[96979] in North American Network Operators' Group
Re: IPv6 Advertisements
daemon@ATHENA.MIT.EDU (Donald Stahl)
Tue May 29 21:50:14 2007
Date: Tue, 29 May 2007 21:42:29 -0400 (EDT)
From: Donald Stahl <don@calis.blacksun.org>
To: "Dale W. Carder" <dwcarder@doit.wisc.edu>
Cc: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>,
JORDI PALET MARTINEZ <jordi.palet@consulintel.es>,
Nanog <nanog@nanog.org>
In-Reply-To: <E7CD9ECC-85A3-4607-A9E8-07F1FD01BE50@doit.wisc.edu>
Errors-To: owner-nanog@merit.edu
> There are "smarter" ways to scan v6 address space than this approach.
> My favorite is "First, the attacker may rely on the administrator
> conveniently numbering their hosts from [prefix]::1 upward. This
> makes scanning trivial."
Most definitely- but not doing that should be considered best practices.
-Don
