Default security functions on an IPv6 CPE
Fernando Gont
fernando at gont.com.ar
Tue May 31 00:08:44 CEST 2011
Hi, Fred,
On 05/30/2011 06:53 PM, Fred Baker wrote:
>>> Privacy addresses are the answer here; software initiating connectivity
>>> should be doing so from temporary addresses, and other software
>>> listening for incoming connectivity should only be doing so from the
>>> public address.
>>
>> FWIW, I was told recently that Windows 7 implements some sort of
>> *privacy* addresses, rather than *temporary* addresses -- they do not
>> have modified EUI-64 format identifiers, but do not change as frequently
>> as temporary addresses.
>
> I believe they implement
>
> http://www.ietf.org/rfc/rfc4941.txt
> 4941 Privacy Extensions for Stateless Address Autoconfiguration in
> IPv6. T. Narten, R. Draves, S. Krishnan. September 2007. (Format:
> TXT=56699 bytes) (Obsoletes RFC3041) (Status: DRAFT STANDARD)
Christian Huitema had noted on 6man@ that they generate IPv6 addresses
as a result of a hash function that includes the prefix. i.e., the
address (IID) varies from network to network, but is constant within the
network.
I'll try to check on my Windows 7 box...
Best regards,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the ipv6-ops
mailing list