Initiating Ping Scan at 19:28 Scanning 172.117.187.133 [2 ports] Completed Ping Scan at 19:28, 1.10s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 19:28 Completed Parallel DNS resolution of 1 host. at 19:28, 0.81s elapsed Initiating SYN Stealth Scan at 19:28 Scanning 172.117.187.133 [1000 ports] Discovered open port 25/tcp on 172.117.187.133 Discovered open port 80/tcp on 172.117.187.133 Discovered open port 8080/tcp on 172.117.187.133 Discovered open port 3128/tcp on 172.117.187.133 Completed SYN Stealth Scan at 19:28, 4.54s elapsed (1000 total ports) Initiating Service scan at 19:28 Scanning 4 services on 172.117.187.133 Completed Service scan at 19:30, 123.67s elapsed (4 services on 1 host) Initiating OS detection (try #1) against 172.117.187.133 Initiating Traceroute at 19:30 172.117.187.133: guessing hop distance at 1 Completed Traceroute at 19:30, 0.09s elapsed Initiating Parallel DNS resolution of 3 hosts. at 19:30 Completed Parallel DNS resolution of 3 hosts. at 19:30, 0.03s elapsed SCRIPT ENGINE: Initiating script scanning. Initiating SCRIPT ENGINE at 19:30 Completed SCRIPT ENGINE at 19:30, 20.77s elapsed Host 172.117.187.133 appears to be up ... good. Interesting ports on 172.117.187.133: Not shown: 996 filtered ports PORT STATE SERVICE VERSION 25/tcp open smtp? 80/tcp open http Apache httpd 3128/tcp open http Apache httpd 8080/tcp open http-proxy Squid webproxy 2.5.STABLE14 Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|router|firewall|VoIP phone Running: Linux 2.4.X, MikroTik RouterOS 2.X, Secure Computing embedded, WebVOIZE embedded OS details: Linux 2.4.18 - 2.4.32 (likely embedded), Linux 2.4.21 - 2.4.33, Linux 2.4.28 - 2.4.30, MicroTik RouterOS 2.9.46, Secure Computing SnapGear SG300 firewall, WebVOIZE 120 IP phone Uptime guess: 15.056 days (since Mon Dec 22 18:10:30 2008) TCP Sequence Prediction: Difficulty=200 (Good luck!) IP ID Sequence Generation: All zeros TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 29.00 172.117.187.133 Read data files from: C:\Program Files\Nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 155.48 seconds Raw packets sent: 2042 (92.272KB) | Rcvd: 27 (1252B) However, from my IPv6 Internet-attached laptop I can ping IPv6 sites on the Internet as well as the IPv6 address of the phone. C:\Users\scott>ping -6 ipv6.google.com Pinging ipv6.l.google.com [2001:4860:0:2001::68] from 2001:5c0:1000:b::17b3 with 32 bytes of data: Reply from 2001:4860:0:2001::68: time=139ms Reply from 2001:4860:0:2001::68: time=136ms Reply from 2001:4860:0:2001::68: time=137ms Reply from 2001:4860:0:2001::68: time=145ms Ping statistics for 2001:4860:0:2001::68: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 136ms, Maximum = 145ms, Average = 139ms As you may know, the IPv4 address of a device is used when forming its 6to4 IPv6 address. The IPv4 address of my phone is 172.117.187.133 and if we convert each of these octets into hex characters we then get something that can be used inside an IPv6 address notation. (172 = 0xAC, 117 = 0x75, 187 = 0xBB, 133 = 0x85) Therefore, the 6to4 address of my phone is 2002:ad75:bb85::ad75:bb85. C:\Users\scott>ping -6 2002:ad75:bb85::ad75:bb85 Pinging 2002:ad75:bb85::ad75:bb85 from 2001:5c0:1000:b::17b3 with 32 bytes of data: Request timed out. Reply from 2002:ad75:bb85::ad75:bb85: time=441ms Reply from 2002:ad75:bb85::ad75:bb85: time=432ms Reply from 2002:ad75:bb85::ad75:bb85: time=531ms Ping statistics for 2002:ad75:bb85::ad75:bb85: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 432ms, Maximum = 531ms, Average = 468ms There are others within the North American IPv6 Task Force (NAv6TF) who are trying to determine which manufacturers of mobile phones and service providers have and permit IPv6 communications. Jeff Doyle recently got aT-Mobile G1谷歌Android电话，发现它没有任何IPv6连接。指挥信息公司的大卫·格林和乔·克莱因也一直在试验启用IPv6的手机，并在最近描述了这种类型的IPv6连接的安全影响演讲。您可以使用这些技术来试验您自己的移动电话。你可能会对你的发现感到惊讶。请随时与我们分享，如果你的手机有IPv6连接和它有什么功能。斯科特