English

EUI-64 Considered Harmful

Networking and Internet Architecture 2019-02-26 v1

Abstract

This position paper considers the privacy and security implications of EUI-64-based IPv6 addresses. By encoding MAC addresses, EUI-64 addresses violate layers by exposing hardware identifiers in IPv6 addresses. The hypothetical threat of EUI-64 addresses is well-known, and the adoption of privacy extensions in operating systems (OSes) suggests this vulnerability has been mitigated. Instead, our work seeks to quantify the empirical existence of EUI-64 IPv6 addresses in today's Internet. By analyzing: i) traceroutes; ii) DNS records; and iii) mobile phone behaviors, we find surprisingly significant use of EUI-64. We characterize the origins and behaviors of these EUI-64 IPv6 addresses, and advocate for changes in provider IPv6 addressing policies.

Cite

@article{arxiv.1902.08968,
  title  = {EUI-64 Considered Harmful},
  author = {Erik C. Rye and Jeremy Martin and Robert Beverly},
  journal= {arXiv preprint arXiv:1902.08968},
  year   = {2019}
}

Comments

Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop

R2 v1 2026-06-23T07:49:16.388Z