nanog mailing list archives
Re: Host scanning in IPv6 Networks
From: Fernando Gont <fernando () gont com ar>
Date: Fri, 20 Apr 2012 21:55:12 -0300
Hi, Jimmy, On 04/20/2012 09:22 PM, Jimmy Hess wrote:
The mathematical argument in the draft doesn't really work, because it's too focused on there being "one specific site" that can be scanned.
Not sure what you mean. Clearly, in the IPv6 world you'd target specific networks. How could you know which networks to scan? -- Easy: the attacker is targeting a specific organization, are you gather possible target networks as this information leaks out all too often (e-mail headers, etc.).
You can't just "pick a random 120 bit number" and have a good chance of that random IP happening to be a live host address.
That would be pretty much a "brute force" attack, and the argument in this paper is that IPv6 host-scanning attacks will not be brute force (as we know them).
The draft is unconvincing. The expected result is there will be very little preference for scanning, and those that will be launching attacks against networks will be utilizing simpler techniques that are still highly effective and do not require scanning.
Not sure what you mean. Could you please clarify?
Such as the exploit of vulnerable HTTP clients who _navigate to the attacker controlled web page_, walking directly into their hands, instead of worms "searching for needles in haystacks".
Well, this is part of alternative scanning techniques, which so far are not the subject of this draft. Thanks, -- Fernando Gont e-mail: fernando () gont com ar || fgont () si6networks com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Current thread:
- Fwd: Host scanning in IPv6 Networks Fernando Gont (Apr 20)
- Re: Host scanning in IPv6 Networks Tei (Apr 20)
- Re: Host scanning in IPv6 Networks Steve Clark (Apr 20)
- Re: Host scanning in IPv6 Networks Owen DeLong (Apr 20)
- Re: Host scanning in IPv6 Networks Tei (Apr 24)
- Re: Host scanning in IPv6 Networks Steve Clark (Apr 20)
- Re: Host scanning in IPv6 Networks Tei (Apr 20)
- Re: Host scanning in IPv6 Networks Steven Bellovin (Apr 20)
- Re: Host scanning in IPv6 Networks Jimmy Hess (Apr 20)
- Re: Host scanning in IPv6 Networks Fernando Gont (Apr 20)
- Re: Host scanning in IPv6 Networks Jimmy Hess (Apr 20)
- <Possible follow-ups>
- Re: Host scanning in IPv6 Networks Scott Weeks (Apr 20)