nanog mailing list archives
Re: OMB: IPv6 by June 2008
From: "Stephen Sprunk" <stephen () sprunk org>
Date: Fri, 1 Jul 2005 13:29:32 -0500
Thus spake "Joe Maimon" <jmaimon () ttec com>
Christopher L. Morrow wrote:On Fri, 1 Jul 2005, Mohacsi Janos wrote:- Not feasible scanning of subnets remotelyeh... maybe, I'm not convinced this matters anyway.If your argument is that it is "to hard" to scan that many addresses, do you really think that in an age of 100Gbps broadband 100ghrz home PC's that will really be the barrier you think it is? Or better put: Over the possible lifetime of v6 will that barrier remain real? And the scanner merely has to get lucky once.
At 100Gbps, you can send about 2^28 probes per second. To scan a /64 subnet would take 2^36 seconds -- 2177 years. I'm pretty sure that's not within IPv6's lifetime.
Or they can have a zombie army of scanners that will be statistically guaranteed to get lucky at least once.
The bandwidth into that subnet will be the limiting factor, but let's somehow assuming you could get 100Gbps for _each_ attacker. You'd need to commandeer 2^31 hosts (difficult, but not impossible) connected at 100Gbps and coordinate them all probing the same subnet without duplication to scan it within one minute. More than a few hosts per subnet would bring that number down a bit, but not enough to make it feasible for worms to spread via scanning. What this really does is change the detection method. Instead of scanning randomly, you sit and watch what other IP addresses the local host communicates with (on- and off-subnet), and attack each of them. How many degrees of separation are there really between any two unrelated computers on the Internet? You could probably collect half of all addresses in use just by infecting Google... S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov
Current thread:
- Re: OMB: IPv6 by June 2008, (continued)
- Re: OMB: IPv6 by June 2008 Rob Evans (Jul 04)
- Re: OMB: IPv6 by June 2008 Brad Knowles (Jul 04)
- Re: OMB: IPv6 by June 2008 Iljitsch van Beijnum (Jul 04)
- Re: OMB: IPv6 by June 2008 Valdis . Kletnieks (Jul 04)
- Re: OMB: IPv6 by June 2008 Carlos Friacas (Jul 01)
- Re: OMB: IPv6 by June 2008 Randy Bush (Jul 01)
- Re: OMB: IPv6 by June 2008 Jeroen Massar (Jul 01)
- Re: OMB: IPv6 by June 2008 Christopher L. Morrow (Jul 01)
- Re: OMB: IPv6 by June 2008 David Meyer (Jul 01)
- Re: OMB: IPv6 by June 2008 Joe Maimon (Jul 01)
- Re: OMB: IPv6 by June 2008 Stephen Sprunk (Jul 01)
- Re: OMB: IPv6 by June 2008 Petri Helenius (Jul 01)
- Re: OMB: IPv6 by June 2008 Niels Bakker (Jul 01)
- Message not available
- Re: OMB: IPv6 by June 2008 Christopher L. Morrow (Jul 01)
- Message not available
- Re: OMB: IPv6 by June 2008 Christopher L. Morrow (Jul 01)
- Re: OMB: IPv6 by June 2008 Todd Vierling (Jul 02)
- Re: OMB: IPv6 by June 2008 David Conrad (Jul 03)
- Re: OMB: IPv6 by June 2008 Peter Dambier (Jul 03)
- Re: OMB: IPv6 by June 2008 Petri Helenius (Jul 03)
- Re: OMB: IPv6 by June 2008 David Conrad (Jul 03)
- Re: OMB: IPv6 by June 2008 Peter Dambier (Jul 03)