Host scanning in IPv6 Networks

Tei oscar.vives at gmail.com
Fri Apr 20 07:17:21 CDT 2012


It would be a very fast dictionary attack :D

accede
bade
dad
decade
face
axed
babe
deaf
bed
Abe
bee
Decca
exec
fade
bead
bedded
deed
exceed
Abba
deface
efface
feed


On 20 April 2012 09:08, Fernando Gont <fernando at gont.com.ar> wrote:
> FYI
>
> -------- Original Message --------
> Subject: IPv6 host scanning in IPv6
> Date: Fri, 20 Apr 2012 03:57:48 -0300
> From: Fernando Gont <fgont at si6networks.com>
> Organization: SI6 Networks
> To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
>
> Folks,
>
> We've just published an IETF internet-draft about IPv6 host scanning
> attacks.
>
> The aforementioned document is available at:
> <http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt>
>
> The Abstract of the document is:
> ---- cut here ----
>   IPv6 offers a much larger address space than that of its IPv4
>   counterpart.  The standard /64 IPv6 subnets can (in theory)
>   accommodate approximately 1.844 * 10^19 hosts, thus resulting in a
>   much lower host density (#hosts/#addresses) than their IPv4
>   counterparts.  As a result, it is widely assumed that it would take a
>   tremendous effort to perform host scanning attacks against IPv6
>   networks, and therefore IPv6 host scanning attacks have long been
>   considered unfeasible.  This document analyzes the IPv6 address
>   configuration policies implemented in most popular IPv6 stacks, and
>   identifies a number of patterns in the resulting addresses lead to a
>   tremendous reduction in the host address search space, thus
>   dismantling the myth that IPv6 host scanning attacks are unfeasible.
> ---- cut here ----
>
> Any comments will be very welcome (note: this is a drafty initial
> version, with lots of stuff still to be added... but hopefully a good
> starting point, and a nice reading ;-) ).
>
> Thanks!
>
> Best regards,
>



-- 
--
ℱin del ℳensaje.



More information about the NANOG mailing list