15 Dec
2012
15 Dec
'12
10:42 p.m.
On Sat, Dec 15, 2012 at 08:44:28PM +0000, Chris Dennis wrote:
On 15/12/12 18:46, Jeremy Kitchen wrote:
Right, which means they have to start fuzzing your dns info (or just
grab a zone transfer if your server is set up improperly)
It makes it a more targeted attack than just scanning all of the IPs on
the internet for vulnerable points.
I really wish I could remember where I heard/read about this. It
discusses the dns discovery and everything.
-Jeremy
That's 2**64 ips. Or the equivalent of the
current internet. Squared.
18446744073709551615 IP addresses. Assuming you could test for a port
being responsive with just a single packet, and assuming each packet is
a single byte (which it's not, by a long shot), that's 16 EXAbytes of
outbound traffic.
I'm not sure that's true. Scanners won't just try to guess a
server's address when it's publicly available. For example:
$ dig -t aaaa ipv6.he.net
<snip>
;; ANSWER SECTION:
ipv6.he.net. 86246 IN AAAA 2001:470:0:64::2
which reveals the exact address to target.