Host scanning in IPv6 Networks
Fernando Gont
fernando at gont.com.ar
Sat Apr 21 00:55:12 UTC 2012
Hi, Jimmy,
On 04/20/2012 09:22 PM, Jimmy Hess wrote:
> The mathematical argument in the draft doesn't really work, because
> it's too focused on there being "one specific site" that can be
> scanned.
Not sure what you mean. Clearly, in the IPv6 world you'd target specific
networks.
How could you know which networks to scan? -- Easy: the attacker is
targeting a specific organization, are you gather possible target
networks as this information leaks out all too often (e-mail headers, etc.).
> You can't just "pick a random 120 bit number" and have a good chance
> of that random IP happening to be a live host address.
That would be pretty much a "brute force" attack, and the argument in
this paper is that IPv6 host-scanning attacks will not be brute force
(as we know them).
> The draft is unconvincing. The expected result is there will be very
> little preference for scanning, and those that will be launching
> attacks against networks will be utilizing simpler techniques that
> are still highly effective and do not require scanning.
Not sure what you mean. Could you please clarify?
> Such as the exploit of vulnerable HTTP clients who _navigate to the
> attacker controlled web page_, walking directly into their hands,
> instead of worms "searching for needles in haystacks".
Well, this is part of alternative scanning techniques, which so far are
not the subject of this draft.
Thanks,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the NANOG
mailing list