DescentBB

OK I think Microsoft actually got this one right. I have been doing some networking courses and we are studying IPv6 addressing. Link-Local address is the same as IPv4's APIPA so all IPv6 address start with FE80:0000:0000:0000 on the local-link. Then all but Microsoft use the computer MAC address to complete the 128 bit IPv6 address. Like for example You have the MAC address of 01:23:45:67:89:ab which is only 48 bits so what they do is split that in half 012345 insert fffe 6789ab drop the FE80:0000:0000:0000 in front of the MAC giving you your 128 bit address for IPv6 address fe80:0000:0000:0000:0123:45ff:fe67:89ab or FE80::0123:45ff:fe67:89ab in short hand. In Windows Vista and Windows 7 they generates a random 64 bit number to tag on to the end of the first 64bit number.

So after all that isn't a bad thing to advertise your MAC Address in this manner?

not really.

its like saying giving out your IP is bad.

I thought if some one could spoof your MAC they could then bypassing the access control lists on servers or routers and this puts your security at risk on your network. Is this wrong?

Private mac filters alone are entirely inadequate as a security measure, snooping the mac address and spoofing it is childs play for anyone who wants to do it. For that matter cracking most full on encrypted wireless security is surprisingly simple if you have the right tools and enough time.

Yes I know that mac filtering alone is a security risk with wireless. I was just wondering why the are just putting the MAC address out in the open like that in IPv6. Hell even turning off the SSID Doesn't stop anyone from seeing your wireless setup. Even windows utilities find the SSID when broadcast is turned off.

Heretic wrote:Yes I know that mac filtering alone is a security risk with wireless. I was just wondering why the are just putting the MAC address out in the open like that in IPv6. Hell even turning off the SSID Doesn't stop anyone from seeing your wireless setup. Even windows utilities find the SSID when broadcast is turned off.

One word:Google

Heretic wrote:I was just wondering why the are just putting the MAC address out in the open like that in IPv6.

Actually, Windows isn't the only OS that can do that. But the advantage is that just using the MAC address is easy to implement, and, if everyone is doing it, then you can statelessly assign yourself an address, avoiding duplicates, since your MAC address is globally unique.