nanog mailing list archives
Re: Using IPv6 with prefixes shorter than a /64 on a LAN
From: Roland Dobbins <rdobbins () arbor net>
Date: Wed, 26 Jan 2011 11:30:56 +0700
On Jan 26, 2011, at 11:17 AM, Jimmy Hess wrote:
There are other methods of discovery as well, but they are not close in scale or 'ease of use' to what brute-force address space scanning could easily accomplish with IPv4.
Most botted hosts today are compromised in the first place via layer-7 exploits, not via scanning and network-based exploits. Pushing the miscreants in the direction of hinted scanning will further strain already overloaded whois and DNS servers. And just because iterative scanning is a crapshoot in IPv6, it costs attackers nothing to do it, anyways, and so they will. So, the fact that IPv6 access networks can contain huge numbers of possible endpoint addresses as compared to IPv4 is largely irrelevant; and in fact will have negative consequences with regards to the second-order effects of hinted scanning. ------------------------------------------------------------------------ Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Most software today is very much like an Egyptian pyramid, with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay
Current thread:
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN, (continued)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Leen Besselink (Jan 30)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Laurent GUERBY (Jan 30)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Owen DeLong (Jan 30)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Valdis . Kletnieks (Jan 30)
- RE: Using IPv6 with prefixes shorter than a /64 on a LAN George Bonser (Jan 30)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Fernando Gont (Jan 25)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Ray Soucy (Jan 25)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Fernando Gont (Jan 25)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Roland Dobbins (Jan 25)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Jimmy Hess (Jan 25)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Roland Dobbins (Jan 25)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Fernando Gont (Jan 25)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Owen DeLong (Jan 26)
- Re: Using IPv6 with prefixes shorter than a /64 on a LAN Fernando Gont (Jan 26)