On 15/12/12 22:42, Jeremy Kitchen wrote:
> On Sat, Dec 15, 2012 at 08:44:28PM +0000, Chris Dennis wrote:
>> On 15/12/12 18:46, Jeremy Kitchen wrote:
>>> That's 2**64 ips. Or the equivalent of the current internet. Squared.
>>> 18446744073709551615 IP addresses. Assuming you could test for a port
>>> being responsive with just a single packet, and assuming each packet is
>>> a single byte (which it's not, by a long shot), that's 16 EXAbytes of
>>> outbound traffic.
>>
>> I'm not sure that's true. Scanners won't just try to guess a
>> server's address when it's publicly available. For example:
>>
>> $ dig -t aaaa ipv6.he.net
>> <snip>
>> ;; ANSWER SECTION:
>> ipv6.he.net. 86246 IN AAAA 2001:470:0:64::2
>>
>> which reveals the exact address to target.
>
> Right, which means they have to start fuzzing your dns info (or just
> grab a zone transfer if your server is set up improperly)
>
> It makes it a more targeted attack than just scanning all of the IPs on
> the internet for vulnerable points.
>
> I really wish I could remember where I heard/read about this. It
> discusses the dns discovery and everything.
>
> -Jeremy
Here's one interesting document on the subject:
http://www.ietf.org/rfc/rfc5157.txt
One thing that struck me from a quick reading of that was the use of
logfiles for collecting IPv6 addresses. If I set up a website with
something tempting on it, I could then extract the IP addresses of
visitors, and sell them to would-be attackers, in the same way that
people sell lists of email addresses to spammers.
So yes, attacking IPv6 addresses is harder than with IPv4, but it's
certainly not impossible.
cheers
Chris
--
Chris Dennis cgdennis@???
Fordingbridge, Hampshire, UK
