Home > Tips > Enabling IPv6 privacy addresses

Enabling IPv6 privacy addresses

August 17th, 2009 admin Leave a comment Go to comments

One security annoyance with IPv6, especially its stateless autoconfig feature, is that the default IPv6 address contains your compter’s MAC (physical Ethernet) address. This makes it far too easy to track you on the Internet. IPv4 NAT, for all its evils, at least protected your unique identity behind your firewall.

Fortunately IPv6 has a slick feature, called Privacy Addressing, that fixes this. Your computer generates random host address parts, changing them periodically. Old random addresses hand around as long as you have a session open using them, but new sessions use the latest randomly-generated IPv6 address. The feature takes care to check for collisions, automatically forcing a retry should one occur (two in a row is statistically very unlikely).

You turn the feature on using the sysctl command:

$ sudo sysctl -w net.inet6.ip6.use_tempaddr=1

I haven’t quite figured out what the timer is on this. It seems to be an hour or so between IP address changes. I’ll play around with it, or go read the Darwin code to see what’s going on under the covers. For machines that don’t have to be servers, however, this looks like a very handy feature!

Categories: Tips Tags:
  1. No comments yet.
  1. August 19th, 2011 at 13:06 | #1
    Mac OS X Lion first impressions | The Next Net
  2. May 7th, 2013 at 04:42 | #2
    content-disposition
  3. May 11th, 2013 at 15:38 | #3
    ntent-Disposition: form-data; name=”wpEdittime”
  4. May 17th, 2013 at 01:11 | #4
    cordless vacuum reviews
  5. November 7th, 2013 at 00:38 | #5
    クロエ
  6. November 12th, 2013 at 10:10 | #6
    ロレックス(レディース腕時計)
  7. November 22nd, 2013 at 15:05 | #7
    人気の ロングブーツ
  8. November 26th, 2013 at 12:50 | #8
    キッズ
  9. November 28th, 2013 at 00:21 | #9
    ロングブーツ 人気
  10. November 28th, 2013 at 04:33 | #10
    アグロングブーツ
You must be logged in to post a comment.