Barry Greene (bgreene)
bgreene at cisco.com
Wed May 30 13:52:31 UTC 2007
> > This assumes a single machine scanning, not a botnet of
> 1000 or even
> > the 1.5m the dutch gov't collected 2 yrs ago.
> > Again, a sane discussion is in order. Scanning isn't AS
> EASY, but it
> > certainly is still feasible,
> With 1.5 million hosts it will only take 3500 years... for a
> _single_ /64!
> I'm not sure that's what I would call feasible.
I would call that not understanding today's security world. "Scanning"
is not the primary mode of looking for vulnerabilities today. There are
several more effective "come here and get infected" and "click on this
attachment and get infected" techniques.
What scanning that does go on today usually not the "lets scan the
Internet." No money in it. You target your scans to the address ranges
of the sites you are trying to mine (i.e. build BOTNETs) or go after.
More information about the NANOG