don at calis.blacksun.org
Wed May 30 14:31:54 UTC 2007
> I would call that not understanding today's security world. "Scanning"
> is not the primary mode of looking for vulnerabilities today. There are
> several more effective "come here and get infected" and "click on this
> attachment and get infected" techniques.
I'm well aware of the modern security problems. All I said was:
"There is something to be said for not being able to blindly spew worm
traffic and still expect to get a sensible hit ratio as with IPv4."
and I stand behind that statement.
> What scanning that does go on today usually not the "lets scan the
> Internet." No money in it. You target your scans to the address ranges
> of the sites you are trying to mine (i.e. build BOTNETs) or go after.
I'm not sure I understand what you are saying- if you number based on
hardware addresses then I have no idea what you mean by "address
ranges." The hosts you are trying to compromise could be anywhere in the
subnet- that's the 3500 years I was referring to above. That's 3500
years to scan a single /64 subnet- not the entire Internet- not even a
tiny little fraction of it.
The problem will be people putting all their ducks in a row, so to speak.
More information about the NANOG