Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Traffic leakage? Seeing pings to addresses other than my own  (Read 2944 times)

thoughtlite

  • Newbie
  • *
  • Posts: 2
Traffic leakage? Seeing pings to addresses other than my own
« on: September 09, 2015, 08:29:28 AM »

Hi!  I've been running HE tunnels on and off for years, and since my new ISP doesn't support IPv6, I'm back to using HE 24/7, with a /48 divided among a few networks.  No problems there.

Occasionally I'm seeing ICMPv6 pings on my firewall to destination addresses that aren't anywhere close to my /48 - one such is 2001:0470:0007:0c78:0000:0000:0000:0002 (with the source listed as 2001:0470:0007:0c78:0000:0000:0000:0001).  The IPv4 addresses are what I would expect; my IPv4 address for the destination, and 216.66.22.2 for the source.

It's blocked, so no big deal, but I'm wondering why this is happening, and whether it indicates some undesirable traffic leakage, spoofing, or someone possibly using an old, old address; don't remember if I ever had anything containing it, but I've had my current allocation for months.  Any ideas?

Logged

evantkh

  • Full Member
  • ***
  • Posts: 122
Re: Traffic leakage? Seeing pings to addresses other than my own
« Reply #1 on: September 10, 2015, 08:32:56 AM »

There is no encryption for 6in4. Packets can easily be injected.

However, the same public IP address should not be able to have more than one tunnel. I think you should email ipv6@he.net.
Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 419
Re: Traffic leakage? Seeing pings to addresses other than my own
« Reply #2 on: September 10, 2015, 10:29:22 AM »

Uhm, did you just set up your /48 w/o the client-side IPv6 address?
Logged

evantkh

  • Full Member
  • ***
  • Posts: 122
Re: Traffic leakage? Seeing pings to addresses other than my own
« Reply #3 on: September 12, 2015, 10:07:33 PM »

Uhm, did you just set up your /48 w/o the client-side IPv6 address?

Is HE keeping pinging the client IPv6 addresses?
Logged

thoughtlite

  • Newbie
  • *
  • Posts: 2
Re: Traffic leakage? Seeing pings to addresses other than my own
« Reply #4 on: September 25, 2015, 01:15:34 PM »

Uhm, did you just set up your /48 w/o the client-side IPv6 address?

(Sorry it took so long to reply - I wasn't notified via email that there were any replies.)

Ahhh, at least in the case of the example I posted, it probably refers to the client and server endpoints of my tunnel.  I was just looking at the routed /64, which has a different number in the third hex group than the /64 used by the client and server tunnel endpoints, and had thought it wasn't my assigned /64.

One more question - does HE prefer replies to such pings?  I haven't sent them, at least after setting up the tunnel, but things work fine.
Logged

snarked

  • Hero Member
  • *****
  • Posts: 777
Re: Traffic leakage? Seeing pings to addresses other than my own
« Reply #5 on: October 07, 2015, 02:01:39 PM »

Quote
Is HE keeping pinging the client IPv6 addresses?
HE's keep-alive/tunnel-test pings go to the tunnel /64, not the client IP range.
Logged

DJX

  • Newbie
  • *
  • Posts: 15
Re: Traffic leakage? Seeing pings to addresses other than my own
« Reply #6 on: October 09, 2015, 07:59:58 AM »

Logged

kassniwqds

  • Troll
  • Newbie
  • *
  • Posts: 3
« Last Edit: October 19, 2015, 06:34:43 PM by kassniwqds »
Logged