Using IPv6 with prefixes shorter than a /64 on a LAN
rcarpen at network1.net
Tue Jan 25 15:43:32 CST 2011
----- Original Message -----
> On Tue, 25 Jan 2011 13:42:29 -0500, Owen DeLong <owen at delong.com>
> > Seriously? Repetitively sweeping a /64? Let's do the math...
> We've had this discussion before...
> If the site is using SLAAC, then that 64bit target is effectively
> And I can make a reasonable guess at 24 of those bits. (esp. if I've
> the address of even one of the machines.)
I wouldn't say you could assume that because one machine is a particular manufacturer, that they are all the same. I would say you could certainly limit a scan to a set list of well-known 24-bit IDs (say ~100 or so?), that would still take a couple days at least to scan.
Could there not be something implemented in the firewall to prevent an incoming scan causing an issue with ND ? If you block all incoming by default, why would the router try to do a ND on an address that is not allowed?
More information about the NANOG