Re: [Starlink] Measuring the Satellite Links of a LEO Network

[J Pan <Pan@uvic.ca>]

yes, the mac for fe80::200:5eff:fe00:101 is 00:00:5e:00:01:01 (a
virtual mac used by the virtual router redundancy protocol commonly
used by service providers in point-of-presence?)
--
J Pan, UVic CSc, ECS566, 250-472-5796 (NO VM), Pan@UVic.CA, Web.UVic.CA/~pan

On Mon, Feb 12, 2024 at 6:14 AM Alexandre Petrescu via Starlink
<starlink@lists.bufferbloat.net> wrote:
>
> this is an issue for 6MAN WG at IETF, but this is the text with the
> issue in the paper:
>
> > From the user device or customer router at 192.168.1.1,
> > we can reach its GS gateway at 100.64.0.1 (or equivalently
> > fe80::200:5eff:fe00:101 for IPv6)
>
> That IPv6 link-local address has an 'ff:fe' in it; the prefix is 'fe80'
> and the rest is an 'Interface ID', in RFC parlance.
>
> That IID should be more random in its appearance.  It is called an
> 'opaque' IID, and specified in RFC 7217 "Stable and Opaque IIDs with
> SLAAC" of year 2014.
>
> That IPv6 address corresponds to earlier forms of these IIDs (RFC2464 of
> year 1998); they had that IID to be derived from a 48bit MAC address and
> inserted an 'ff:fe' string in it to become 64bit.
>
> Most embedded linux platforms (v2.x kernels?) still use that ff:fe.
> Migrating these kernels is sometimes very difficult.  One might not want
> to migrate an kernel to a bloated and slower v3 or higher just for that
> little 'ff:fe'.  Maybe one wants to migrate just its IPv6 stack, but
> it's not easy.
>
> The reason of making this IID more opaque is to resist scanning
> attacks.  A scanning attack is when a user might have somehow an
> illegitimate starlink terminal and tries to connect to the legitimate
> starlink network.  Part of that trying is to know the IP address of the
> next hop.  With IPv6 it comes down to testing all these addresses.  If
> they have a constant 'ff:fe' in them, it is easier to find them by brute
> force than if they were opaque.  It is also true that if in IPv4 that
> next hop is always the same then the easiest attack is to simply use
> IPv4 instead of IPv6.  But this 'opaqueness' of the IID in the IPv6 ll
> address might still be needed when IPv4 is get rid of.
>
> This could be discussed at IETF, could be suggested to starlink to
> upgrade, etc.
>
> Alex
>
> Le 12/02/2024 à 07:59, J Pan via Starlink a écrit :
> > http://pan.uvic.ca/webb/viewtopic.php?p=124670#p124670 to appear at
> > ieee icc 2024. feedback welcome, especially during the camera-ready
> > stage this week. thanks!  -j
> > --
> > J Pan, UVic CSc, ECS566, 250-472-5796 (NO VM), Pan@UVic.CA, Web.UVic.CA/~pan
> > _______________________________________________
> > Starlink mailing list
> > Starlink@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/starlink
> _______________________________________________
> Starlink mailing list
> Starlink@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/starlink