nanog mailing list archives

Re: just seen my first IPv6 network abuse scan, is this the start for more?

From: Igor Ybema <igor () ergens org>
Date: Fri, 3 Sep 2010 14:02:21 +0200

Sheng Jiang has discussed this issue in his draft:
http://tools.ietf.org/html/draft-jiang-v6ops-nc-protection-01


If I understand the RFC correctly it is based on an attack within the
same subnet. Looks a lot like arp-flooding.

However this scan was from a external host. The only traffic I saw on
the subnet was normal/valid NA lookups from the router towards an
increasing IPv6-address (starting with ::1, then ::2 etc). On the
router side I clearly saw the icmp traffic from the source doing a
scan on these destination hosts. None of these IPv6 addresses are
alive so no succes in scanning for comprised machines.

regards, Igor

Current thread:

Re: just seen my first IPv6 network abuse scan, is this the start for more?, (continued)
- - - Re: just seen my first IPv6 network abuse scan, is this the start for more? Bill Bogstad (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Joel Jaeggli (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Owen DeLong (Sep 03)
    - RE: just seen my first IPv6 network abuse scan, is this the start for more? Deepak Jain (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Leo Bicknell (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Owen DeLong (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Seth Mattinen (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Dobbins, Roland (Sep 03)
- Re: just seen my first IPv6 network abuse scan, is this the start for more? Matthias Flittner (Sep 03)
  - Re: just seen my first IPv6 network abuse scan, is this the start for more? Dobbins, Roland (Sep 03)
  - Re: just seen my first IPv6 network abuse scan, is this the start for more? Igor Ybema (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Dobbins, Roland (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Matthias Flittner (Sep 03)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? William Allen Simpson (Sep 04)
    - Re: just seen my first IPv6 network abuse scan, is this the start for more? Joel Jaeggli (Sep 05)