Using IPv6 with prefixes shorter than a /64 on a LAN

Fernando Gont fernando at gont.com.ar
Wed Jan 26 01:12:22 UTC 2011


On 25/01/2011 11:44 a.m., Ray Soucy wrote:

> The argument can also be made that using smaller prefixes with
> sequential host numbering will lead to making network sweeps and port
> scanning viable in IPv6 where it would otherwise be useless.  At that
> point you just need evidence of one IPv6 address being in use and you
> know that a few hundred next to it have the interesting hosts
> connected.

Sequential host numbering is already being used, despite of the prefix
lengths in use.

Also, the claim that "IPv6 address scanning is impossible" is generally
based on the (incorrect) assumption that host addresses are spread
(randomly) over the 64-bit IID. -- But they usually aren't.

Thanks,
-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1








More information about the NANOG mailing list