Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


95 posts

Master Geek
Inactive user


Topic # 66181 14-Aug-2010 01:48
Send private message

ipv6 will include your modem/router's mac address

http://www.theregister.co.uk/2010/08/06/ipv6_security_nightmare/

now why did the guys have to include it for? surely they could have just made 1 long number without the mac address. 

Create new topic
673 posts

Ultimate Geek
+1 received by user: 112


  Reply # 367444 14-Aug-2010 03:55
Send private message

markh14: ipv6 will include your modem/router's mac address

http://www.theregister.co.uk/2010/08/06/ipv6_security_nightmare/

now why did the guys have to include it for? surely they could have just made 1 long number without the mac address. 


IPv6 includes your MAC address as part of the way it works. Its so everyone has a unique address.

It has many benefits over IPv4 too. Functionally it is better designed.

It isnt much less private than IPv4 because remember your house/connecion's ip address is still sent out. This just adds the computer to the MIX (if some form of NAT is nolger used).


Without wanting to go on for too long, overall IPv6 is a good improvement and it is most of all needed.

64 posts

Master Geek

Trusted

  Reply # 367459 14-Aug-2010 09:14
Send private message

Skimming the article (Which does seem to be much heavier on FUD than it needs to be) windows 7 and Vista both perform a hash on your MAC address before participating in Router Solicitation specifically to mitigate this. Linux and OS X don't.

For Windows XP, Linux and OS X users: being able to determine a MAC from an IP address allows remote hosts on the internet to track individual hardware regardless of ISP. You can't identify individual users. It's also not a reliable identification mechanism because you can set your IP address to anything you like within your assigned prefix.

This doesn't impact DHCPv6 which depending on configuration, does just assign contiguous blocks of IPs, much like IPv4. Only difference here is that there's no NAT. So corporates who receive complaints can identify individual machines without needing to refer to NAT logs. Home users can also identify individual machines.

David 




I work for a Hosting Provider - But my opinions are my own.

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 367872 15-Aug-2010 16:00
Send private message

Until they come up with viable replacement for NAT that lets you keep your private internal network private and have dual WAN via different ISP's I can't see ipv6 taking off in the small/medium business world.

Everyone will probably keep using ipv4 internally.




990 posts

Ultimate Geek
+1 received by user: 157

UberGroup

  Reply # 371060 22-Aug-2010 16:28
Send private message

One of the main advantages of v6 is not having NAT, there is no need for it. Windows XP/Vista/7 all hide your MAC and if your really paranoid you could set you v6 address manually to something different all together. Remeber, NAT is not a firewall and shouldn't be used as your primary security system




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

536 posts

Ultimate Geek


  Reply # 371063 22-Aug-2010 16:31

Good read. Probably wouldn't be hard to spoof it though. Methods to do so would become so mainstream it wouldn't be a problem.

3405 posts

Uber Geek
+1 received by user: 399

Trusted

  Reply # 371076 22-Aug-2010 16:55
Send private message

Ragnor: Until they come up with viable replacement for NAT that lets you keep your private internal network private and have dual WAN via different ISP's I can't see ipv6 taking off in the small/medium business world.

Everyone will probably keep using ipv4 internally.





Why do you need a replacement for NAT? NAT was a system introduced as a stop-measure with the explosive growth of ipv4, not as a firewall. Treating it as a firewall is ignorant, you still have open connections which a hacker could get through.

There apparently is a technology in ipv6 which will allow auto failover without NAT which is called shimming. I've done some basic research on it but still don't fully understand it...





8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 371077 22-Aug-2010 16:55
Send private message

Beccara: One of the main advantages of v6 is not having NAT, there is no need for it.


Plenty of businesses use dual wan or wan failover with different isp's.

How you can do this without getting both/all your ISP's to route your range?

Under IPv6 you might have to get x IPv6 subnets, one from each ISP, and then each PC/Server in your network would need multiple IPv6 addresses.  That doesn't seem very practical?

Many security professionals will have nightmares about having their internal network being entirely public IP's too.

NAT is pretty useful (yes I know it doesn't replace the need for a good firewall).

Shimming sounds interesting.



990 posts

Ultimate Geek
+1 received by user: 157

UberGroup

  Reply # 371341 23-Aug-2010 09:16
Send private message

You make a good point about dual WAN's, ISP's and Clients alike will have to adapt to these issues. Security guys will also know that threats come from within the network more often than outside it and the desktop should be secure to start with.

V6 is coming, V4 space is almost out and RIR's are tightening up V4 allocation policy. ISP's will soon either have to deploy V6 or use Carrier Grade Nat (NAT444) which is a huge can of worms.




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.