Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Feb 14 15:45:13 UTC 2006
On Tue, 14 Feb 2006 18:42:33 +0530, Suresh Ramasubramanian said:
> After all when there's an unlimited number of hosts connected to the
> v6 network, all that needs to happen is a small botnet to develop, and
> then start to port scan.
>
> The potentially larger number of hosts that can get infected will
> probably help do an exhaustive search for you, so that v6 botnets
> start small and then grow exponentially in size over time.
OK.. let's say we have a /48 allocated to an end site, and their router
falls over at 1Mpps. The exhaustive search will completely clog their pipe
for (2 ** (128 - 48))/1000000 seconds, or approximately 38,334,786,263 *years*.
(That 2**80 is *huge*, a lot bigger than people think...)
Even the most dim-witted site will notice after a day or two of this.
And that's why a worm would have to use techniques like Steve and fiends wrote about.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060214/ae343402/attachment.sig>
More information about the NANOG
mailing list