just seen my first IPv6 network abuse scan, is this the start for more?

Igor Ybema igor at ergens.org
Fri Sep 3 05:14:52 CDT 2010


Hi,

Since recently we noticed  "Neighbour table overflow" warnings from
the kernel on a lot of Linux machines. As this was very annoying for
us and our customers I started to dump traffic and tried to find the
cause.

I discovered a external IPv6 host was doing a (rather useless due to
the amount of addresses) IPv6 ICMP scan on our network recurring daily
and mostly during the nights, sometimes with speeds of 1000 scans per
second. Due to the ammount of IPv6 neighbor discoveries from our
routers resulting from this scan the Neighbour table overflow messages
appeared on the machines.

Are there more people who have seen this behaviour recently? Is this a
start of hackers/spammers onto the IPv6 network? This is the first
scan I have seen.

I already contacted the ISP for the source address. No answer yet. If
I have more news I will post them here.


regards, Igor Ybema
the Netherlands




More information about the NANOG mailing list