On Jan 25, 2011, at 8:58 AM, Patrick Sumby wrote:
On 24/01/2011 22:41, Michael Loftis wrote:
On Mon, Jan 24, 2011 at 1:53 PM, Ray Soucy<rps@maine.edu> wrote:
Many cite concerns of potential DoS attacks by doing sweeps of IPv6 networks. I don't think this will be a common or wide-spread problem. The general feeling is that there is simply too much address space for it to be done in any reasonable amount of time, and there is almost nothing to be gained from it.
The problem I see is the opening of a new, simple, DoS/DDoS scenario. By repetitively sweeping a targets /64 you can cause EVERYTHING in that /64 to stop working by overflowing the ND/ND cache, depending on the specific ND cache implementation and how big it is/etc. Routers can also act as amplifiers too, DDoSing every host within a multicast ND directed solicitation group (and THAT is even assuming a correctly functioning switch thats limiting the multicast travel)
I love this term... "repetitively sweeping a targets /64". Seriously? Repetitively sweeping a /64? Let's do the math... 2^64 = 18,446,744,073,709,551,616 IP addresses. Let's assume that few networks would not be DOS'd by a 1,000 PPS storm coming in so that's a reasonable cap on our scan rate. That means sweeping a /64 takes 18,446,744,073,709,551 sec. (rounded down). There are 86,400 seconds per day. 18,446,744,073,709,551 / 86,400 = 213,503,982,334 days. Rounding a year down to 365 days, that's 584,942,417 years to sweep the /64 once. If we increase our scan rate to 1,000,000 packets per second, it still takes us 584,942 years to sweep a /64. I don't know about you, but I do not expect to live long enough to sweep a /64, let alone do so repetitively. Owen