On 03/31/2012 07:32 AM, Christian Huitema wrote: >> If the regime controls the local-link, then as far as >> address-tracking is concerned, you're toast. -- They could sniff >> the network and log the address->MAC mappings, have RAs require you >> to do DHCPv6 and then have DHCPv6 assign you a constant address, >> etc. > > The obvious solution is to randomize the MAC address, and I would > definitely want to do that when visiting untrusted networks.
Or use an external card or even a different system, use it, and destroy and throw away. :-) In any case, as noted by Ray, if you're really into the aforementioned "regime" situation, randomizing the mac address is probably *not* #1 in your set of priorities. > Of course, randomizing the MAC address is necessary but not > sufficient. There are many other ways in which our computer leak > information. DHCP messages, for example, contains names and other > identifiers. Computers connecting to a network issue a flurry of DNS > lookups that can make for good signatures. Etc. Exactly. That's why I said that if the regime controls the local link, then, for the most part "game over". - If they don't, you can usually tunnel somewhere else. Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
