nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: just seen my first IPv6 network abuse scan, is this the start for more?

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Fri, 3 Sep 2010 10:46:17 +0000

On Sep 3, 2010, at 5:14 PM, Igor Ybema wrote:


I discovered a external IPv6 host was doing a (rather useless due to the amount of addresses) IPv6 ICMP scan on our 
network recurring daily and mostly during the nights, sometimes with speeds of 1000 scans per second.


Not necessarily so useless, as it was hitting your boxen, eh?

;>

Plus, setting bots to go scan isn't very labor-intensive.  All the talk about how scanning isn't viable in IPv6-land 
due to large netblocks doesn't take into account the benefits of illicit automation.

Note that hinted scanning, based upon DNS treewalking and so forth, is a useful refinement.


Due to the ammount of IPv6 neighbor discoveries from our routers resulting from this scan the Neighbour table 
overflow messages appeared on the machines.



Any noticeable effect on router CPU?

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

               Sell your computer and buy a guitar.
Previous By Date Next
Previous By Thread Next

Current thread: