nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet

From: Valdis.Kletnieks () vt edu
Date: Tue, 14 Feb 2006 10:45:13 -0500
On Tue, 14 Feb 2006 18:42:33 +0530, Suresh Ramasubramanian said:


After all when there's an unlimited number of hosts connected to the
v6 network, all that needs to happen is a small botnet to develop, and
then start to port scan.

The potentially larger number of hosts that can get infected will
probably help do an exhaustive search for you, so that v6 botnets
start small and then grow exponentially in size over time.


OK.. let's say we have a /48 allocated to an end site, and their router
falls over at 1Mpps.  The exhaustive search will completely clog their pipe
for (2 ** (128 - 48))/1000000 seconds, or approximately 38,334,786,263 *years*.
(That 2**80 is *huge*, a lot bigger than people think...)

Even the most dim-witted site will notice after a day or two of this.

And that's why a worm would have to use techniques like Steve and fiends wrote about.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: