However, in a typical Internet user scenario, all connections are initiated by the user's machine towards an Internet service (client-server communication). Of course, the incoming connections are made to the real Public IPv6 address that doesn't change. Therefore, different outgoing connections can be initiated from different Temporary IPv6 addresses which minimize the risk of someone tracking the user by associating the global IPv6 address to physical equipment/user.įigure 2. Windows 10 usage of Temporary IPv6 addresses
At every reboot, or IPv6 stack on/off, or when the Preferred-Lifetime expires this temporary address is re-generated using a Random Interface Identifier. The idea behind temporary addresses is to have a public randomized IPv6 address that has a relatively short lifetime and can be used for anonymous outgoing connections. Note that now the link-local address is generated from the MAC address and is exactly the value we expected.Īnother important concept, part of the Privacy Extension for SLAAC, is the use of Temporary IPv6 addresses. PS C:\Users\Administrator> set-netipv6protocol -RandomizeIdentifiers Disabled
Disabling this feature forces Windows to use EUI-64 for Interface ID as you can see in the following example. We can use the following command in PowerShell to change the default behavior of a Windows host and disable the Randomize Identifiers. MaxTemporaryPreferredLifetime : 1.00:00:00 We can check this using the PowerShell command get-netipv6protocol or using netsh interface ipv6 show global in the Windows Command Prompt PS C:\Users\Administrator> get-netipv6protocol This is because the Randomize Identifiers feature is enabled by default. Well, obviously the current link-local address is not created using the MAC address but rather a Random Interface Identifier. : Intel(R) PRO/1000 MT Network Connection PS C:\Users\Administrator> ipconfig /allĭescription. You can see that the MAC address is 00-0A-12-34-56-78 and therefore if PC1 uses EUI-64 to generate a link-local address, it should have been fe80::20a:12ff:fe34:5678.
Let's look at part of the output of ipconfig /all command that displays the Physical address and the Link-local address of a Windows 10 host. After Windows Vista, this feature is enabled by default, so wherever a Windows host generates an IPv6 address with SLAAC, it always uses a Random Interface ID.įigure 1. How Windows 10 creates a link-local address Randomize Identifiers feature has been introduced as a part of the privacy extension for SLAAC (Stateless Address Auto-configuration).
Let's start by looking at what the first term is. This can be easily exploited in many different ways, for example, websites and apps associating different IPv6 addresses to a particular device or user.Ĭompanies realized that and introduced two concepts that help to improve user's privacy - Random Interface Identifiers and Temporary IPv6 addresses. The user can not connect anonymously to any network if someone knows the EUI-64 interface identifier of his laptop. You can clearly see that this creates an opportunity to track the user, because wherever he goes and to whichever network he connects, the second half of the globally unique IPv6 address his laptop generates is always the same. Well, the user's laptop will generate a global unicast address Y:Y:Y:Y:EUI-64, if the user connects to a network Z:Z:Z:Z::/64 it will get IPv6 address Z:Z:Z:Z::EUI-64 and so on. Let's say the user goes to another place and connects to another IPv6 network with a global prefix Y:Y:Y:Y::/64. Via SLAAC, the user's laptop will generate a globally unique address X:X:X:X:EUI-64. With the rise of network security, this was found to be a security vulnerability because an IPv6 address can be easily tied to a MAC address, which uniquely identifies physical equipment.įor example, imagine a user with a laptop connecting to an IPv6 network with global prefix X:X:X:X::/64.
Globally unique addresses and Link-local ones were created using the segment's prefix plus the EUI-64 identifier which is generated from the physical address of the host. Prior to Windows Vista and Windows Server 2008, Windows hosts used only MAC addresses to create Interface Identifiers (EUI-64).