Penetration Testing mailing list archives
Re: IPv6 Security Scanner
From: Nicob <nicob () nicob net>
Date: Tue, 14 Feb 2006 15:07:34 +0100
Le lundi 13 février 2006 à 20:40 +0000, dgoodrum () nfr com a écrit :
The jist of the project I'm working on started because there is a belief that when IPv6 rolls out, active scanning will become a thing of the past due to the large number of potential addresses on a given subnet. i.e. the smallest IPv6 subnet address range is millions of times larger than the entire IPv4 address range, implying that it will take a VERY VERY long time to scan the full address range. So, rather than actively scan a range looking for hosts to check for vulnerabilities, we're hoping to solve the problem by passively finding IP addresses as soon as they talk on the network and then triggering the scan. Comments on these assertions/ideas are very welcome.
Bellowin, Cheswick and Keromytis just published a paper about which strategies a worm could use to scan a IPv6 network for live hosts : http://www.cs.columbia.edu/~smb/papers/v6worms.pdf -- Nicob Hey, I'm looking for a pen-tester job (France or telecommuting) ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- IPv6 Security Scanner dgoodrum (Feb 13)
- Re: IPv6 Security Scanner Nicob (Feb 15)