[84391] in North American Network Operators' Group
Re: Katrina Network Damage Report
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Sep 12 13:50:05 2005
To: "Howard, W. Lee" <Lee.Howard@stanleyassociates.com>
Cc: ops.lists@gmail.com, Joel Jaeggli <joelja@darkwing.uoregon.edu>,
Alan Spicer <a_spicer@bellsouth.net>,
Steve Gibbard <scg@gibbard.org>, nanog@nanog.org
In-Reply-To: Your message of "Mon, 12 Sep 2005 12:26:03 EDT."
<3F05EE24A82C0B42811178EFB8820C3F58A10B@AX-S-EX-1.stanleyassociates.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 12 Sep 2005 13:49:08 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1126547347_2852P
Content-Type: text/plain; charset=us-ascii
On Mon, 12 Sep 2005 12:26:03 EDT, "Howard, W. Lee" said:
> Maybe I missed an intermediate post or two, but is the assertion
> here that IPv6 is more secure because it's impractical to scan such
> a large number of possible host IP addresses? Sort of like zebra
> camouflage--it's easy to see the herd, but hard to see a single
> zebra.
>
> There may be other ways to find a host address than random botting.
> Phishing, perhaps.
The good news here is that although there's "neighbor discovery protocols" that
let you find the other zebras on the subnet, they only work if you're already
riding a zebra in the herd. If you're riding a giraffe or hippo, or a zebra
from another herd, you still can't see the zebras.
Now if we could just do some genetic engineering to cull this mutation
that causes zebras to spontaneously sprout big neon "Ride Me" signs.....
(In other words, yes - we *will* see a shift in tactics from "random scanning"
to "find a vulnerable host on the subnet, and use it to enumerate the other
hosts". I predict that web bugs and spam variants will be the method of choice
for finding that first host.....)
--==_Exmh_1126547347_2852P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFDJb+TcC3lWbTT17ARAkrvAJ0ZGTh/u9OupnO/ZihdAn9pV1gfJgCdFg+f
5UXG0fMWiQuSFyI1M5bRgn0=
=/KZ8
-----END PGP SIGNATURE-----
--==_Exmh_1126547347_2852P--
