nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

From: Roland Dobbins <rdobbins () arbor net>
Date: Wed, 26 Jan 2011 09:29:34 +0700

On Jan 26, 2011, at 8:12 AM, Fernando Gont wrote:


Also, the claim that "IPv6 address scanning is impossible" is generally based on the (incorrect) assumption that host 
addresses are spread
(randomly) over the 64-bit IID. -- But they usually aren't.


It also doesn't take into account hinted scanning via routing table lookups, whois lookups, and walking reverse DNS, 
not to mention making use of ND mechanisms once a single box on a given subnet has been successfully botted.

------------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.

                          -- Alan Kay
Previous By Date Next
Previous By Thread Next

Current thread: