Host scanning in IPv6 Networks
fernando at gont.com.ar
Fri Apr 20 19:55:12 CDT 2012
On 04/20/2012 09:22 PM, Jimmy Hess wrote:
> The mathematical argument in the draft doesn't really work, because
> it's too focused on there being "one specific site" that can be
Not sure what you mean. Clearly, in the IPv6 world you'd target specific
How could you know which networks to scan? -- Easy: the attacker is
targeting a specific organization, are you gather possible target
networks as this information leaks out all too often (e-mail headers, etc.).
> You can't just "pick a random 120 bit number" and have a good chance
> of that random IP happening to be a live host address.
That would be pretty much a "brute force" attack, and the argument in
this paper is that IPv6 host-scanning attacks will not be brute force
(as we know them).
> The draft is unconvincing. The expected result is there will be very
> little preference for scanning, and those that will be launching
> attacks against networks will be utilizing simpler techniques that
> are still highly effective and do not require scanning.
Not sure what you mean. Could you please clarify?
> Such as the exploit of vulnerable HTTP clients who _navigate to the
> attacker controlled web page_, walking directly into their hands,
> instead of worms "searching for needles in haystacks".
Well, this is part of alternative scanning techniques, which so far are
not the subject of this draft.
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the NANOG