North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
On Tue, 14 Feb 2006 18:42:33 +0530, Suresh Ramasubramanian said: > After all when there's an unlimited number of hosts connected to the > v6 network, all that needs to happen is a small botnet to develop, and > then start to port scan. > > The potentially larger number of hosts that can get infected will > probably help do an exhaustive search for you, so that v6 botnets > start small and then grow exponentially in size over time. OK.. let's say we have a /48 allocated to an end site, and their router falls over at 1Mpps. The exhaustive search will completely clog their pipe for (2 ** (128 - 48))/1000000 seconds, or approximately 38,334,786,263 *years*. (That 2**80 is *huge*, a lot bigger than people think...) Even the most dim-witted site will notice after a day or two of this. And that's why a worm would have to use techniques like Steve and fiends wrote about. Attachment:
pgp00006.pgp
|