just seen my first IPv6 network abuse scan, is this the start for more?

Seth Mattinen sethm at rollernet.us
Fri Sep 3 19:31:10 CDT 2010


On 9/3/2010 17:12, Owen DeLong wrote:
> I was not attempting to defend security through obscurity. It doesn't ultimately help at all.
> 
> However, compared to the network and other resource costs of scanning, even at more than a billion pps, I think there will be more effective vectors of attack that are more likely to be used in IPv6. In IPv4, an exhaustive scan is quite feasible. In IPv6, scanning a single subnet is 4 billion times harder than scanning the entire IPv4 Internet.
> 
> My point isn't that hiding hosts in arbitrarily large address space makes them safe. My point is that scanning is not the vector by which they are most likely to get discovered.
> 

Even so, it won't stop the uninitiated from scanning the crap out of
IPv6 space.

~Seth




More information about the NANOG mailing list