North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet

  • From: Suresh Ramasubramanian
  • Date: Tue Feb 14 08:13:43 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RtuBlJ9o7YW7I5B7mouXFAK6yVD/9uf71TzvU0qmjCt2nXoKUG90aBaodftt3OLJdS3fyYWepBtUMvz1vNC2LFK5R8MrQwTHoUw1RisJ0rnwyEQOFyfY7Up5aXzcjzVx96ABr7iEJo7pjdGgSJsZX0+IYcAr9iIxk7HPI/7WoP4=
On 2/14/06, Mohacsi Janos <[email protected]> wrote:
> In the 6NET project we identified, that exhaustive search in IPv6 is not
> feasible (e.g. nmap does not support it for IPv6), but there are also

Interesting.  By the way is there a "currently" missing between "not"
and "feasible" there?

Even given the sheer size of v6 space some of the other traits noted
by SMB - like the tendency of network equipment to be clustered in the
first few bits of a /48, and possibly observing new v6 netblocks get
announced and routed might be used by someone to make intelligent
guesses.

And nmap can probably be hacked into doing that kind of scanning.

After all when there's an unlimited number of hosts connected to the
v6 network, all that needs to happen is a small botnet to develop, and
then start to port scan.

The potentially larger number of hosts that can get infected will
probably help do an exhaustive search for you, so that v6 botnets
start small and then grow exponentially in size over time.

I rather suspect that the portscanning will grow to keep pace with the
actual number of v6 connected hosts.

--
Suresh Ramasubramanian ([email protected])