[101122] in North American Network Operators' Group
Re: European ISP enables IPv6 for all?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Dec 18 09:07:23 2007
Date: Tue, 18 Dec 2007 09:02:24 -0500
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: "Christopher Morrow" <morrowc.lists@gmail.com>,
"Sean Siler"
<Sean.Siler@microsoft.com>,
"nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <1B09094E-3472-4E79-B855-8AD7558E7B91@muada.com>
Errors-To: owner-nanog@merit.edu
On Tue, 18 Dec 2007 12:14:52 +0100
Iljitsch van Beijnum <iljitsch@muada.com> wrote:
> On 18 dec 2007, at 6:37, Steven M. Bellovin wrote:
>
> > In a slightly more realistic vein, a huge address space makes life
> > harder for scanning worms. As Angelos Keromytis, Bill Cheswick,
> > and I have pointed out, "harder" is by no means equivalent to
> > "impossible", but the myth, new as it is, still propagates.
>
> I'd say that the huge address space makes life impossible for
> scanning worms.
Right, by simple arithmetic.
>
> That doesn't mean that there can be no successful scanning at all
> with IPv6, but it needs to be highly targeted if you want results the
> same year, so just pumping random numbers in the destination address
> field like SQL slammer did so successfully doesn't cut it in IPv6.
See http://www.cs.columbia.edu/~smb/papers/v6worms.pdf
--Steve Bellovin, http://www.cs.columbia.edu/~smb
