Re: Host scanning in IPv6 Networks

[Steven Bellovin <smb () cs columbia edu>]

Also see https://www.cs.columbia.edu/~smb/papers/v6worms.pdf
(Worm propagation strategies in an IPv6 Internet. ;login:, 
pages 70-76, February 2006.)

On Apr 20, 2012, at 3:08 50AM, Fernando Gont wrote:

> FYI
>
> -------- Original Message --------
> Subject: IPv6 host scanning in IPv6
> Date: Fri, 20 Apr 2012 03:57:48 -0300
> From: Fernando Gont <fgont () si6networks com>
> Organization: SI6 Networks
> To: IPv6 Hackers Mailing List <ipv6hackers () lists si6networks com>
>
> Folks,
>
> We've just published an IETF internet-draft about IPv6 host scanning
> attacks.
>
> The aforementioned document is available at:
> <http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt>
>
> The Abstract of the document is:
> ---- cut here ----
>   IPv6 offers a much larger address space than that of its IPv4
>   counterpart.  The standard /64 IPv6 subnets can (in theory)
>   accommodate approximately 1.844 * 10^19 hosts, thus resulting in a
>   much lower host density (#hosts/#addresses) than their IPv4
>   counterparts.  As a result, it is widely assumed that it would take a
>   tremendous effort to perform host scanning attacks against IPv6
>   networks, and therefore IPv6 host scanning attacks have long been
>   considered unfeasible.  This document analyzes the IPv6 address
>   configuration policies implemented in most popular IPv6 stacks, and
>   identifies a number of patterns in the resulting addresses lead to a
>   tremendous reduction in the host address search space, thus
>   dismantling the myth that IPv6 host scanning attacks are unfeasible.
> ---- cut here ----
>
> Any comments will be very welcome (note: this is a drafty initial
> version, with lots of stuff still to be added... but hopefully a good
> starting point, and a nice reading ;-) ).
>
> Thanks!
>
> Best regards,


                --Steve Bellovin, https://www.cs.columbia.edu/~smb