Default security functions on an IPv6 CPE

Fernando Gont fernando at
Mon May 30 06:30:45 CEST 2011

On 05/27/2011 11:57 AM, Scott Beuker wrote:

>> There's an implication here: knowledge of valid IPv6 addresses is
>> going to be valuable to the bad guys.  Therefore logs/tables/mail
>> headers/whatever are going to be targets and there's going to be
>> pressure to from the paranoid (which is everyone with an interest in
>> security, of course) to keep as much detail hidden as possible.
> Privacy addresses are the answer here; software initiating connectivity
> should be doing so from temporary addresses, and other software
> listening for incoming connectivity should only be doing so from the
> public address.

FWIW, I was told recently that Windows 7 implements some sort of
*privacy* addresses, rather than *temporary* addresses -- they do not
have modified EUI-64 format identifiers, but do not change as frequently
as temporary addresses.

Fernando Gont
e-mail: fernando at || fgont at
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the ipv6-ops mailing list