[88662] in North American Network Operators' Group
Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
daemon@ATHENA.MIT.EDU (Mark Andrews)
Tue Feb 14 22:10:23 2006
To: Todd Vierling <tv@duh.org>
Cc: nanog@merit.edu
From: Mark Andrews <Mark_Andrews@isc.org>
In-reply-to: Your message of "Tue, 14 Feb 2006 20:46:22 CDT."
<Pine.WNT.4.63.0602142042220.3620@jvc>
Date: Wed, 15 Feb 2006 14:09:25 +1100
Errors-To: owner-nanog@merit.edu
> On Wed, 15 Feb 2006, Mark Andrews wrote:
>
> > One of method missing is doing top down random walks of ip6.arpa.
>
> That's only easy if delegation were on a per-nybble basis, which is commonly
> not the case. Because there are not typically NS's at every nybble level,
> you have to do more than one hex digit's worth of randomness in the scan in
> order to find a next-level delegation, increasing the cost of scanning that
> namespace quite a bit.
>
> (Having delegations at every nybble level would be ... alarming at best,
> given the amount of PTR redirection that implies. :)
>
> --
> -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
A simple demonstation program. Don't run it for too long
as we don't really want to beat on WIDE's servers.
Mark
#!/bin/sh
qname=1.0.0.2.ip6.arpa
depth=4
try() {
local newqname
local oldqname
local l
oldqname=$qname
for l in 0 1 2 3 4 5 6 7 8 9 a b c d e f
do
newqname=$l.$oldqname
echo trying $newqname
dig +noques ptr $newqname > /tmp/$$xxx
grep PTR /tmp/$$xxx
if grep NOERROR /tmp/$$xxx > /dev/null
then
qname=$newqname
if test $depth -lt 31
then
depth=`expr $depth + 1`
try
depth=`expr $depth - 1`
fi
fi
done
qname=$oldqname
}
try
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
