[86698] in North American Network Operators' Group
Re: a record?
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Nov 14 18:24:17 2005
Date: Tue, 15 Nov 2005 01:23:16 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Jeroen Massar <jeroen@unfix.org>
Cc: Randy Bush <randy@psg.com>, nanog@nanog.org
In-Reply-To: <4379197E.2030409@unfix.org>
Errors-To: owner-nanog@merit.edu
Jeroen Massar wrote:
> Gadi Evron wrote:
>
>>>Other solution: disable IPv4 SSH and enable the IPv6 one, no scanning on
>>>that plane ;)
>>
>>Yet.
>
>
> Enjoy scanning, even I and I guess the rest of this list will be long
> time retired and sipping pina coladas and other good stuff (hot
> chocolate milk with whipcream and baileys anyone? :) in hawaii or some
> other heavenly place the day that the hardware and pipes are available
> to scan a single /64 efficiently.
>
> It's easier & faster to google or use logs* for working hosts ;)
>
> Greets,
> Jeroen
>
> * = maybe RFC3041 does have a use as that makes these IP's 'random' and
> thus sort of useless unless one attacks directly...
Not to start a huge pointless discussion, but I have a few thoughts on this:
You don't have to scan an entire /64 ( :) ).
You can sniff network traffic and see what IP addresses you see, then
scan only close ranges to those.
You can create a DB or download one, with addresses of known used spaces.
You can throw out thousands of random packets, finding used spaces.
You can do a lot of things, some smarter and mathematical, others just
sensible. If I could come up with 3 silly solutions in 2 seconds, I bet
the Bad Guys will do far better when the time comes, if it ever does. I
am of a mind that we need IPv-NEXT-ONE (or whatever) to deal with actual
problems before we undertake IPv6, but that's just an opinion and
therefore completely wrong.
Don't count any of today's trouble out.. even if we all did use IPv6.
Besides, with IPv6 it is my understanding we will have far larger issues
to contend with.
Gadi.
