[ale] hack attempts

James Baldwin jbaldwin at antinode.net
Sat Feb 12 14:33:44 EST 2005


On 11 Feb 2005, at 20:19, Michael H. Warfield wrote:

> IPv6 EUI (local host) addresses have the same bit space as an md5
> checksum and we rely on people NOT being able to forge md5 sums  
> OFF-LINE
> (and scanning would have to be ON-LINE and very noisy).

Yes, its is very noisy but without anomaly detection at the edge, that  
is at the source end, it will be more difficult to detect this if the  
scanner isn't targeting a specific range. That is to say,  
administrative boundaries will make termination of the scanner much  
more difficult unless there is detection near the source. This isn't  
difficult it just needs to become standard operating procedure to  
monitor outbound client traffic. Note, I am not yet making an argument  
for or against the practicality of IPv6 scanning, just noting that I  
doubt people will stop IPv6 scanning regardless of its practicality or  
impracticality unless an interruption is caused by the provider.

> Not a prayer.  16 billion billion addresses in each subnet.  THINK
> ABOUT IT.  Not a prayer.  Not even for a stage three civilization
> spanning the galaxy.  How are you going to drive the host density on a
> single subnet high enough to be worth while to be scanned?

You do not have to scan 16 billion billion addresses. The prevalence of  
convenient numbering schemes, autoconfiguration, the near term  
necessity of dual-stack networks, and the local subnets can quickly  
reduce the size of the range intended for scanning.

http://www.6net.org/publications/standards/draft-chown-v6ops-port- 
scanning-implications-00.txt

Tim Chown suggests that in the instance of IPv6 autoconfiguration these  
ranges can be reduce to as much as 24 bits.

Aside from that, I agree. I doubt scanning of IPv6 ranges will ever  
become a viable mean for locating target hosts and my response was more  
a qualification of that statement rather than an argument for the  
practicality of scanning IPv6 ranges.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list