How did they pull this off? (TMOUS Hotspot)
I did a little research on how T-Mobile US deploy their IPv6 in their mobile hotspot.
When my laptop connects to the hotspot, these are the IP addresses it got:
$ ip a
2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default qlen 1000
    link/ether 90:2e:1c:71:ee:86 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.248/24 brd 192.168.0.255 scope global dynamic noprefixroute wlp1s0
       valid_lft 6828sec preferred_lft 6828sec
    inet6 2607:fb90:fa26:937c:7336:2811:7657:394/64 scope global temporary dynamic
       valid_lft 602348sec preferred_lft 83516sec
    inet6 2607:fb90:fa26:937c:15fc:57f7:3229:d608/64 scope global mngtmpaddr noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::6ab2:11e2:fdf6:239d/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
Traceroute to dns.google:
$ traceroute -6 dns.google
traceroute to dns.google (2001:4860:4860::8844), 30 hops max, 80 byte packets
 1  mobile.hotspot (2607:fb90:fa26:937c:200a:218:bc08:7f90)  0.839 ms  0.882 ms  0.915 ms
 2  fc00:10:6:122::254 (fc00:10:6:122::254)  196.567 ms  196.565 ms fc00:10:5:122::254 (fc00:10:5:122::254)  197.957 ms
 3  fc00:10:6:122::254 (fc00:10:6:122::254)  197.934 ms  197.949 ms  203.421 ms
 4  fd01:976a:0:1::d5 (fd01:976a:0:1::d5)  203.481 ms * *
 5  * * ::ffff:10.169.6.125 (::ffff:10.169.6.125)  203.012 ms
 6  ::ffff:10.169.6.125 (::ffff:10.169.6.125)  206.137 ms  201.722 ms 2001:4860:1:1::1018 (2001:4860:1:1::1018)  201.825 ms
 7  2607:f8b0:8069::1 (2607:f8b0:8069::1)  201.605 ms  54.054 ms 2001:4860:1:1::1018 (2001:4860:1:1::1018)  70.645 ms
 8  2607:f8b0:8311::1 (2607:f8b0:8311::1)  58.428 ms dns.google (2001:4860:4860::8844)  65.929 ms 2607:f8b0:831d::1 (2607:f8b0:831d::1)  63.735 ms
Wait a minute... first hop's IP address is in the same /64 as the laptop IP?
The mobile hotspot acts as a router/gateway, right?
$ ip -6 r
::1 dev lo proto kernel metric 256 pref medium
2607:fb90:fa26:937c::/64 dev wlp1s0 proto ra metric 600 pref medium
fe80::/64 dev wlp1s0 proto kernel metric 1024 pref medium
default via fe80::3138:15d9:a817:28e9 dev wlp1s0 proto ra metric 600 pref medium
NDP-proxy?
I wish there is a way to ssh into the box. There isn't much resources out there about this topic.
So what say you about how the CPE is configured?
The all seeing eye sees everything...
 
                             
                            
Comments
It’s OK if you disagree with me. I can’t force you to be right!
IPv4: 32 bits of stress. IPv6: 128 bits of... well, more stress... Have anyone seen my subnet?
More digging:
and
ff02::1:ff57:394seems to come out of nowhere.The all seeing eye sees everything...
if i had the hardware i probably could have found a way inside it
did the same with my ISPs router, the way it manages to handle voip and internet while also spying on us is wonderfully executed
youtube.com/watch?v=k1BneeJTDcU
Probably true but no ways to verify for sure:
2607:fb90:fa26:937c::/64is assigned to the user facing interface and interfaces of the user's end use devices.I have no way of knowing it to be absolutely true but traceroute shows that they use ULAs for all internal equipment.
The all seeing eye sees everything...
I had an openwrt router with t-mobile/at&t but returned it yesterday to get another new model. Sadly won't have it for 2-3 weeks. If you want me to test something lmk.
ExtraVM - KVM NVMe VPS in USA, EU, APAC -|- RackColo - Find Colo - Discord: mikea (DM before adding)
In wired networks, this would be the effect of DHCPv6 Prefix Delegation.
Verizon FiOS delegates a /56 prefix to my home router.
My home router gives a /64 prefix to each internal interface.
Devices on an internal interface are assigned addresses from that /64 prefix.
The link between my home router and Verizon equipment has only link-local address.
In cellular networks, it's somewhat different.
When the UE registers with the cellular network, the SMF allocates a /64 prefix to the UE, and instructs the data network (UPFs) to route this prefix to the UE.
The UE i.e. mobile hotspot can then put this /64 on its DHCPv6 server and assigns addresses to the connected devices.
The link between the mobile hotspot and the core network is not an IP interface and does not need IP addressing.
vps9hostname is available. affbrrWhat model is that?
Ah mystery solved!
The all seeing eye sees everything...
https://www.gl-inet.com/products/gl-x3000/
However I pre-ordered the xe3000 which is the same, just with a battery, as I use cell routers when travelling.
ExtraVM - KVM NVMe VPS in USA, EU, APAC -|- RackColo - Find Colo - Discord: mikea (DM before adding)
GL.iNet has good stuff. Really filling in a niche.
The all seeing eye sees everything...
I would love to hear more on this.
Why?
they scan the nearby aps, the dns is obviously obliterated by the isp, the router also runs a weird redirection service which redirects you from websites to this seemingly non existent webpage which keeps loading until its timed out
if you wanna know more you can just get the firmware or go to https://github.com/JFC-Group/JF-Customisation
however the spying part isnt mentioned there very well, we recently got the ap scan thing sorted
another fishy thing is if you change the dns on the router it will always default to jio's dns after a reboot, we found a sftp server of Jio that held VoIP server logs of many, many people
stuff.
youtube.com/watch?v=k1BneeJTDcU
Seems to imply you have access to their servers.
The all seeing eye sees everything...
I read the thread title as HUMOUS.
It's a type of multicast address:
https://www.rfc-editor.org/rfc/rfc4291.html#section-2.7.1
Daniel15 | https://d.sb/. List of all my VPSes: https://d.sb/servers
dnstools.ws - DNS lookups, pings, and traceroutes from 30 locations worldwide.
I love hummus!
Yep, I too love humerus. Very tasty
It’s OK if you disagree with me. I can’t force you to be right!
IPv4: 32 bits of stress. IPv6: 128 bits of... well, more stress... Have anyone seen my subnet?
Everyone should. It's delicious, versatile, and you can spread it on spotty arse cheeks for an hour and it'll clear those pimples right up!