Ephemeral IPv6 server addresses (part 2)

more stupid internet tricks

Part 1 of this series described a mechanism similar to time-based one-time passwords (TOTP) that allows a client to communicate with a server on a constantly changing IPv6 address. TOTP are commonly used in two-factor authentication schemes, where a user logging in to a service has to provide a password and a code generated by a hardware token or an app on a smartphone. Since the code is time-based it can be created even if the token or phone isn't connected to a network: the device only needs a reasonably accurate idea of the current time.

For the present purpose, however, the device will almost certainly be connected: the point of generating the ever-changing IPv6 address is to connect to the hidden server. If we're unable to connect to an IPv6 address there's little point in having it.

This leads to a second stupid idea: the server can generate its temporary IPv6 address by combining a secret with a random string and then it can publish the string. The random string, like the time, doesn't need to be kept secret, so it can be made available to anybody on a static IP address. Only clients that know the server's secret can use the random string to work out the server's current ephemeral IPv6 address. A slight tweak to the previous script should do it:

   #!/bin/sh

   # display the current random-based IPv6 address

   uuid=`wget -q -O - http://ipv6.example.com:8080/uuid.txt`

   secret="Zarniwoop"
   prefix="2001:db8:1:2:3:4"

   suffix1="cafe"
   suffix2="babe"
   for salt in "Zarquon" "Frankie" "Benjy"
   do
      message="${secret}${uuid}${salt}"
      sum=`echo "$message" | md5sum`

      # reserve a /124 for static addresses
      somesum=`echo "$sum" | cut -c1-7`
      if [ "$somesum" != "0000000" ]
      then
         suffix1=`echo "$sum" | cut -c1-4`
         suffix2=`echo "$sum" | cut -c5-8`
         break
      fi
   done
   echo "${prefix}:${suffix1}:${suffix2}"

The above client script should be combined with a similar server script which runs as a cron job. Note that the server script puts the current random string into a file that it serves on a static IP address.

With a suitable CGI script any web server can redirect visitors to the hidden server. frippery.org uses this to implement another mirror that's only available via an ephemeral IPv6 address.

Some notes:

For more continue to Part 3.


Ron Yorston
19th August 2015 (updated 15th September 2015)