Follow the Scent: Defeating IPv6 Prefix Rotation Privacy
share
IPv6's large address space provides ample freedom for assigning addresses. To resist IP-based tracking, several techniques have been standardized to leverage this large address space, including privacy extensions and provider prefix rotation. Whereas in IPv4 many hosts may map to one address, e.g., with NAT, in IPv6 a single host may use many different public addresses. The use of many IPv6 addresses by a single host over time confounds not only adversarial tracking and traffic correlation attempts, but also traditional network measurements, logging, and defense mechanisms. We show that the intended anti-tracking capability of these widely deployed techniques is unwittingly subverted by edge routers that use legacy IPv6 addressing schemes with embedded unique identifiers. Via Internet-wide measurements, we find more than 9M affected customers across hundreds of networks worldwide. Using our technique, we demonstrate the ability of a passive adversary to correlate seemingly unrelated IPv6 traffic flows over time. Based on our findings, we contact equipment manufacturers and make recommendations to remediate this weaknesses in IPv6 infrastructure.
READ FULL TEXT