[96994] in North American Network Operators' Group
RE: IPv6 Advertisements
daemon@ATHENA.MIT.EDU (Donald Stahl)
Wed May 30 10:32:44 2007
Date: Wed, 30 May 2007 10:31:54 -0400 (EDT)
From: Donald Stahl <don@calis.blacksun.org>
To: "Barry Greene (bgreene)" <bgreene@cisco.com>
Cc: "Chris L. Morrow" <christopher.morrow@verizonbusiness.com>,
JORDI PALET MARTINEZ <jordi.palet@consulintel.es>,
Nanog <nanog@nanog.org>
In-Reply-To: <C35ADD020AEBD04383C1F7F644227FDF03C2D9A5@xmb-sjc-227.amer.cisco.com>
Errors-To: owner-nanog@merit.edu
> I would call that not understanding today's security world. "Scanning"
> is not the primary mode of looking for vulnerabilities today. There are
> several more effective "come here and get infected" and "click on this
> attachment and get infected" techniques.
I'm well aware of the modern security problems. All I said was:
"There is something to be said for not being able to blindly spew worm
traffic and still expect to get a sensible hit ratio as with IPv4."
and I stand behind that statement.
> What scanning that does go on today usually not the "lets scan the
> Internet." No money in it. You target your scans to the address ranges
> of the sites you are trying to mine (i.e. build BOTNETs) or go after.
I'm not sure I understand what you are saying- if you number based on
hardware addresses then I have no idea what you mean by "address
ranges." The hosts you are trying to compromise could be anywhere in the
subnet- that's the 3500 years I was referring to above. That's 3500
years to scan a single /64 subnet- not the entire Internet- not even a
tiny little fraction of it.
The problem will be people putting all their ducks in a row, so to speak.
-Don
