On Mar 4, 2011, at 10:39 AM, Keith Moore wrote: > I've always assumed that privacy addresses were meant to be ephemeral. > Otherwise, there's no point to them.
Ephemeral, yes. On what timeframe - Christian, my understanding is that Windows changes them daily. Correct? There are a couple of other timing alternatives. One is to create a new address for every TCP session. If you think that's a good idea - and it does have its merits - I'll encourage you to think through the implications of Duplicate Address Detection. I think you'll find hosts need to have a pool of vetted addresses in their pockets in order to do things like web access. A better alternative might be to change the address once a minute or once an hour. The value of doing so would be to side-step an attack without betraying to the attacker that you know you're under attack. Another alternative would be to change addresses at some nominal rate (such as daily) but feel free to change addresses if you perceive yourself to be under attack. _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
