just seen my first IPv6 network abuse scan, is this the startfor more?

Jamie Bowden jamie at photon.com
Tue Sep 7 13:03:12 UTC 2010


Forgive the top posting, but Lookout is the corporate standard.

Now, on to the topic at hand.  Why would you scan the address space in
the first place?  Wouldn't it be easier to compromise a known host and
look at the ARP table?  Or better yet, the router on the edge?  If it's
moving packets, something on the network has mapped the MAC address to
its IP at some point.

Jamie

-----Original Message-----
From: Dobbins, Roland [mailto:rdobbins at arbor.net] 
Sent: Friday, September 03, 2010 3:42 PM
To: NANOG list
Subject: Re: just seen my first IPv6 network abuse scan, is this the
startfor more?


On Sep 4, 2010, at 12:19 AM, Steven Bellovin wrote:

> See http://www.cs.columbia.edu/~smb/papers/v6worms.pdf

I've seen it and concur with regards to worms (which don't seem to be
very popular, right now, excepting the 'background radiation' of old
Code Red, Nimda, Blaster, Nachi, SQL Slammer, et. al. hosts).  I believe
that hinted scanning is still viable, and I'd argue that the experience
of the OP who kicked off this thread is an indication of same.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

 	       Sell your computer and buy a guitar.









More information about the NANOG mailing list