Security Basics mailing list archives
Fw: Host scanning in IPv6 Networks
From: "Michael Painter" <tvhawaii () shaka com>
Date: Thu, 19 Apr 2012 21:36:22 -1000
Fernando Gont wrote:
FYI -------- Original Message -------- Subject: IPv6 host scanning in IPv6 Date: Fri, 20 Apr 2012 03:57:48 -0300 From: Fernando Gont <fgont () si6networks com> Organization: SI6 Networks To: IPv6 Hackers Mailing List <ipv6hackers () lists si6networks com> Folks, We've just published an IETF internet-draft about IPv6 host scanning attacks. The aforementioned document is available at: <http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt> The Abstract of the document is: ---- cut here ---- IPv6 offers a much larger address space than that of its IPv4 counterpart. The standard /64 IPv6 subnets can (in theory) accommodate approximately 1.844 * 10^19 hosts, thus resulting in a much lower host density (#hosts/#addresses) than their IPv4 counterparts. As a result, it is widely assumed that it would take a tremendous effort to perform host scanning attacks against IPv6 networks, and therefore IPv6 host scanning attacks have long been considered unfeasible. This document analyzes the IPv6 address configuration policies implemented in most popular IPv6 stacks, and identifies a number of patterns in the resulting addresses lead to a tremendous reduction in the host address search space, thus dismantling the myth that IPv6 host scanning attacks are unfeasible. ---- cut here ---- Any comments will be very welcome (note: this is a drafty initial version, with lots of stuff still to be added... but hopefully a good starting point, and a nice reading ;-) ). Thanks! Best regards,
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Fw: Host scanning in IPv6 Networks Michael Painter (Apr 24)