North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: a record?

  • From: Gadi Evron
  • Date: Mon Nov 14 18:25:00 2005

Jeroen Massar wrote:
Gadi Evron wrote:

Other solution: disable IPv4 SSH and enable the IPv6 one, no scanning on
that plane ;)
Enjoy scanning, even I and I guess the rest of this list will be long
time retired and sipping pina coladas and other good stuff (hot
chocolate milk with whipcream and baileys anyone? :) in hawaii or some
other heavenly place the day that the hardware and pipes are available
to scan a single /64 efficiently.

It's easier & faster to google or use logs* for working hosts ;)


* = maybe RFC3041 does have a use as that makes these IP's 'random' and
thus sort of useless unless one attacks directly...
Not to start a huge pointless discussion, but I have a few thoughts on this:

You don't have to scan an entire /64 ( :) ).

You can sniff network traffic and see what IP addresses you see, then scan only close ranges to those.
You can create a DB or download one, with addresses of known used spaces.

You can throw out thousands of random packets, finding used spaces.

You can do a lot of things, some smarter and mathematical, others just sensible. If I could come up with 3 silly solutions in 2 seconds, I bet the Bad Guys will do far better when the time comes, if it ever does. I am of a mind that we need IPv-NEXT-ONE (or whatever) to deal with actual problems before we undertake IPv6, but that's just an opinion and therefore completely wrong.

Don't count any of today's trouble out.. even if we all did use IPv6. Besides, with IPv6 it is my understanding we will have far larger issues to contend with.