RE: IPv6 Advertisements

• From: Barry Greene (bgreene)
• Date: Wed May 30 09:56:12 2007

• Authentication-results: sj-dkim-8; [email protected]; dkim=pass ( sig from cisco.com/sjdkim8002 verified; );
• Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=876; t=1180533170; x=1181397170; c=relaxed/simple; s=sjdkim8002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; [email protected]; z=From:=20=22Barry=20Greene=20\(bgreene\)=22=20<[email protected]> |Subject:=20RE=3A=20IPv6=20Advertisements |Sender:=20; bh=ieKhb4MOC2yU9SbkwD9BjccRvEUiKn0fai9vQg3tCko=; b=RlMxM+0enu7O1g3QKVAr6mnotnrXt34mz8y1R/9udoN63NJzXy1j3j+lMJeg4xnoj/AuF83T ohkkk1CP3VxsNp7qW18JUM1kltfM5M0yeGph2Pp0Z1RQC+v+TQJFws0r;

 

> > This assumes a single machine scanning, not a botnet of 
> 1000 or even 
> > the 1.5m the dutch gov't collected 2 yrs ago.
> > Again, a sane discussion is in order. Scanning isn't AS 
> EASY, but it 
> > certainly is still feasible,
> With 1.5 million hosts it will only take 3500 years... for a 
> _single_ /64!
> 
> I'm not sure that's what I would call feasible.

I would call that not understanding today's security world. "Scanning"
is not the primary mode of looking for vulnerabilities today. There are
several more effective "come here and get infected" and "click on this
attachment and get infected" techniques. 

What scanning that does go on today usually not the "lets scan the
Internet." No money in it. You target your scans to the address ranges
of the sites you are trying to mine (i.e. build BOTNETs) or go after.

• Follow-Ups:
  • RE: IPv6 Advertisements Donald Stahl

• References:
  • Re: IPv6 Advertisements JORDI PALET MARTINEZ
  • Re: IPv6 Advertisements Chris L. Morrow
  • Re: IPv6 Advertisements Donald Stahl

• Prev by Date: Re: why same names, was Re: NANOG 40 agenda posted
• Next by Date: Re: IPv6 Deployment (Was: Re: NANOG 40 agenda posted)
• Date Index
• Thread Index
• Author Index
• Historical