[ixpmanager] euro-ix export v0.7 exposes MAC addresses
Barry O'Donovan
barry.odonovan at inex.ie
Mon Nov 12 11:11:13 GMT 2018
Andreas Polyrakis wrote on 12/11/2018 09:49:
> "Note that the publicly accessible version does not include individual
> member details such as *name* (ASN is provided), max prefixes, *MAC
> addresses,* contact email and phone, when the member joined, member's
> web address, peering policy, NOC website, NOC hours or member type. This
> information is available to any logged in users or users querying the
> API with an API key <https://docs.ixpmanager.org/features/api/>."
> However our public euro-ix export
> <https://portal.gr-ix.gr/api/v4/member-export/ixf/0.7> actually _/does/_
> export MAC addresses. Is this intended (outdated documentation) or is it
> something that we need to investigate further?
No, just a documentation error, there's no other security issue here.
Updated docs pushed now.
> PS: Within the public export that there is also other information that I
> do not feel very comfortable sharing publicly. With that, I mostly refer
> to port speed. Is there a way to disable specific fields?
No, I'm afraid not. As a general rule of thumb, if the information is
easily available elsewhere, then I see no reason why it should not
available in the IX-F export. This information is usually available
through multiple sources already: a members own peering information
webiste; a members AS object; on PeeringDB; on an IX's own website; etc.
So, no issue that I can see here.
- Barry
More information about the ixpmanager
mailing list