North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IPv6 Interview Questions and critic

  • From: David Charlap
  • Date: Thu Aug 29 10:38:45 2002

Kurtis Lindqvist wrote:
What is interesting is that people can identify a EUI-64 unicast
address no matter where you are. For example, i use my laptop at work
and at home (assuming I had an ipv6 connection at home). I could be
identified as the same computer, without using cookies, since my base
64 address would be the same, despite the network prefix.
What I as external viewer could determine would that you where a computer
that moved. From the frequency I could probably tell that you where a
laptop. I would not tell me what would be home or work, and it would not
say who you actually where.
You could determine this right now using a cookie and traceroute.

And traceroute _could_ tell if you're at home or work (does your path lead into an ISP or a corporation?) and depending on the corporation, might yield enough information to do some simple human engineering and find out who you are as well.

A traceroute may also indicate what part of the country you're in. Most ISP's group routers geographically and have somewhat descriptive names. So by looking at the trace, you can usually determine the state, and sometimes town, where the connection is coming from. (This isn't completely accurate, of course...)

I don't see the advertisement of a Mac address to be any more or less secure than what we've got right now. Especially since most people do not disable cookies (since a lot of popular web sites don't work without them.)

-- David