IPv6 and Mac Addresses

For system help, all hardware / software topics NOTE: use Coders Corner for all coders topics.

Moderators: Krom, Grendel

Post Reply
Heretic
DBB Admiral
DBB Admiral
Posts: 1449
Joined: Wed Apr 14, 2010 6:54 pm
Location: Why no Krom I didn't know you can have 100 characters in this box.

IPv6 and Mac Addresses

Post by Heretic »

OK I think Microsoft actually got this one right. I have been doing some networking courses and we are studying IPv6 addressing. Link-Local address is the same as IPv4's APIPA so all IPv6 address start with FE80:0000:0000:0000 on the local-link. Then all but Microsoft use the computer MAC address to complete the 128 bit IPv6 address. Like for example You have the MAC address of 01:23:45:67:89:ab which is only 48 bits so what they do is split that in half 012345 insert fffe 6789ab drop the FE80:0000:0000:0000 in front of the MAC giving you your 128 bit address for IPv6 address fe80:0000:0000:0000:0123:45ff:fe67:89ab or FE80::0123:45ff:fe67:89ab in short hand. In Windows Vista and Windows 7 they generates a random 64 bit number to tag on to the end of the first 64bit number.

So after all that isn't a bad thing to advertise your MAC Address in this manner?
Top
User avatar
fliptw
DBB DemiGod
DBB DemiGod
Posts: 6459
Joined: Sat Oct 24, 1998 2:01 am
Location: Calgary Alberta Canada

Post by fliptw »

not really.

its like saying giving out your IP is bad.
Top
Heretic
DBB Admiral
DBB Admiral
Posts: 1449
Joined: Wed Apr 14, 2010 6:54 pm
Location: Why no Krom I didn't know you can have 100 characters in this box.

Post by Heretic »

I thought if some one could spoof your MAC they could then bypassing the access control lists on servers or routers and this puts your security at risk on your network. Is this wrong?
Top
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16138
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:
Contact Krom

Post by Krom »

Private mac filters alone are entirely inadequate as a security measure, snooping the mac address and spoofing it is childs play for anyone who wants to do it. For that matter cracking most full on encrypted wireless security is surprisingly simple if you have the right tools and enough time.
Top
Heretic
DBB Admiral
DBB Admiral
Posts: 1449
Joined: Wed Apr 14, 2010 6:54 pm
Location: Why no Krom I didn't know you can have 100 characters in this box.

Post by Heretic »

Yes I know that mac filtering alone is a security risk with wireless. I was just wondering why the are just putting the MAC address out in the open like that in IPv6. Hell even turning off the SSID Doesn't stop anyone from seeing your wireless setup. Even windows utilities find the SSID when broadcast is turned off.
Top
User avatar
AlphaDoG
DBB Admiral
DBB Admiral
Posts: 1345
Joined: Sun Dec 25, 2005 10:35 am
Location: Mt. Vernon Illinois

Re:

Post by AlphaDoG »

Heretic wrote:Yes I know that mac filtering alone is a security risk with wireless. I was just wondering why the are just putting the MAC address out in the open like that in IPv6. Hell even turning off the SSID Doesn't stop anyone from seeing your wireless setup. Even windows utilities find the SSID when broadcast is turned off.
One word:Google
It's never good to wake up in the shrubs naked, you either got way too drunk, or your azz is a werewolf.

Image
Top
User avatar
Jeff250
DBB Master
DBB Master
Posts: 6539
Joined: Sun Sep 05, 1999 2:01 am
Location: ❄️❄️❄️

Re:

Post by Jeff250 »

Heretic wrote:I was just wondering why the are just putting the MAC address out in the open like that in IPv6.
Actually, Windows isn't the only OS that can do that. But the advantage is that just using the MAC address is easy to implement, and, if everyone is doing it, then you can statelessly assign yourself an address, avoiding duplicates, since your MAC address is globally unique.
Top
Post Reply

Return to “Tech Forum”