just seen my first IPv6 network abuse scan, is this the start for more?

• Previous message (by thread): just seen my first IPv6 network abuse scan, is this the start for more?
• Next message (by thread): just seen my first IPv6 network abuse scan, is this the start for more?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sep 3, 2010, at 5:14 PM, Igor Ybema wrote:

> I discovered a external IPv6 host was doing a (rather useless due to the amount of addresses) IPv6 ICMP scan on our network recurring daily and mostly during the nights, sometimes with speeds of 1000 scans per second.

Not necessarily so useless, as it was hitting your boxen, eh?

;>

Plus, setting bots to go scan isn't very labor-intensive.  All the talk about how scanning isn't viable in IPv6-land due to large netblocks doesn't take into account the benefits of illicit automation.

Note that hinted scanning, based upon DNS treewalking and so forth, is a useful refinement.

> Due to the ammount of IPv6 neighbor discoveries from our routers resulting from this scan the Neighbour table overflow messages appeared on the machines.


Any noticeable effect on router CPU?

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

 	       Sell your computer and buy a guitar.

• Previous message (by thread): just seen my first IPv6 network abuse scan, is this the start for more?
• Next message (by thread): just seen my first IPv6 network abuse scan, is this the start for more?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]