[134817] in North American Network Operators' Group
Re: NIST IPv6 document
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Jan 11 11:59:34 2011
To: Jack Bates <jbates@brightok.net>
In-Reply-To: Your message of "Mon, 10 Jan 2011 22:22:32 CST."
<4D2BDB08.7030701@brightok.net>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 11 Jan 2011 11:57:12 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1294765032_4840P
Content-Type: text/plain; charset=us-ascii
On Mon, 10 Jan 2011 22:22:32 CST, Jack Bates said:
> Really? Which machine was using the privacy extension address on the
> /64? I don't see how it's made it any easier to track. In some ways, on
> provider edges that don't support DHCPv6 IA_TA and relay on slaac, it's
> one extra nightmare.
The same exact way you currently track down an IP address that some machine has
started using without bothering to ask your DHCP server for an allocation, of course.
Remember - the privacy extension was so that somebody far away on the Internet
couldn't easily correlate "all these hits on websites were from the same box".
It gives a user approximately *zero* protection against their own ISP dumping
the ARP tables off every switch 5 minutes and keeping the data handy in case
they have to track a specific MAC or IP address down.
And if you know how to do that sort of thing for rogue/unexpected stuff on IPv4, doing it
for IPv6 is trivial.
--==_Exmh_1294765032_4840P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFNLIvocC3lWbTT17ARAiAeAJ9QcQTsSac2X4hupk/N6Gw0f6PLYgCfQwai
tG5OcBeYarM0a941wl3TTA8=
=WKXt
-----END PGP SIGNATURE-----
--==_Exmh_1294765032_4840P--
