[129378] in North American Network Operators' Group
Re: just seen my first IPv6 network abuse scan,
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Sep 3 16:50:06 2010
Date: Fri, 3 Sep 2010 13:49:51 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: NANOG list <nanog@nanog.org>
Mail-Followup-To: NANOG list <nanog@nanog.org>
In-Reply-To: <D338D1613B32624285BB321A5CF3DB251037180FE5@ginga.ai.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Fri, Sep 03, 2010 at 04:33:23PM -0400, Deepak Jain =
wrote:
> Moreover, when every enterprise has a /48 or better, network admins are g=
oing to need to be able to track down machines/devices/ear pieces/what have=
you on a better basis then trapping them when they speak up. There is a hu=
ge potential for sleepers in IPv6 space that we don't see any more in IPv4 =
(because the tools are better). Eventually someone will find an approach to=
do this kind of surveying and then make it cheap enough everyone can do it=
. (how often do security-admins use NMAP/Nessus/what have you to survey the=
ir own space -- an IPv6 analog will *need* to be created eventually).
If you are the network admin, walking the L2 devices MAC tables and
comparing with the L3 devices ARP/ND/whatever tables is likely more
efficient for sparse address space.
Also keep in mind, IPv6 devices will often have multiple addresses,
and may move addresses quite regularly. For instance, I use "privacy"
or "temporary" addresses, my machine hops to a new IPv6 address
every 10 minutes. A scan will likely be out of date before it
completes for these sorts of addresses.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
iQIVAwUBTIFfbrN3O8aJIdTMAQLDmBAAsvcA/u4ydjy73RNaomEcS1uZzTjS1MUF
TvFy9vx35wMYLKQk4B8++gDqtcahAJce+PLz023pQHxfjKqxKoxYaz35nyFxxfZk
/AyD8yOniYqq6BPA9Qlaz4NYwlBIvNuSlM93Mxyf9Uy5XjZkQdf9x4odji4yEvH0
JqGtjrPb13OxUqMfC2viuaU9cjBNw6qTHaM83Jm8taQXuzT8Gou/Rw4/THPviTuA
xIMMpa1VRo14Lu2PLLYiyUHbZQp/BuACwfMZMItwqHUrsGPMEiNZfDl9u8Wefn41
CuxUfZ7hak/u3VwUUk3u7WFqAK++nsy8fl1ajd3odPcPsQDmZW0kRvm+1IcDiI//
Kh853IUcKvR4V3KdxePVjTtn64BNzyKaB6NN8P8Ll6j+iDVbqOwZcb8Y3i2kI+B1
scnQ72QsRiu1Us22YkblZ0ispXAzx7YxGI6L4GhK4TWjx9sfpZxpRytoIGSpx1vg
3ByDfKMPBvhTX4Njq3Chymdr6s4iwv+sq7tPOSsHBDMv0zuGe3GWsJUwIWqDC3MK
X32Cp+Ny1rbSlznbKiI9PiQJPHEzziKbt9sVgqEVBFssgug3T6hIeIyLldvKIQUr
ldnfw48e9RpoDpEzH/wFHmjL3o0/BhFa4tzNXnkI8svbYxOwV6bdP+LqzMcPyEyB
/KUPo9EfY4Q=
=K3Eo
-----END PGP SIGNATURE-----
--KsGdsel6WgEHnImy--
