If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#31
|
|||
|
|||
ipv6 privacy extensions
On 7/24/2016 2:14 PM, HighSpy wrote:
On 23/07/2016 20:57, Justin Tyme wrote: On Sat, 23 Jul 2016 11:55:09 +0100, HighSpy wrote: On 23/07/2016 10:02, Justin Tyme wrote: On Fri, 22 Jul 2016 17:04:59 -0400, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: Totally agree with you Neil. Figures I just added my grandaugter's mac address and she never has to login, which for her would be difficult. She enters any Shaw hotspot and the wifi is just on. It is a convenience for Shaw customers who are all part of a massive user group. The OP must be part of some user group and the mac address was used as a convenience to log in automatically. Nothing more. Is it me or are you people really that thick? I'm probably wasting my time here but I'll give it one more go Apparently there is a management overhead in registering MAC addresses. Why would the network administrators do something they didn't have to unless there was a benefit for them? What is this benefit If you know the answer and would like to share it that would be great If you don't know the answer then why bother responding That lunacy about being tracked is too much. LOL! We are all surely doomed :-( Do you actually believe that you are that important to anyone? Global mass surveillance is a fact but it doesn't affect the vast majority of people in a negative way. If you are a person of interest then you need to be very careful. It is very doubtful that you are that person. You should treat the internet like an open book that anyone with the ability to read can access. There are steps you can take that can enhance your computer privacy to the point where you are anonymous. I won't go into explaining operational security, but I do understand OPSEC. I think some people *overestimate their importance* and become unreasonably paranoid. The fact that you can be tracked and the steps you take to avoid being tracked depends upon how big a fish you are and/or what it is you are trying to hide. The really worrying thing is you actually sound like you believe your own propagada. Everything is snuggly and warm and only the bad guys are being actively watched. That's all right then nothing to worry about. Better to presume that *everyone* is being watched, since it is unlikely that one can go through the day in public spaces without being observed. Those who think otherwise are the ones you see on the news after having been caught in some anti-social act or another. But, there's still no requisite connection to ipv6 or library administrators. ;-) -- Best regards, Neil |
Ads |
#32
|
|||
|
|||
ipv6 privacy extensions
On 07/22/16 00:21, HighSpy so wittily quipped:
Windows 10 I tried this in the windows-8 group with no luck so I thought I'd try it here, we have windows 7, 8 and 10 machines. I'm finally trying to get me head around ipv6 I was somewhat alarmed to discover that the low order 64 bits are reserved for what someone called 'hardware addressing schemes' but I can't remember where I read this. https://en.wikipedia.org/wiki/IPv6 "In IPv6 when using address auto-configuration, the Interface Identifier (MAC address) of an interface port is used to make its public IP address unique, exposing the type of hardware used and providing a unique handle for a user's online activity" The article then goes on about 'privacy extensions' etc. it probably applies to automatically generated IPv6 addresses. If you're using DHCPv6, the DHCP server issues them. But the point that IPv6 is *PUBLICALLY* viewable should be your biggest concern. Windows (and win-10-nic is NO exception) has a LOT of open, listening ports, that typically are NOT firewalled. I compiled a list a while back, let's see if I can dredge it up... *** here's a (possibly incomplete) list I compiled using PIDs and listening ports on Windows 8. From all indications, vista and 7 are similar. XP has fewer. 135: RpcEptMapper, RpcSs 445: "SYSTEM" 554: WMPNetworkSvc (wmpnetwk.exe) 1025: (udp) mDNS responder 1900: (udp) FDResPub, SSDPSRV, TimeBroker, upnphost 2869: "SYSTEM" 5353: (udp) mDNS responder 5354: mDNS responder 5357: "SYSTEM" 8001: [vista only] "SYSTEM" 10243: "SYSTEM" 49152: wininit.exe 49153: Audiosrv, Dhcp, EventLog, HomeGroupProvider, lmhosts, Wcmsvc, wscsvc 49154: Appinfo, Browser, CertPropSvc, iphlpsvc, LanmanServer, ProfSvc, Schedule, SENS, SessionEnv, ShellHWDetection, SystemEventsBroker, Themes, Winmgmt 49155: KeyIso, SamSs (lsass.exe) 49157: services.exe 49176: Spooler (spoolsv.exe) additionally... UDP 546: Audiosrv, Dhcp, EventLog, HomeGroupProvider, lmhosts, Wcmsvc, wscsvc UDP 54436: FDResPub, SSDPSRV, TimeBroker, upnphost also 8001 and 51493 (vista) *** (I can't quickly find my Win-10-nic list, though, but it's similar) if you want to see what ports are listening, you can use 'netstat -an' and filter on 'LISTENING'. '[::]' listens on all IPv6 addresses, which can be another filter. keep in mind that 'fe80::' IPv6 addresses are like 'link local' addresses, and won't route outside of your LAN. you will need to look at the addresses that DO route to determine what things could be listening to the public IPv6 address. worthy of note: there's no way to determine what kind of 0-day thing, similar to the old 'win nuke', might exploit one of these listening ports, ports that are essentially 'well-known', and listen on EVERY! WINDOWS! MACHINE! that runs the typical load of services. |
#33
|
|||
|
|||
ipv6 privacy extensions
On 07/22/16 07:18, HighSpy so wittily quipped:
So, map the MAC address to the serial number of the device and you have a bullet proof way of identifying the actual device being used except you can often CHANGE the mac address... now I know this is possible on XP [with specific devices], or even on 7 [from what I recall], and can MOST DEFINITELY be done with Linux and BSD. however, I don't know if it's possible with Win-10-nic. If NOT, it *should* be. FYI wifi protocol has your mac address 'in the clear'. It's necessary for the hardware to properly receive it. But if you assign a MAC address of your choice, it also defeats 'mac filtering', and prevents your 'type of hardware' from being identified via the 'OID'. |
#34
|
|||
|
|||
ipv6 privacy extensions
On 23/07/2016 09:21, Rodney Pont wrote:
On Sat, 23 Jul 2016 08:58:29 +0100, HighSpy wrote: Again I understand this but what I don't understand is why they are *insisting* on it. If it was just for our convinience why not let us use a normal sign in account. It's really no skin off their noses is it, in fact it's less work for them. OK, I'm glad you understand that, I wasn't completely sure that you had understood this aspect of it. There is some benefit to them in knowing the MAC address beforehand particularly if they also know the serial number of the device. I'm trying to find out what this benefit might be. If not to make it easy to trace a particular activity to an actuall hardwrare device then what? Don't assume that they know what they are doing. I can't see any advantage in them insisting on knowing your MAC address beforehand except to allow you straight into their network. That isn't really a safety aspect though, for them, because anyone could monitor what MAC addresses are in use and spoof one and so have direct access. It seems to me that you need to ask them their reasons for insisting. Whatever their reasons it doesn't make you any less secure, you are not giving them any information they don't already have. Maybe it's as simple as someone there has just come across the fact that their router can allow access to know MAC addresses and they think that it's a good idea and means that they can scrap the login requirements. If that's the case they really need to think again. Good luck on getting to the bottom of it. I asked why they (the network admins) were insisting on registering our hardware addresses and got the usuall 'legal reasons' response. I declined their offer and decided to look elsewhere for our group meetings. I just don't trust someone who hides behind some nebulous and mysterious 'legal reasons' -- Quis custodiet ipsos custodes? |
Thread Tools | |
Display Modes | Rate This Thread |
|
|