[180423] in North American Network Operators' Group
Re: AWS Elastic IP architecture
daemon@ATHENA.MIT.EDU (Matthew Kaufman)
Tue Jun 2 12:37:22 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <556DD7F8.7090004@inblock.ru>
From: Matthew Kaufman <matthew@matthew.at>
Date: Tue, 2 Jun 2015 09:35:11 -0700
To: Nikolay Shopik <shopik@inblock.ru>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Ah, the "IPv6 subnets are so big you can't find the hosts" myth.
Let's see... to find which hosts are active in IPv6 I can:
- run a popular web service that people connect to, revealing their addresse=
s
- run a DNS server that lots of folks directly use (see Google)
- use the back door login your router vendor provided and ask
- query your unsecured public SNMP and ask
- get you to install software that sends back a list of what's on your subne=
t
- make educated guesses about your non-privacy IP addresses based on the MAC=
address ranges of popular hardware that is available in stores this year to=
reduce the search space to a manageable size
- hack the site where you get automatic updates from and use its logs
That's just off the top of my head
Matthew Kaufman
(Sent from my iPhone)
> On Jun 2, 2015, at 9:21 AM, Nikolay Shopik <shopik@inblock.ru> wrote:
>=20
> Tell me how do you plan find printer in /64 subnet, scan it?
>=20
>> On 02.06.2015 18:08, Matthew Kaufman wrote:
>>=20
>> I can't run my laser printer without a firewall in front of it, and I
>> can't even guess how secure the controller in the septic system pump box
>> might be... so I don't risk it. And I *know* that some of the webcams I
>> have are vulnerable and have no updates available.
