Consider the average "road warrior" as an example. He travels from one place to another, using whatever network connectivity available wherever he is. He keeps however reading his e-mails using IMAP to his home server, or a public mail service provider.
Now assume an attacker to be located close to this mail server. Even when the mail traffic is encrypted, it is possible for the attacker to analyze traffic by interface IDs. If the attacker figures out the interface ID of the road warrior, then he can always discover the location of the road warrior by simply looking up the last packet with the matching interface ID; the subnet prefix tells down to the subnet where the road warrior has been last seen, network-wise.
Was this article helpful?