[ipv6hackers] NetworkManager and privacy in the IPv6 internet

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Fri Jan 1 05:15:18 CET 2016 




----- Original Message -----
From: Ondřej Caletka <Ondrej.Caletka at cesnet.cz>
To: ipv6hackers at lists.si6networks.com
Sent: Wednesday, 30 December 2015, 6:59
Subject: Re: [ipv6hackers] NetworkManager and privacy in the IPv6 internet

Hello,

On day 6.12.2015 v 03:46 Mark ZZZ Smith wrote:
> * By whom? There are 100s of millions of routers in homes that don't have statically configured addresses on router interfaces and will never have statically configured addresses because that is beyond the capabilities of the devices' owners. Many servers and server-type devices (e.g., printers) don't need statically addressed either, because they announce their presence and their address using multicast-DNS.

What are the privacy concerns of using EUI-64-based II on server-type
devices or CPEs? These devices will hardly move during their lifetime
and they usually don't have any human operator worth of tracking.

* It isn't just individual humans that may be of interest to track. The identities of these shared devices act as an identifier for the group of people authorised to use them e.g., a individual or group of people living in a residence, or a group of people and the parent organisation. The may not move often, but if they move just once, they've now disclosed that the same party has moved.

* Only in the case of a truly publicly accessible device is the device's association with a specific set of individuals broken.


 I
simply don't see any advantage in using RFC7217 addresses over EUI-64
based addressing for devices like network printer, NAS or a router.

* There are more than just privacy benefits from RFC7217 addresses. They also mitigate unsolicited address probing, as EUI-64s cut down the search space.

* "Network Reconnaissance in IPv6 Networks"
https://tools.ietf.org/html/draft-ietf-opsec-ipv6-host-scanning-08
* As routers and other "always on" devices are now actively being targeted for use in botnets etc., making them much harder to find when using unsolicited address probing is beneficial.

* Regards,
Mark.

Regards,
Ondřej Caletka



_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers

More information about the Ipv6hackers mailing list