Join Us!

Warrant return - IP...
 
Notifications
Clear all

Warrant return - IPv6 to IPv4 conversion  

  RSS
tracedf
(@tracedf)
Active Member

I am confused about a warrant return from an ISP. Police sent a warrant asking for subscriber info for three IPv6 addresses. The addresses all have the same 64-bit prefix but the second half of each address is completely different from the others. The response says

In order to obtain the information listed in your legal demand, it is necessary to convert the IPV6 address to an IPV4 address which is presented on the attached response. In the event you need to validate the information provided, you can utilize any of the number of conversion tools located on the Internet. Simply search for an IPV6 to IPV4 address conversion table to validate the information provided.

The return has one IPv4 address.

I am familiar with 6to4 conversion using the 2002/16 prefix. These addresses do not use that prefix. I converted the octets of the IPv4 address to hex and they do not appear at any point in the three IPv6 addresses. Is there some other method of converting these addresses that I should be aware of?

Quote
Posted : 25/01/2020 5:01 am
armresl
(@armresl)
Community Legend

What does the detectives report say?

I am confused about a warrant return from an ISP. Police sent a warrant asking for subscriber info for three IPv6 addresses. The addresses all have the same 64-bit prefix but the second half of each address is completely different from the others. The response says

In order to obtain the information listed in your legal demand, it is necessary to convert the IPV6 address to an IPV4 address which is presented on the attached response. In the event you need to validate the information provided, you can utilize any of the number of conversion tools located on the Internet. Simply search for an IPV6 to IPV4 address conversion table to validate the information provided.

The return has one IPv4 address.

I am familiar with 6to4 conversion using the 2002/16 prefix. These addresses do not use that prefix. I converted the octets of the IPv4 address to hex and they do not appear at any point in the three IPv6 addresses. Is there some other method of converting these addresses that I should be aware of?

ReplyQuote
Posted : 25/01/2020 5:53 am
tracedf
(@tracedf)
Active Member

What does the detectives report say?

When the detective's report mentions the return from the ISP it provides the subscriber info that was returned without discussing the address conversion.

The return says that the addresses were all used by one subscriber and provides just the one IPv4 address. If it hadn't mentioned the address conversion and just said these three addresses were all used by John Doe, I wouldn't have thought much of it. But they specifically mention the conversion and that tools are available online to validate it and as far as I can tell that is not accurate.

ReplyQuote
Posted : 25/01/2020 7:06 am
jaclaz
(@jaclaz)
Community Legend

This

In order to obtain the information listed in your legal demand, it is necessary to convert the IPV6 address to an IPV4 address which is presented on the attached response.

seems like related to one single address, probably it is some "standard" text copy and pasted.

Besides the way the conversion was made (and now either can or cannot validate), three addresses will never convert into one, so clearly something is either "missing" or "wrong", you should have been given anyway three resulting IPv4 addresses.

Since this is a serious matter, the reference to "translators on the internet" makes no sense anyway, maybe all translators on the internet are correct or maybe none of them are or maybe some are and some are not, I would have expected a reference to some IETF/RFC documents. (should be RFC6052 https://tools.ietf.org/html/rfc6052 )

jaclaz

ReplyQuote
Posted : 25/01/2020 8:33 am
tracedf
(@tracedf)
Active Member

Besides the way the conversion was made (and now either can or cannot validate), three addresses will never convert into one, so clearly something is either "missing" or "wrong", you should have been given anyway three resulting IPv4 addresses.

Since this is a serious matter, the reference to "translators on the internet" makes no sense anyway, maybe all translators on the internet are correct or maybe none of them are or maybe some are and some are not, I would have expected a reference to some IETF/RFC documents. (should be RFC6052 https://tools.ietf.org/html/rfc6052 )

jaclaz

I agree. I was (and am) hoping that there is something I'm overlooking. I may just have to inform the the attorney that this doesn't make sense and let him push back on the prosecution or the ISP to explain it.

ReplyQuote
Posted : 25/01/2020 9:02 am
Share: