nanog mailing list archives
Re: IPv6 Advertisements
From: "Stephen Sprunk" <stephen () sprunk org>
Date: Wed, 30 May 2007 18:39:23 -0500
Thus spake "Donald Stahl" <don () calis blacksun org>
I'm not sure I understand what you are saying- if you number based on hardware addresses then I have no idea what you mean by "address ranges." The hosts you are trying to compromise could be anywhere in the subnet- that's the 3500 years I was referring to above. That's 3500 years to scan a single /64 subnet- not the entire Internet- not even a tiny little fraction of it.
If people use stateless autoconfig, you know what 16 of the bits are, and you can guess 24 of them from a relatively small set. If you're writing a worm that targets residential Wintel users, just scan the OUIs from Dell, HP, etc. Throw in Lenovo if you want to go after business folks. Looking at it another way, you can toss out OUIs from vendors whose gear you know your worm _doesn't_ work on (e.g. Apple, embedded manufacturers, etc.) or only include OUIs for vendors you want to make look bad (e.g. Dell might write a worm that only probes HP machines).
(This is also mentioned in the draft Dale referenced, but I came up with it independently in a few seconds, so I think it falls in the "obvious" category for someone with the sk1llz needed to write a worm.)
S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do."K5SSS --Isaac Asimov
Current thread:
- Re: IPv6 Advertisements, (continued)
- Re: IPv6 Advertisements David Conrad (May 29)
- Re: IPv6 Advertisements David Conrad (May 29)
- Re: IPv6 Advertisements William F. Maton Sotomayor (May 29)
- Re: IPv6 Advertisements JORDI PALET MARTINEZ (May 29)
- Re: IPv6 Advertisements Chris L. Morrow (May 29)
- Re: IPv6 Advertisements Donald Stahl (May 29)
- Re: IPv6 Advertisements Dale W. Carder (May 29)
- Re: IPv6 Advertisements Donald Stahl (May 29)
- RE: IPv6 Advertisements Barry Greene (bgreene) (May 30)
- RE: IPv6 Advertisements Donald Stahl (May 30)
- Re: IPv6 Advertisements Stephen Sprunk (May 30)
- Re: IPv6 Advertisements Paul Vixie (May 29)
- Re: IPv6 Advertisements Jeroen Massar (May 29)
- Re: IPv6 Advertisements John Kristoff (May 29)
- Re: IPv6 Advertisements William F. Maton Sotomayor (May 29)
- Re: IPv6 Advertisements Paul Vixie (May 29)
- Message not available
- Re: IPv6 Advertisements William F. Maton Sotomayor (May 29)
- Re: IPv6 Advertisements Jeroen Massar (May 29)
- Re: IPv6 Advertisements Donald Stahl (May 29)
- Re: IPv6 Advertisements Randy Bush (May 29)
- Re: IPv6 Advertisements Chris L. Morrow (May 29)