[88623] in North American Network Operators' Group
Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Feb 14 10:50:32 2006
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: Mohacsi Janos <mohacsi@niif.hu>, nanog list <nanog@merit.edu>
In-Reply-To: Your message of "Tue, 14 Feb 2006 18:42:33 +0530."
<bb0e440a0602140512o702dd02hd64f1d44d9afc729@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 14 Feb 2006 10:45:13 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1139931913_3078P
Content-Type: text/plain; charset=us-ascii
On Tue, 14 Feb 2006 18:42:33 +0530, Suresh Ramasubramanian said:
> After all when there's an unlimited number of hosts connected to the
> v6 network, all that needs to happen is a small botnet to develop, and
> then start to port scan.
>
> The potentially larger number of hosts that can get infected will
> probably help do an exhaustive search for you, so that v6 botnets
> start small and then grow exponentially in size over time.
OK.. let's say we have a /48 allocated to an end site, and their router
falls over at 1Mpps. The exhaustive search will completely clog their pipe
for (2 ** (128 - 48))/1000000 seconds, or approximately 38,334,786,263 *years*.
(That 2**80 is *huge*, a lot bigger than people think...)
Even the most dim-witted site will notice after a day or two of this.
And that's why a worm would have to use techniques like Steve and fiends wrote about.
--==_Exmh_1139931913_3078P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFD8fsJcC3lWbTT17ARAthKAJ9YnCyhmlsczlutXtYyJWX0FGhZdACfYd4S
y/0VeWfXqKXwnBiPP+Agmqc=
=c0Fl
-----END PGP SIGNATURE-----
--==_Exmh_1139931913_3078P--
