Torrent Address detection finds IPv6 Adress

[Chino 2]

Hi,

 

I'm using Linux Mint with latest stable Eddie. When I use the magnet link with torrent address detection I get my VPN IPv4 address, the Port and a IPv6 IP address.

Everything looks fine, but this IPv6 address. Is this a potential risk?

[Staff 9761]

Hi,

 

I'm using Linux Mint with latest stable Eddie. When I use the magnet link with torrent address detection I get my VPN IPv4 address, the Port and a IPv6 IP address.

Everything looks fine, but this IPv6 address. Is this a potential risk?

 

 

Hello!

 

Please upgrade to Eddie 2.9 Experimental. In Eddie 2.8.8 there is an issue with ip6tables: IPv6 outgoing traffic is not blocked. This has been fixed in Eddie 2.9 Experimental. Make sure to activate Network Lock and verify that the issue is fixed.

 

Kind regards

[Chino 2]

Thank you. This solved it.

[Chino 2]

I just want to give you an update. I restarted my PC (after an update) and found myself leaking IPv6 again.

Not shure if the update changed something for Eddie. I have it configured to start automatically with Network Lock activated.

So what I did is this: In qbittorrent went to the advanced options. Changed Network Interface to tun0.

Even though Network Lock should be preventing leaks via eth0, if set to "any interface" it does leak IPv6.

I don't know if you are aware of that problem yet. Maybe this can be fixed in future releases of Eddie.

When set to interface tun0 however I'm not leaking IPv6.

 

If someone from the community has the same problem. You can also disable IPv6 altogether:

 

Edit the file - /etc/sysctl.conf

 

sudo gedit /etc/sysctl.conf

 

And fill in the following lines at the end of that file

 

# IPv6 disabled
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

 

Save the file and close it

Restart sysctl with

 

sudo sysctl -p

 

Use the ifconfig command to verify if there is still a IPv6 Address.

[Staff 9761]

Hello,

 

which Eddie version are you running?

 

Kind regards

[Chino 2]

I'm running the experimental Version 2.9.2 on a 32bit Machine.

[Staff 9761]

I'm running the experimental Version 2.9.2 on a 32bit Machine.

 

Thank you.

 

When the client is running and Network Lock is enabled, can you please send us the output of the command:

 

ip6tables -L --verbose

issued from a root terminal?

 

Kind regards

[Chino 2]

$ sudo ip6tables -L --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   20  2711 ACCEPT     all      lo     any     anywhere             anywhere            
    2   144 DROP       all      any    any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      any    any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   20  2711 ACCEPT     all      any    lo      anywhere             anywhere            
    8   722 DROP       all      any    any     anywhere             anywhere

[Staff 9761]

Hello!

 

As you can see incoming and outgoing IPv6 packets to/from any interface except lo are dropped. What IPv6 address is detected via ipleak torrent check?

 

Kind regards

[Chino 2]

I made a screenshot. I can find the IP in my interface eth0 and in the DHCP Lease list of my router.

Also this is on a fresh system. I changed from Mint to Xubuntu.

 

What I also tested is Transmission. With it ipleak.net is not detecting IPv6 leak.

[zhang888 1065]

As you can see, your IPv6 addresses start with fd, fe.

 

Prefixes in the fd00::/8 range are like local addresses in IPv4 (RFC1918), and fe00::/8 is a Unique Local Unicast Address

which is essentially same as loopback (127.0.0.1) in IPv4.

 

You don't have any IPv6 leak.

[Chino 2]

You have seen this through the blur? Anyways good thing this is a private Address.

I definitely learned something today.

 

But still I wonder. How come my private address is detected by the torrent address detection?

[zhang888 1065]

TL;DR This is simply the address your client reports to the tracker.

Exactly the same thing happens with IPv4 just on a slight different level.

In IPv6 there are no NAT addresses, so it makes sense to send to the tracker any detected IP addresses including the local ones.

 

 

http://www.bittorrent.org/beps/bep_0007.html

[sir_trackmenot 4]

As you can see, your IPv6 addresses start with fd, fe.

 

Prefixes in the fd00::/8 range are like local addresses in IPv4 (RFC1918), and fe00::/8 is a Unique Local Unicast Address

which is essentially same as loopback (127.0.0.1) in IPv4.

 

You don't have any IPv6 leak.

 

 

Dredging up this year-old thread (sorry). Don't be so sure that there is no leak. IPv6 address generation usually inserts the MAC address of your Ethernet adapter into the low bits of the address. The high bits are the network prefix assigned to the interface (or the link-local prefix). Unless you took steps to change the hardware address then that IPv6 address is globally unique to the machine you are on. It's unlikely that a disgruntled MPAA/RIAA will be able to turn that back into your real identity but you never know.

 

The fe80::/10 address is link-local. It is not localhost. Every link requires a link-local address in that range, even if has routable addresses from other ranges. Localhost is required to be ::1/128 - the single address - which is a change from the 127.0.0.1/8 assignment on IPv4.

 

See here: https://en.wikipedia.org/wiki/IPv6_address#Unicast_and_anycast_address_format

 

IPv6 does allow for the generation of 'privacy' addresses, where the low bits of the address are generated randomly. Linux enables this by default for routable prefixes, but I haven't seen it do so in the link-local prefixes before. Nothing stops your torrent client publishing all of the addresses, including the uniquely identifying one.

 

If you are seeing IPv6 addresses of any kind in the torrent address detection then you probably have DHT enabled in a dodgy torrent client. Disable its peer discovery algorithms (DHT, etc) if you can, or switch to another program that respects your privacy better. I don't believe Transmission leaks your private IPv6 addresses with DHT enabled. It may leak your public ones if there are any on your system but I don't have routable IPv6 addresses on my system to test.

 

Your best bet is to completely disable IPv6 in your operating system as discussed above.