Reputation: 147
IPV6 and MAC Addresses
I have been studying the new IPV6 addressing system and I have one question that I feel was not answered anywhere in the IPV6 specification, which I have read extensively. Can a specific IPV6 address be trusted to tie back to a specific unique Device Packet, at a forensic quality level? I understand that the MAC address of the originating Device is included in the IPV6 and it remains with the message at all stages in its existence. Packets are never broken up anywhere in its travel and hence one would assume that any 'packet capture' software could, in essence, have the Unique MAC address and could be tracked to one Device and one only. Is this true or not?
Upvotes: 1
Views: 7445
Answers (2)
Reputation: 170
Not an invalid question, at one time this is how IPv6 link addresses were generated in practice. But no longer. It'd require some forensic investigation to determine whether a specific implementation was using this method, but it's unlikely nowdays.
en.wikipedia.org/wiki/IPv6
"The lower 64 bits of the link-local address (the suffix) were originally derived from the MAC address of the underlying network interface card. As this method of assigning addresses would cause undesirable address changes when faulty network cards were replaced, and as it also suffered from a number of security and privacy issues, RFC 8064 has replaced the original MAC-based method with the hash-based method specified in RFC 7217."
Upvotes: 2
Reputation: 6452
I have been studying the new IPV6 addressing system...
IPv6 is hardly new; it dates back to 1995, when RFC 1883, Internet Protocol, Version 6 (IPv6) Specification was published.
Can a specific IPV6 address be trusted to tie back to a specific unique Device Packet, at a forensic quality level?
I'm not completely sure what you mean. IPv6 restores the IP end-to-end paradigm, where every host has a unique IP address, but there are non-standard techniques that can disrupt that.
I understand that the MAC address of the originating Device is included in the IPV6 and it remains with the message at all stages in its existence.
I'm not sure where you got that idea. IP (both IPv4 and IPv6) have nothing to do with the data-link protocol used to carry them. IP can be carried by any number of data-link protocols, and only the IEEE protocols (ethernet, Wi-Fi, token ring, etc.) use MAC addressing. Other data link protocols (frame relay, PPP, ATM, HDLC, etc.), including common residential WAN protocols (PPPoA) do not use MAC addressing. The data-link addressing is only valid on the data-link LAN.
Packets are never broken up anywhere in its travel and hence one would assume that any 'packet capture' software could, in essence, have the Unique MAC address and could be tracked to one Device and one only. Is this true or not?
MAC addresses are data-link addresses, and they are not valid or seen beyond the local LAN.
Upvotes: 1
Related Questions
- Convert from a MAC address to an IPv6 address
- What do multicast MAC addresses mean?
- Anonymizing IPv6 addresses
- How to get Mac address of ipv6 address?
- IPv6 addresses in legacy applications written for IPv4
- Setting up IPv6 environment using OSX 10.11 Beta 5 (El Capitan)
- IPv6: Why are IPv4-mapped addresses a security risk?
- How to get the correct IPv6 address in cocoa
- Data transfer over TCP-IPv6 connection
- Some questions related to IPv6