Atlas probes, IPv6, EUI-64, and privacy
Hello all, I couldn't help but notice that my Atlas probe is using an EUI-64 IPv6 address. It has come to light that the presence of even one device using an EUI-64 address on a network has a negative effect on privacy for the whole network: https://arxiv.org/abs/2203.08946 Thoughts? Cheers and thanks in advance, Alex
The idea behind that paper is essentially that if one device on your network uses an EUI-64 address, you can defeat prefix rotation. If you have a probe that's listed as public it's mostly moot, since one could just look up your probe ID from the IPv6 it has - there is an API endpoint to list all probes - and use that as a persistent reference. That being said, switching to using Semantically Opaque Interface Identifiers should prevent what the paper describes, while still keeping the addresses of the probes relatively consistent, which someone might rely on. (Unlike regular privacy extensions, it would not rotate over time, but rather only if the prefix changes) On Tue, May 3, 2022 at 2:48 AM Alexander Burke via ripe-atlas < ripe-atlas@ripe.net> wrote:
Hello all,
I couldn't help but notice that my Atlas probe is using an EUI-64 IPv6 address.
It has come to light that the presence of even one device using an EUI-64 address on a network has a negative effect on privacy for the whole network:
https://arxiv.org/abs/2203.08946
Thoughts?
Cheers and thanks in advance, Alex -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
participants (2)
-
Alexander Burke
-
Sebastian Johansson