Fwd: Host scanning in IPv6 Networks
Fernando Gont
fernando at gont.com.ar
Fri Apr 20 07:08:50 UTC 2012
FYI
-------- Original Message --------
Subject: IPv6 host scanning in IPv6
Date: Fri, 20 Apr 2012 03:57:48 -0300
From: Fernando Gont <fgont at si6networks.com>
Organization: SI6 Networks
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Folks,
We've just published an IETF internet-draft about IPv6 host scanning
attacks.
The aforementioned document is available at:
<http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt>
The Abstract of the document is:
---- cut here ----
IPv6 offers a much larger address space than that of its IPv4
counterpart. The standard /64 IPv6 subnets can (in theory)
accommodate approximately 1.844 * 10^19 hosts, thus resulting in a
much lower host density (#hosts/#addresses) than their IPv4
counterparts. As a result, it is widely assumed that it would take a
tremendous effort to perform host scanning attacks against IPv6
networks, and therefore IPv6 host scanning attacks have long been
considered unfeasible. This document analyzes the IPv6 address
configuration policies implemented in most popular IPv6 stacks, and
identifies a number of patterns in the resulting addresses lead to a
tremendous reduction in the host address search space, thus
dismantling the myth that IPv6 host scanning attacks are unfeasible.
---- cut here ----
Any comments will be very welcome (note: this is a drafty initial
version, with lots of stuff still to be added... but hopefully a good
starting point, and a nice reading ;-) ).
Thanks!
Best regards,
More information about the NANOG
mailing list