I’m not a fan of IPv6 privacy addressing. I understand the logic behind it, I really doo, obfuscate the LLADDR (MAC address) of the host in question, but I really dont’t see the realistic purpose. If someone wanted to use my mac address, what good would that really get them, unless they’re on the same layer 2 segment? More importantly, if they;re on the same layer 2 segment, they have my MAC address anyway.
Privacy addresses cause more heartburn than they cure. How do I track someone who has a rotating address? Am I scraping the neighbor table of my network equipment often enough to have reasonable accountability? Probably, but what if I’m not? I could go on and on about how I think RFC4941 addresses aren’t that useful, but instead I’ll just write down how to disable them (I’ve always been known as more of a machete than a scalpel anyway =).
With MacOS 10.7 (Lion) it’s now on by default. To disable it, you need to open a terminal and type:
sudo sysctl -w net.inet6.ip6.use_tempaddr=0
Poof! There you go. You should be using DHCPv6 anyway =) cue vendors getting off their rear ends and implementing dhcpv6 relay