On 2023-04-22 22:35, James Knott wrote:
On 2023-04-22 16:27, Carlos E. R. wrote:
IPv6 has a security advantage in that with such a huge address space, it's extremely difficult for an attacker to find anything to attack. For example, you have a /64 prefix, which is 18.2 billion, billion addresses. This is the entire IPv4 address space squared. Out of that you will have at most a few dozen addresses. An attacker can scan all day, every day and not find anything. In contrast, with IPv4, it's not hard to find a target.
It is not that difficult. The suffix is the MAC address, which can be found by reading my posts from the past.
The MAC is used only if you configure your computers to use it. Otherwise, a random number is used.
I configured nothing. All my (openSUSE) machines are apparently using the MAC suffix.
Even if the MAC is used, it's not used on any outgoing traffic. Outgoing connections use a privacy address, which is based on a random number and changes daily
The prefix could be obtained from my email headers, but postfix is using IPv4 still. Combine that with my known MAC, and they can poke at my machine.
The MAC address alone really doesn't get anything. The concern was that they could be used to track a portable device as it moves to different locations. However, since a MAC based address is not used for outgoing connections, that wouldn't happen.
-- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)