- Minor
Description:
The diagnostics zip files created using the "Anonymize Diagnostics" option in the UI still contain the public facing IPv6 address, which can be used to roughly geolocate users or gather lists of unraid hosts on the internet, scan them to find exposed services and so on.
In the dhcplog.txt is a line like "eth0: adding address 2a02:9...." and " Registering new address record for ..." in the syslog.txt. Since with ipv6 there is no nat and instead all addresses are directly addressing individual devices, this can be used to geolocate you to about a 10km radius and try accessing services running on the unraid box, if it is exposed to the internet (e.g. by enabling connect?).
For IPv4 this is not much of an issue, since pretty much everyone will be using NAT, so the ip in the logs will be in the private ranges in this case. See the Screenshots for the full list of occurences.
I also checked a few diagnostics files from the forum, to verify it's not just in mine and found that the IPv6 address is also in the log of other people who have it enabled.
Reproduction:
- Make fresh 6.12.3 USB Stick
- Enable IPv6 in IP settings
- Create diagnostic with anonymization turned on
- Look in the following files:
Suggested Solution:
Replace each unique IP address with a placeholder like IP1 IP2 etc, so you can still keep them apart for debugging, but the ip doesn't need to be included in the logs.