[LAC-TF] IPv6 host scanning in IPv6
Fernando Gont
fgont at si6networks.com
Fri Apr 20 03:21:20 BRT 2012
Estimados,
Acabo de publicar un drafty draft ;-) sobre IPv6 host scanning.
El mismo se encuentra disponible en:
<http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt>
El abstract del mismo dice:
---- cut here ----
IPv6 offers a much larger address space than that of its IPv4
counterpart. The standard /64 IPv6 subnets can (in theory)
accommodate approximately 1.844 * 10^19 hosts, thus resulting in a
much lower host density (#hosts/#addresses) than their IPv4
counterparts. As a result, it is widely assumed that it would take a
tremendous effort to perform host scanning attacks against IPv6
networks, and therefore IPv6 host scanning attacks have long been
considered unfeasible. This document analyzes the IPv6 address
configuration policies implemented in most popular IPv6 stacks, and
identifies a number of patterns in the resulting addresses lead to a
tremendous reduction in the host address search space, thus
dismantling the myth that IPv6 host scanning attacks are unfeasible.
---- cut here ----
Cualquier comentario será mas que bienvenido.
FWIW, la solución al problema de host-scanning "tradicional" es, IMO:
[I-D.gont-6man-stable-privacy-addresses]
Gont, F., "A method for Generating Stable Privacy-Enhanced
Addresses with IPv6 Stateless Address Autoconfiguration
(SLAAC)", draft-gont-6man-stable-privacy-addresses-01
(work in progress), March 2012
Saludos cordiales, y gracias!
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the LACTF
mailing list