Host scanning in IPv6 Networks
Tei
oscar.vives at gmail.com
Fri Apr 20 12:17:21 UTC 2012
It would be a very fast dictionary attack :D
accede
bade
dad
decade
face
axed
babe
deaf
bed
Abe
bee
Decca
exec
fade
bead
bedded
deed
exceed
Abba
deface
efface
feed
On 20 April 2012 09:08, Fernando Gont <fernando at gont.com.ar> wrote:
> FYI
>
> -------- Original Message --------
> Subject: IPv6 host scanning in IPv6
> Date: Fri, 20 Apr 2012 03:57:48 -0300
> From: Fernando Gont <fgont at si6networks.com>
> Organization: SI6 Networks
> To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
>
> Folks,
>
> We've just published an IETF internet-draft about IPv6 host scanning
> attacks.
>
> The aforementioned document is available at:
> <http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt>
>
> The Abstract of the document is:
> ---- cut here ----
> IPv6 offers a much larger address space than that of its IPv4
> counterpart. The standard /64 IPv6 subnets can (in theory)
> accommodate approximately 1.844 * 10^19 hosts, thus resulting in a
> much lower host density (#hosts/#addresses) than their IPv4
> counterparts. As a result, it is widely assumed that it would take a
> tremendous effort to perform host scanning attacks against IPv6
> networks, and therefore IPv6 host scanning attacks have long been
> considered unfeasible. This document analyzes the IPv6 address
> configuration policies implemented in most popular IPv6 stacks, and
> identifies a number of patterns in the resulting addresses lead to a
> tremendous reduction in the host address search space, thus
> dismantling the myth that IPv6 host scanning attacks are unfeasible.
> ---- cut here ----
>
> Any comments will be very welcome (note: this is a drafty initial
> version, with lots of stuff still to be added... but hopefully a good
> starting point, and a nice reading ;-) ).
>
> Thanks!
>
> Best regards,
>
--
--
ℱin del ℳensaje.
More information about the NANOG
mailing list