Re: [NSE] whois.nse

[jah <jah () zadkiel plus com>]

On 06/08/2008 07:54, Brandon Enright wrote:
> Sorry for the poor reply quality, I only have my phone right now.
>
> Regarding the IPv6 /32 cache,  you should probably cache at /48 as
> that is the size being assinged to organizations.  /32s are going to
> RiRs -- and being chopped into 65536 /48s.  Seems like a more logical
> cache boundary to me.
>
> Brandon
>
> Sent from my phone
Thanks for the info Brandon.  You nudged me into looking at the ripe and
apnic database files in which I've found that combined, there are 8580
/48 assignments and 9875 at /64 or smaller.  It does look like there's a
good case for reducing the size of cached ranges for IPv6 and possibly
as far as /64.

I also found that Ripe has allocated 5 single host assignments:
2A01:2F0F:FFFF:FFFF:0100:1000::1/128
2A01:2F0F:FFFF:FFFF:0100:2000::1/128
2A01:2F0F:FFFF:FFFF:0300:1000::1/128
2A01:2F0F:FFFF:FFFF:0300:2000::1/128
2A01:2F0F:FFFF:FFFF:0300:3000::1/128

These belong to an LIR which has been assigned 2A01:2000::/20. We'd
never find these records unless we scanned the targets individually -
since the records for hosts either side are in the /20.  Bad for the
whois script, but great if you want to find IPv6 hosts to scan - just
grep through the database files!

Perhaps we should enforce /128 for IPv6.  What's the chances of people
scanning ranges of IPv6 hosts anyway?  It's not as if anyone would be
crazy enough to do a Worldscan, would they?

Regards,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org