[86702] in North American Network Operators' Group
Re: a record?
daemon@ATHENA.MIT.EDU (Rob Thomas)
Mon Nov 14 19:47:09 2005
Date: Mon, 14 Nov 2005 18:46:43 -0600 (CST)
From: Rob Thomas <robt@cymru.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <4379197E.2030409@unfix.org>
Errors-To: owner-nanog@merit.edu
Hi, NANOGers.
Efficient or not, we do see scanning activity on IPv6. We've seen
IPv6 botnets, compromised hosts on IPv6 used as IRC bounces, and
even one EU-based warez crew that enabled IPv6 tunnels on the
hosts they compromised. They used the IPv6 tunnels as their
management plane.
While IPv6 obviously presents a huge address space, the miscreants
don't have to scan all of it, or compromise much more than a few
devices on it, to reap a reward. Just enough is good enough.
I'll take a pina colada anyway. :)
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.cymru.com/
ASSERT(coffee != empty);
