Adresses #ipv6 indépendantes de l’adresse Mac sous #Linux - Men & Mice support
►https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQ&ItemID=91
By default, the Ubuntu-Linux network stack for IPv6 does only configure static IPv6 addresses build from the network prefix and the hardware address of the network card (MAC-Address).
This IPv6 addresses are stable and will not change over time as long as the network card is not replaced. This can lead to privacy issues, as the static IPv6 address can be tracked by outside parties (external websites).
The IPv6 standards define an algorithm to generate temporary random IPv6 addresses that are less traceable over time. This is documented in RFC 4941 “Privacy Extensions for Stateless Address Autoconfiguration in IPv6”.
In Ubuntu-Linux, privacy extensions for IPv6 are disabled by default. To enable them, edit the file “/etc/sysctl.conf” (as superuser “root”, create the file if it does not exist) and add one line per network card that is using IPv6 (here ’eth0’):
net.ipv6.conf.eth0.use_tempaddr=2
Une question peut-être idiote : est-ce que le fait de générer le suffixe d’une adresse ipv6 à partir d’une adresse MAC poserait plus de problème de confidentialité que de le générer aléatoirement ? Genre en « écoutant » sur un réseau on pourrait identifier des paquets provenant de ma machine rien qu’en connaissant l’adresse MAC de mon équipement ?
