> They go on to recommend disabling SLAAC and using only DHCPv6. Does NSA know something exploitable about common DHCPv6 implementations that we don't? ;)
This is what they say
> NSA recommends assigning addresses to hosts via a Dynamic Host Configuration
Protocol version 6 (DHCPv6) server to mitigate the SLAAC privacy issue. Alternatively,
this issue can also be mitigated by using a randomly generated interface ID (RFC 4941
– Privacy Extensions for Stateless Address Auto-configuration in IPv6) [1] that changes
over time, making it difficult to correlate activity while still allowing network defenders
requisite visibility
This is what they say
> NSA recommends assigning addresses to hosts via a Dynamic Host Configuration Protocol version 6 (DHCPv6) server to mitigate the SLAAC privacy issue. Alternatively, this issue can also be mitigated by using a randomly generated interface ID (RFC 4941 – Privacy Extensions for Stateless Address Auto-configuration in IPv6) [1] that changes over time, making it difficult to correlate activity while still allowing network defenders requisite visibility