Re: Katrina Network Damage Report

[Valdis.Kletnieks () vt edu]

On Mon, 12 Sep 2005 12:26:03 EDT, "Howard, W. Lee" said:

> Maybe I missed an intermediate post or two, but is the assertion
> here that IPv6 is more secure because it's impractical to scan such
> a large number of possible host IP addresses?  Sort of like zebra
> camouflage--it's easy to see the herd, but hard to see a single
> zebra.
>
> There may be other ways to find a host address than random botting.
> Phishing, perhaps.

The good news here is that although there's "neighbor discovery protocols" that
let you find the other zebras on the subnet, they only work if you're already
riding a zebra in the herd.  If you're riding a giraffe or hippo, or a zebra
from another herd, you still can't see the zebras.

Now if we could just do some genetic engineering to cull this mutation
that causes zebras to spontaneously sprout big neon "Ride Me" signs.....

(In other words, yes - we *will* see a shift in tactics from "random scanning"
to "find a vulnerable host on the subnet, and use it to enumerate the other
hosts".  I predict that web bugs and spam variants will be the method of choice
for finding that first host.....)

Attachment: _bin
Description: