[LACNIC/Seguridad] Fwd: Re: [ipv6hackers] Fwd: Re: macos Sierra with CGA address?

Fernando Gont fgont en si6networks.com
Vie Dic 16 16:01:17 BRST 2016 

Estimados,

FYI. Parece que, al menos a fines practicos, MacOS implementa RFC7217 --
y no SEND... lo cual es bueno. (SEND involucraria todo un divague de
certificados, firmas de paquetes ND, etc... con el asociado uso de
codigo complejo y poco probado).

Recibi reportes de que Windows tambien implementa RFC7217. Quien use
Windows o tenga acceso a uno y pueda/quiera, please haga las pruebas de
abajo para ver si eso es asi.

Saludos, y gracias!
Fernando




-------- Forwarded Message --------
Subject: Re: [ipv6hackers] Fwd: Re: macos Sierra with CGA address?
Date: Thu, 15 Dec 2016 08:07:01 +0100 (CET)
From: Mikael Abrahamsson <swmike en swm.pp.se>
Reply-To: IPv6 Hackers Mailing List <ipv6hackers en lists.si6networks.com>
Organization: People's Front Against WWW
To: IPv6 Hackers Mailing List <ipv6hackers en lists.si6networks.com>

On Wed, 14 Dec 2016, Fernando Gont wrote:

> 1) As you disconnect and subsequently reconnect to the same network, the
> address is formed with the same IID?

I tried three times, the "secured" address stayed the same.


> 2) When multiple prefixes ad advertised on the same network, each
> resulting address (for each different prefix) employs a different IID?

Mikaels-MacBook-Pro15:~ mikaelabrahamsson$ ifconfig en4
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
	ether 68:5b:35:90:e2:76
	inet6 fe80::1054:3c28:2a28:9475%en4 prefixlen 64 secured scopeid 0xc
	inet6 2003:1831:44:1680:1428:6fe6:a961:6e47 prefixlen 64 autoconf secured
	inet6 2003:1831:44:1680:cc5d:f1ca:e9bb:49df prefixlen 64 autoconf temporary
	inet6 2003:1821:44:1680:1cfb:9abd:e1e8:dd33 prefixlen 64 autoconf secured
	inet6 2003:1821:44:1680:149e:a7ad:5184:ca0a prefixlen 64 autoconf temporary
	inet6 2003:1c09:44:1680:10e8:fd86:2fcb:b1e0 prefixlen 64 autoconf secured
	inet6 2003:1c09:44:1680:4987:9bc:a0c7:8f7a prefixlen 64 autoconf temporary
	inet6 fde8:a69b:df6e::1c48:7fd8:58bc:3859 prefixlen 64 autoconf secured
	inet6 fde8:a69b:df6e::1d0a:ac12:eaee:3382 prefixlen 64 autoconf temporary
	inet6 2003:1831:44:1680::b05 prefixlen 64 dynamic
	inet 192.168.2.154 netmask 0xffffff00 broadcast 192.168.2.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT <full-duplex,flow-control>)
	status: active

I would say "yes"?

> 3) If multiple interfaces (NICs) are connected to the same subnet, each
> obtains a different address, plus "1)" and "2)" above are true?

en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
	ether 68:5b:35:90:e2:76
	inet6 fe80::1054:3c28:2a28:9475%en4 prefixlen 64 secured scopeid 0xc
	inet 192.168.2.154 netmask 0xffffff00 broadcast 192.168.2.255
	inet6 2003:1831:44:1680:1428:6fe6:a961:6e47 prefixlen 64 autoconf secured
	inet6 2003:1831:44:1680:34f9:2103:1a62:a9e7 prefixlen 64 autoconf temporary
	inet6 2003:1821:44:1680:1cfb:9abd:e1e8:dd33 prefixlen 64 autoconf secured
	inet6 2003:1821:44:1680:f52d:30f2:2211:7fa1 prefixlen 64 autoconf temporary
	inet6 2003:1c09:44:1680:10e8:fd86:2fcb:b1e0 prefixlen 64 autoconf secured
	inet6 2003:1c09:44:1680:6024:f171:54cf:665f prefixlen 64 autoconf temporary
	inet6 fde8:a69b:df6e::1c48:7fd8:58bc:3859 prefixlen 64 autoconf secured
	inet6 fde8:a69b:df6e::59a9:e2cc:e355:2da2 prefixlen 64 autoconf temporary
	inet6 2003:1831:44:1680::b05 prefixlen 64 dynamic
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT
<full-duplex,flow-control,energy-efficient-ethernet>)
	status: active
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=4<VLAN_MTU>
	ether d8:eb:97:bf:b7:65
	inet6 fe80::4ed:4370:290f:9aca%en7 prefixlen 64 secured scopeid 0x18
	inet6 2003:1831:44:1680:4a1:c0d2:c360:8050 prefixlen 64 autoconf secured
	inet6 2003:1831:44:1680:5de0:4d6d:2b25:3f92 prefixlen 64 autoconf temporary
	inet6 2003:1821:44:1680:5c:9e8a:1696:318c prefixlen 64 autoconf secured
	inet6 2003:1821:44:1680:3de4:59a3:9df8:407 prefixlen 64 autoconf temporary
	inet6 2003:1c09:44:1680:14ca:4856:c10e:c365 prefixlen 64 autoconf secured
	inet6 2003:1c09:44:1680:e852:b8ea:edab:b3ac prefixlen 64 autoconf temporary
	inet6 fde8:a69b:df6e::4b2:5208:6cac:c44 prefixlen 64 autoconf secured
	inet6 fde8:a69b:df6e::e45b:319d:a4cf:5cd8 prefixlen 64 autoconf temporary
	inet6 2003:1831:44:1680::2f3 prefixlen 64 dynamic
	inet 192.168.2.165 netmask 0xffffff00 broadcast 192.168.2.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (100baseTX <full-duplex,flow-control>)
	status: active


-- 
Mikael Abrahamsson    email: swmike en swm.pp.se
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers en lists.si6networks.com
https://lists.si6networks.com/mailman/listinfo/ipv6hackers

Más información sobre la lista de distribución Seguridad