nanog mailing list archives

Re: a record?

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Mon, 14 Nov 2005 19:23:09 -0500


In message <43791C64.4050500 () linuxbox org>, Gadi Evron writes:

You don't have to scan an entire /64 ( :) ).

You can sniff network traffic and see what IP addresses you see, then 
scan only close ranges to those.
You can create a DB or download one, with addresses of known used spaces.

You can throw out thousands of random packets, finding used spaces.

You can do a lot of things, some smarter and mathematical, others just 
sensible. If I could come up with 3 silly solutions in 2 seconds, I bet 
the Bad Guys will do far better when the time comes, if it ever does. I 
am of a mind that we need IPv-NEXT-ONE (or whatever) to deal with actual 
problems before we undertake IPv6, but that's just an opinion and 
therefore completely wrong.


Yes.  Angelos Keromytis, Bill Cheswick, and I have a paper on this that 
will be out shortly.

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

a record? Randy Bush (Nov 14)
- Re: a record? Jeroen Massar (Nov 14)
  - Re: a record? Gadi Evron (Nov 14)
    - Re: a record? Jeroen Massar (Nov 14)
    - Re: a record? Gadi Evron (Nov 14)
    - Re: a record? Steven M. Bellovin (Nov 14)
    - Re: a record? Kevin Loch (Nov 14)
    - Re: a record? Rob Thomas (Nov 14)
    - Re: a record? Randy Bush (Nov 14)
    - Re: a record? Dan Hollis (Nov 14)
  - Re: a record? Randy Bush (Nov 14)
- Re: a record? Peter Dambier (Nov 14)
  - Re: a record? william(at)elan.net (Nov 14)
    - Re: a record? Matthew Sullivan (Nov 14)
  - Re: a record? Frank Louwers (Nov 15)
    - Re: a record? John Levine (Nov 15)

(Thread continues...)