[ipv6hackers] NetworkManager and privacy in the IPv6 internet
Fernando Gont
fgont at si6networks.com
Fri Jan 1 14:52:45 CET 2016
On 12/29/2015 04:59 PM, Ondřej Caletka wrote:
> Hello,
>
> On day 6.12.2015 v 03:46 Mark ZZZ Smith wrote:
>> * By whom? There are 100s of millions of routers in homes that
>> don't have statically configured addresses on router interfaces and
>> will never have statically configured addresses because that is
>> beyond the capabilities of the devices' owners. Many servers and
>> server-type devices (e.g., printers) don't need statically
>> addressed either, because they announce their presence and their
>> address using multicast-DNS.
>
> What are the privacy concerns of using EUI-64-based II on
> server-type devices or CPEs?
Nodes become subject to scanning attacks and possibly device-specific
vulnerability exploitation.
> These devices will hardly move during
> their lifetime and they usually don't have any human operator worth
> of tracking. I simply don't see any advantage in using RFC7217
> addresses over EUI-64 based addressing for devices like network
> printer, NAS or a router.
You don't want them to be subject to scanning attacks.
Besides: be proactive. There's an extremely long history of problems for
using pedictable values when they are not needed: TCP ephemeral ports,
TCP ISNs, DNS TxIDs, TCP Timestamps, IPv4/IPv6 Identification values....
P.S.: Think twice before using predictable protocol IDs. Then don't.
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list