Does IPv6 without NAT allow my ISP to identify/monitor/limit the number of devices in my network?

If you are not using NAT, then they will be assigning an IPV6 address to each device and will be able to identify them. You could still use NAT however and they would be unable to detect how many devices are behind the gateway device since only the one gateway device would make all requests.

A NAT conceals the information about your internal network because all Internet connections originate from the one IP and are mapped to your internal network. There is no reason the same thing can't be done with a single IPV6 address and device. IPV6 just makes it so that layer isn't necessary if people don't need/want it.


You can do NAT with IPv6, of course. The good thing about IPv6 is precisely that you do not need to do NAT: there are enough IPv6 possible addresses that there is no need for sharing an address between distinct machines. Having a publicly visible address for each of your computers allows you to run accessible servers on each of them, which is great for some usages.

Of course, if having multiple addresses is convenient, then ISP will be quick to think that they may make you pay for it. They cannot sell you less than one IP address, but they may charge you more for several. That it does not cost them more to route for a whole /64 network than for a single address is irrelevant; the ISP fee is not computed from the required technical resources, but set as high as you will agree to pay, limited only by competition with other ISP, and, in some cases, state regulations.

The ISP is inherently aware of how many IP addresses it will give you. This happens to be strongly correlated to the number of machines you own, because each machine will want exactly one address. The ISP cannot technically limit the number of machines that you plug in your network (they can set contractual limits, but not enforce them easily); but limiting the number of IP addresses they will route for you is a piece of cake for them.

Beyond the count of devices, they can harvest some additional data, because in IPv6, each machine will try to automatically obtain an IPv6 address on the local network, where part of the address is derived from the MAC address of the ethernet/WiFi interface; such MAC address are subject to a worldwide allocation scheme, and from the MAC address, it is possible to infer the hardware vendor and possibly the hardware family.

Tags:

Ipv6

Related

Is one CSRF token per session is adequate with HTTPS? What can an attacker do with Bluetooth and how should it be mitigated? What is this authentication method/approach called? What does a HTML filter need to do, to protect against SVG attacks? Security comparsion of 3DES and AES Do client certificates provide protection against MITM? Why Do we Need CAPTCHA? In what case we should use it? Chrome SSL Warning: "You cannot proceed because the website operator has requested heightened security for this domain. " Making a Windows cert say it's purpose is "Ensures the identity of a remote computer" What does scorecardsresearch.com/beacon.js - added by Disqus.com - do? If someone asks to borrow your phone to make a call, what could they do? Will reporting phishing emails cause problems for the victim?

Recent Posts