Default security functions on an IPv6 CPE

Tim Chown tjc at ecs.soton.ac.uk
Tue May 31 14:46:50 CEST 2011


On 31 May 2011, at 13:39, Fernando Gont wrote:

> On 05/31/2011 07:59 AM, Tim Chown wrote:
>> When I last checked Windows7 behaviour it would by default generate
>> 
>> a) a permanent address with a randomised host part, persistent across
>> reboots on the same prefix.  One benefit if you put this address in
>> the DNS is it would not change with a change of MAC address (e.g.
>> hardware change).
> 
> And it's nice to have for logging purposes.

Well, it's likely to be the address you use for reaching the machine, so that address probably won't appear in logs of other machines.

>> b) a temporary privacy address, which changes across reboots.  Unlike
>> XP, the system does not appear to generate new privacy addresses on a
>> daily basis
> 
> What's the address selection policy for these two? i.e., is the
> temporary address preferred over the "randomized and persistent" address?

Yes, the point is that the privacy address is used for connections the host initiates.  That's been true for any implementation I've seen.

In answer to your other question, I managed to keep a Win7 PC up for over a week and a) it did not change or generate a new privacy address (which XP would have done, every 24 hours) and b) an open ssh connection to another system did not drop.

Tim


More information about the ipv6-ops mailing list