DescriptionBill C. Riemers
2011-04-27 15:06:03 UTC
I connected to http://test-ipv6.com/ it detects me as:
2001:470:1d:1c6:f2de:f1ff:fe05:8579
I used the command:
sudo sysctl net.ipv6.conf.all.use_tempaddr=1
Then I connected to http://test-ipv6.com/ and I am still detected as:
2001:470:1d:1c6:f2de:f1ff:fe05:8579
I then do:
sudo service NetworkManager stop
sudo ifdown eth0
sudo sysctl net.ipv6.conf.all.use_tempaddr=1
sudo service NetworkManager start
Now I connect to http://test-ipv6.com and I am still detected as:
2001:470:1d:1c6:f2de:f1ff:fe05:8579
This strikes me as a very critical security bug...
It looks like the random address is being generated, but it just is not being used for outgoing connections...
$ sudo sysctl net.ipv6.conf.eth0.use_tempaddr=1
$ sudo ifdown eth0
$ sudo ifup eth0
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr F0:DE:F1:05:85:79
inet addr:172.31.253.220 Bcast:172.31.255.255 Mask:255.255.0.0
inet6 addr: 2001:470:1d:1c6:f2de:f1ff:fe05:8579/64 Scope:Global
inet6 addr: fe80::f2de:f1ff:fe05:8579/64 Scope:Link
inet6 addr: 2001:470:1d:1c6:9d30:ec7c:9d47:b95e/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14606 errors:0 dropped:0 overruns:0 frame:0
TX packets:12207 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10585779 (10.0 MiB) TX bytes:2428097 (2.3 MiB)
Interrupt:20 Memory:f2600000-f2620000
I suspect all only effects devices where the kernel module has not yet been loaded.
My bad, it looks like for linux the correct procedure would be:
$ sudo sysctl net.ipv6.conf.eth0.use_tempaddr=2
$ sudo ifdown eth0
$ sudo ifup eth0
I'm not sure how it is at all useful to generate a temporary address with use_tempaddr=1 and then not use it. But that does appear to be the way it is designed to work...