North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
> On Wed, 15 Feb 2006, Mark Andrews wrote: > > > One of method missing is doing top down random walks of ip6.arpa. > > That's only easy if delegation were on a per-nybble basis, which is commonly > not the case. Because there are not typically NS's at every nybble level, > you have to do more than one hex digit's worth of randomness in the scan in > order to find a next-level delegation, increasing the cost of scanning that > namespace quite a bit. > > (Having delegations at every nybble level would be ... alarming at best, > given the amount of PTR redirection that implies. :) > > -- > -- Todd Vierling <[email protected]> <[email protected]> <[email protected]> A simple demonstation program. Don't run it for too long as we don't really want to beat on WIDE's servers. Mark #!/bin/sh qname=1.0.0.2.ip6.arpa depth=4 try() { local newqname local oldqname local l oldqname=$qname for l in 0 1 2 3 4 5 6 7 8 9 a b c d e f do newqname=$l.$oldqname echo trying $newqname dig +noques ptr $newqname > /tmp/$$xxx grep PTR /tmp/$$xxx if grep NOERROR /tmp/$$xxx > /dev/null then qname=$newqname if test $depth -lt 31 then depth=`expr $depth + 1` try depth=`expr $depth - 1` fi fi done qname=$oldqname } try -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected]
|