NIST IPv6 document

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jan 11 10:57:12 CST 2011


On Mon, 10 Jan 2011 22:22:32 CST, Jack Bates said:

> Really? Which machine was using the privacy extension address on the 
> /64? I don't see how it's made it any easier to track. In some ways, on 
> provider edges that don't support DHCPv6 IA_TA and relay on slaac, it's 
> one extra nightmare.

The same exact way you currently track down an IP address that some machine has
started using without bothering to ask your DHCP server for an allocation, of course.

Remember - the privacy extension was so that somebody far away on the Internet
couldn't easily correlate "all these hits on websites were from the same box".
It gives a user approximately *zero* protection against their own ISP dumping
the ARP tables off every switch 5 minutes and keeping the data handy in case
they have to track a specific MAC or IP address down.

And if you know how to do that sort of thing for rogue/unexpected stuff on IPv4, doing it
for IPv6 is trivial.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110111/80cd503b/attachment.bin>


More information about the NANOG mailing list