I have two questions that both assume an attacker who has my MAC address:
-
Suppose an attacker connects to the Internet before me, spoofing my MAC. I then connect and tell people to connect to my EUI-64 address. Will the attacker get my packets? Will the attacker be able to do illegal stuff pretending to be me?
-
Suppose I connect first and then the attacker connects, spoofing my MAC. I am communicating with people using my EUI-64 address. Will the attacker be able to get my packets, if he gets himself assigned my EUI-64 address? Will the attacker be able to do illegal stuff pretending to be me?
I guess what I'm asking, is, EUI-64 depends on MAC addresses being unique. But since it's possible to spoof MACs, how can IPv6 address have any sort of uniqueness assumption at all? And if addresses aren't unique, how can routing possibly work?
Best Answer
First, MAC addresses really have nothing to do with the Internet. MAC addresses are layer-2 addresses, only seen on a LAN. Layer-2 frames are stripped off at a router.
MAC address spoofing is more about LAN disruption than anything. LAN switches build MAC address tables in order to deliver a frame for a particular MAC address to the correct switch interface. A switch will modify its table every time a frame comes into the switch. What happens with MAC address spoofing is that the MAC address table will constantly be changing to the spoofed interface, then back to the real interface as each host sends traffic.
When an IPv6 address is assigned to a host, the host must see if that address is already used on the LAN. If the address is already used, the host must pick a different address. In reality, most OSes use Privacy Extensions or Random Addressing, so SLAAC with EUI-64 addressing is pretty rare. In any case, a host trying to spoof your IPv6 (layer-3) address would need to be on your network because the network portion of the address would be different if that host is on a different network. Traffic destined to your network will not be sent to a different network.
Edit for your comment about different ISPs:
You seem to be confusing layer-2 and layer-3 addresses. The host portion of a layer-3 address can be the same on any other network. That is true for both IPv4 and IPv6. It is the network portion that must be unique on the Internet. You will have a unique network address, and any traffic destined to your network will only be sent to your network.