nanog mailing list archives
Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
From: Mark Andrews <Mark_Andrews () isc org>
Date: Wed, 15 Feb 2006 13:12:34 +1100
On Wed, 15 Feb 2006, Mark Andrews wrote:One of method missing is doing top down random walks of ip6.arpa.That's only easy if delegation were on a per-nybble basis, which is commonly not the case. Because there are not typically NS's at every nybble level, you have to do more than one hex digit's worth of randomness in the scan in order to find a next-level delegation, increasing the cost of scanning that namespace quite a bit. (Having delegations at every nybble level would be ... alarming at best, given the amount of PTR redirection that implies. :) -- -- Todd Vierling <tv () duh org> <tv () pobox com> <todd () vierling name>
I suggest that you re-read RFC 1034 and RFC 1035. A empty
node returns NOERROR. A non-existant node returns NXDOMAIN
(Name Error).
e.a.e.e.f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa PTR drugs.dv.isc.org
causes all of the following to exist.
a.e.e.f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
e.e.f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
e.f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
f.9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
9.e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
e.f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
f.f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
f.f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
f.4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
4.7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
7.8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
8.0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
0.2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
2.0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
0.0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
0.2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
2.8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
8.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
0.f.1.0.7.4.0.1.0.0.2.ip6.arpa
f.1.0.7.4.0.1.0.0.2.ip6.arpa
1.0.7.4.0.1.0.0.2.ip6.arpa
0.7.4.0.1.0.0.2.ip6.arpa
7.4.0.1.0.0.2.ip6.arpa
4.0.1.0.0.2.ip6.arpa
0.1.0.0.2.ip6.arpa
1.0.0.2.ip6.arpa
0.0.2.ip6.arpa
0.2.ip6.arpa
2.ip6.arpa
ip6.arpa
arpa
.
A query for any of them regardless of type should return something
other than NXDOMAIN.
Also wildcards won't save you as it is possible to detect them.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews () isc org
Current thread:
- Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Suresh Ramasubramanian (Feb 14)
- Message not available
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Suresh Ramasubramanian (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Valdis . Kletnieks (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Suresh Ramasubramanian (Feb 14)
- Message not available
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Steven M. Bellovin (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Mark Andrews (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Todd Vierling (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Mark Andrews (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Todd Vierling (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Mark Andrews (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Mark Andrews (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Mark Andrews (Feb 14)
- Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet Michael . Dillon (Feb 15)