Re: European ISP enables IPv6 for all?

["Steven M. Bellovin" <smb () cs columbia edu>]

On Tue, 18 Dec 2007 12:14:52 +0100
Iljitsch van Beijnum <iljitsch () muada com> wrote:

> On 18 dec 2007, at 6:37, Steven M. Bellovin wrote:
>
> > In a slightly more realistic vein, a huge address space makes life
> > harder for scanning worms.  As Angelos Keromytis, Bill Cheswick,
> > and I have pointed out, "harder" is by no means equivalent to
> > "impossible", but the myth, new as it is, still propagates.
>
> I'd say that the huge address space makes life impossible for
> scanning worms.

Right, by simple arithmetic.
> That doesn't mean that there can be no successful scanning at all
> with IPv6, but it needs to be highly targeted if you want results the
> same year, so just pumping random numbers in the destination address
> field like SQL slammer did so successfully doesn't cut it in IPv6.

See http://www.cs.columbia.edu/~smb/papers/v6worms.pdf


                --Steve Bellovin, http://www.cs.columbia.edu/~smb