[135512] in North American Network Operators' Group
Re: Using IPv6 with prefixes shorter than a /64 on a LAN
daemon@ATHENA.MIT.EDU (Fernando Gont)
Wed Jan 26 02:45:27 2011
Date: Wed, 26 Jan 2011 04:43:52 -0300
From: Fernando Gont <fernando@gont.com.ar>
To: Roland Dobbins <rdobbins@arbor.net>
In-Reply-To: <B1BD8D7F-07E4-4196-8D3A-69CBD127F0F1@arbor.net>
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 25/01/2011 11:29 p.m., Roland Dobbins wrote:
> On Jan 26, 2011, at 8:12 AM, Fernando Gont wrote:
>
>> Also, the claim that "IPv6 address scanning is impossible" is
>> generally based on the (incorrect) assumption that host addresses
>> are spread (randomly) over the 64-bit IID. -- But they usually
>> aren't.
>
> It also doesn't take into account hinted scanning via routing table
> lookups, whois lookups, and walking reverse DNS, not to mention
> making use of ND mechanisms once a single box on a given subnet has
> been successfully botted.
+1
Thanks,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
