issue with SLAAC and deprecated IPv6 addresses on recent windowsversions

Martin Millnert martin at millnert.se
Wed Dec 2 17:49:22 CET 2009


On Tue, 2009-12-01 at 23:53 +0100, Chris Hills wrote:
> Here's another bug:
> 
> If you bind an ipv6 udp socket in the .Net framwork on windows, it will
> reply from a privacy address even to packets sent to the EUI-64 address,
> allowing a remote party to discovery the association between the addresses.
> 
> 

And here's a third:

Some Vista machines, it seems, use 6to4 and Teredo source addresses on
ethernet interfaces that are otherwise configured correctly -- at least,
they use gateway information received by RA, and v6 DNS resolvers
received by DHCPv6... I know this because some of the illegal packets
are in fact DNS queries.  Unless client machine owners have all
configured this statically, of course.. which I somehow doubt.

And a fourth:

Some clients with MAC's belonging mainly to Apple, do the same but using
fe80:: addresses.. Ie, tries to send DNS queries through a router with
such a source address.

Neither one of these bugs can be especially healthy, since classic BCP
asks me to not route these incorrect source addresses... and in the
Apple case it's quite difficult even route if I wanted to.

-- 
Martin Millnert <martin at millnert.se>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20091202/380bdfa8/attachment.bin 


More information about the ipv6-ops mailing list