[152241] in North American Network Operators' Group
Re: Host scanning in IPv6 Networks
daemon@ATHENA.MIT.EDU (Tei)
Fri Apr 20 08:19:20 2012
In-Reply-To: <4F910B82.8040505@gont.com.ar>
From: Tei <oscar.vives@gmail.com>
Date: Fri, 20 Apr 2012 14:17:21 +0200
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
It would be a very fast dictionary attack :D
accede
bade
dad
decade
face
axed
babe
deaf
bed
Abe
bee
Decca
exec
fade
bead
bedded
deed
exceed
Abba
deface
efface
feed
On 20 April 2012 09:08, Fernando Gont <fernando@gont.com.ar> wrote:
> FYI
>
> -------- Original Message --------
> Subject: IPv6 host scanning in IPv6
> Date: Fri, 20 Apr 2012 03:57:48 -0300
> From: Fernando Gont <fgont@si6networks.com>
> Organization: SI6 Networks
> To: IPv6 Hackers Mailing List <ipv6hackers@lists.si6networks.com>
>
> Folks,
>
> We've just published an IETF internet-draft about IPv6 host scanning
> attacks.
>
> The aforementioned document is available at:
> <http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt>
>
> The Abstract of the document is:
> ---- cut here ----
> =C2=A0 IPv6 offers a much larger address space than that of its IPv4
> =C2=A0 counterpart. =C2=A0The standard /64 IPv6 subnets can (in theory)
> =C2=A0 accommodate approximately 1.844 * 10^19 hosts, thus resulting in a
> =C2=A0 much lower host density (#hosts/#addresses) than their IPv4
> =C2=A0 counterparts. =C2=A0As a result, it is widely assumed that it woul=
d take a
> =C2=A0 tremendous effort to perform host scanning attacks against IPv6
> =C2=A0 networks, and therefore IPv6 host scanning attacks have long been
> =C2=A0 considered unfeasible. =C2=A0This document analyzes the IPv6 addre=
ss
> =C2=A0 configuration policies implemented in most popular IPv6 stacks, an=
d
> =C2=A0 identifies a number of patterns in the resulting addresses lead to=
a
> =C2=A0 tremendous reduction in the host address search space, thus
> =C2=A0 dismantling the myth that IPv6 host scanning attacks are unfeasibl=
e.
> ---- cut here ----
>
> Any comments will be very welcome (note: this is a drafty initial
> version, with lots of stuff still to be added... but hopefully a good
> starting point, and a nice reading ;-) ).
>
> Thanks!
>
> Best regards,
>
--=20
--
=E2=84=B1in del =E2=84=B3ensaje.
