Default security functions on an IPv6 CPE
Fernando Gont
fernando at gont.com.ar
Mon May 30 06:30:45 CEST 2011
On 05/27/2011 11:57 AM, Scott Beuker wrote:
>> There's an implication here: knowledge of valid IPv6 addresses is
>> going to be valuable to the bad guys. Therefore logs/tables/mail
>> headers/whatever are going to be targets and there's going to be
>> pressure to from the paranoid (which is everyone with an interest in
>> security, of course) to keep as much detail hidden as possible.
>
> Privacy addresses are the answer here; software initiating connectivity
> should be doing so from temporary addresses, and other software
> listening for incoming connectivity should only be doing so from the
> public address.
FWIW, I was told recently that Windows 7 implements some sort of
*privacy* addresses, rather than *temporary* addresses -- they do not
have modified EUI-64 format identifiers, but do not change as frequently
as temporary addresses.
Thanks,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the ipv6-ops
mailing list