On 2023-04-23 11:41, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-22 22:35, James Knott wrote:
On 2023-04-22 16:27, Carlos E. R. wrote:
IPv6 has a security advantage in that with such a huge address space, it's extremely difficult for an attacker to find anything to attack. For example, you have a /64 prefix, which is 18.2 billion, billion addresses. This is the entire IPv4 address space squared. Out of that you will have at most a few dozen addresses. An attacker can scan all day, every day and not find anything. In contrast, with IPv4, it's not hard to find a target.
It is not that difficult. The suffix is the MAC address, which can be found by reading my posts from the past.
The MAC is used only if you configure your computers to use it. Otherwise, a random number is used.
I configured nothing. All my (openSUSE) machines are apparently using the MAC suffix.
Check out the use_tempaddr setting, /proc/sys/net/ipv6/conf/*/use_tempaddr.
1 - use the EUI-64 (MAC-based) address for outbound traffic. 0 - don't generate a privacy address 2 - use the privacy/random address for outbound traffic.,
(okay, that's from memory, better double check).
cer@Telcontar:~> cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 1 cer@Telcontar:~> cat /proc/sys/net/ipv6/conf/default/use_tempaddr 1 cer@Telcontar:~> cer@Isengard:~> cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 1 cer@Isengard:~> cat /proc/sys/net/ipv6/conf/default/use_tempaddr 1 cer@Isengard:~> cat /proc/sys/net/ipv6/conf/wlan0/use_tempaddr 1 cer@Isengard:~> My Beta machine has lost the IPv4 address, only has Ipv4. I'm not going to type an IPv6 to ssh to it! Clicking en NM, disable network, enable network. ip-addr hangs... the kernel driver hung :-( I type the command manually, two interfaces are zero, two are one, one is -1. eth and wlan are zero. Still no network. That's the new laptop, I left it running for days, and IPv4 died.
Even if the MAC is used, it's not used on any outgoing traffic. Outgoing connections use a privacy address, which is based on a random number and changes daily
See above.
The prefix could be obtained from my email headers, but postfix is using IPv4 still.
If your machine has a public ipv6 address and an mx or your relay has ipv6, postfix will use ipv6, unless explicitly disabled.
cer@Telcontar:~> host smtp.telefonica.net smtp.telefonica.net has address 86.109.99.70 cer@Telcontar:~> cer@Telcontar:~> host smtp.gmx.es smtp.gmx.es is an alias for smtp.gmx.com. smtp.gmx.com is an alias for mail.gmx.com. mail.gmx.com has address 212.227.17.184 mail.gmx.com has address 212.227.17.174 cer@Telcontar:~> gmail does have IPv6. I'll have to send myself an email using gmail. [...] Confirm, it used IPv6. And the received headers do contain my IPv6, the "scope global dynamic mngtmpaddr", ie, the one with my MAC. Bingo. :-( -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)