Home > Tips > Enabling IPv6 privacy addresses

Enabling IPv6 privacy addresses

One security annoyance with IPv6, especially its stateless autoconfig feature, is that the default IPv6 address contains your compter’s MAC (physical Ethernet) address. This makes it far too easy to track you on the Internet. IPv4 NAT, for all its evils, at least protected your unique identity behind your firewall.

Fortunately IPv6 has a slick feature, called Privacy Addressing, that fixes this. Your computer generates random host address parts, changing them periodically. Old random addresses hand around as long as you have a session open using them, but new sessions use the latest randomly-generated IPv6 address. The feature takes care to check for collisions, automatically forcing a retry should one occur (two in a row is statistically very unlikely).

You turn the feature on using the sysctl command:

$ sudo sysctl -w net.inet6.ip6.use_tempaddr=1

I haven’t quite figured out what the timer is on this. It seems to be an hour or so between IP address changes. I’ll play around with it, or go read the Darwin code to see what’s going on under the covers. For machines that don’t have to be servers, however, this looks like a very handy feature!

Categories: Tips Tags:
  1. No comments yet.
  1. August 19th, 2011 at 13:06 | #1
  2. May 7th, 2013 at 04:42 | #2
  3. May 11th, 2013 at 15:38 | #3
  4. May 17th, 2013 at 01:11 | #4
  5. November 7th, 2013 at 00:38 | #5
  6. November 12th, 2013 at 10:10 | #6
  7. November 22nd, 2013 at 15:05 | #7
  8. November 26th, 2013 at 12:50 | #8
  9. November 28th, 2013 at 00:21 | #9
  10. November 28th, 2013 at 04:33 | #10
You must be logged in to post a comment.