just seen my first IPv6 network abuse scan, is this the start for more?
igor at ergens.org
Fri Sep 3 12:02:21 UTC 2010
> Sheng Jiang has discussed this issue in his draft:
If I understand the RFC correctly it is based on an attack within the
same subnet. Looks a lot like arp-flooding.
However this scan was from a external host. The only traffic I saw on
the subnet was normal/valid NA lookups from the router towards an
increasing IPv6-address (starting with ::1, then ::2 etc). On the
router side I clearly saw the icmp traffic from the source doing a
scan on these destination hosts. None of these IPv6 addresses are
alive so no succes in scanning for comprised machines.
More information about the NANOG