nanog mailing list archives

Re: Host scanning in IPv6 Networks

From: Steve Clark <sclark () netwolves com>
Date: Fri, 20 Apr 2012 10:24:25 -0400

On 04/20/2012 08:17 AM, Tei wrote:

It would be a very fast dictionary attack :D

accede
bade
dad
decade
face
axed
babe
deaf
bed
Abe
bee
Decca
exec
fade
bead
bedded
deed
exceed
Abba
deface
efface
feed


On 20 April 2012 09:08, Fernando Gont<fernando () gont com ar>  wrote:

FYI

-------- Original Message --------
Subject: IPv6 host scanning in IPv6
Date: Fri, 20 Apr 2012 03:57:48 -0300
From: Fernando Gont<fgont () si6networks com>
Organization: SI6 Networks
To: IPv6 Hackers Mailing List<ipv6hackers () lists si6networks com>

Folks,

We've just published an IETF internet-draft about IPv6 host scanning
attacks.

The aforementioned document is available at:
<http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt>

The Abstract of the document is:
---- cut here ----
   IPv6 offers a much larger address space than that of its IPv4
   counterpart.  The standard /64 IPv6 subnets can (in theory)
   accommodate approximately 1.844 * 10^19 hosts, thus resulting in a
   much lower host density (#hosts/#addresses) than their IPv4
   counterparts.  As a result, it is widely assumed that it would take a
   tremendous effort to perform host scanning attacks against IPv6
   networks, and therefore IPv6 host scanning attacks have long been
   considered unfeasible.  This document analyzes the IPv6 address
   configuration policies implemented in most popular IPv6 stacks, and
   identifies a number of patterns in the resulting addresses lead to a
   tremendous reduction in the host address search space, thus
   dismantling the myth that IPv6 host scanning attacks are unfeasible.
---- cut here ----

Any comments will be very welcome (note: this is a drafty initial
version, with lots of stuff still to be added... but hopefully a good
starting point, and a nice reading ;-) ).

Thanks!

Best regards,

exec ?
exceed ?


--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark () netwolves com
http://www.netwolves.com

Current thread:

Fwd: Host scanning in IPv6 Networks Fernando Gont (Apr 20)
- Re: Host scanning in IPv6 Networks Tei (Apr 20)
  - Re: Host scanning in IPv6 Networks Steve Clark (Apr 20)
    - Re: Host scanning in IPv6 Networks Owen DeLong (Apr 20)
    - Re: Host scanning in IPv6 Networks Tei (Apr 24)
- Re: Host scanning in IPv6 Networks Steven Bellovin (Apr 20)
  - Re: Host scanning in IPv6 Networks Jimmy Hess (Apr 20)
    - Re: Host scanning in IPv6 Networks Fernando Gont (Apr 20)
- <Possible follow-ups>
- Re: Host scanning in IPv6 Networks Scott Weeks (Apr 20)