Hi, Jimmy, On 04/20/2012 09:22 PM, Jimmy Hess wrote:
The mathematical argument in the draft doesn't really work, because it's too focused on there being "one specific site" that can be scanned.
Not sure what you mean. Clearly, in the IPv6 world you'd target specific networks. How could you know which networks to scan? -- Easy: the attacker is targeting a specific organization, are you gather possible target networks as this information leaks out all too often (e-mail headers, etc.).
You can't just "pick a random 120 bit number" and have a good chance of that random IP happening to be a live host address.
That would be pretty much a "brute force" attack, and the argument in this paper is that IPv6 host-scanning attacks will not be brute force (as we know them).
The draft is unconvincing. The expected result is there will be very little preference for scanning, and those that will be launching attacks against networks will be utilizing simpler techniques that are still highly effective and do not require scanning.
Not sure what you mean. Could you please clarify?
Such as the exploit of vulnerable HTTP clients who _navigate to the attacker controlled web page_, walking directly into their hands, instead of worms "searching for needles in haystacks".
Well, this is part of alternative scanning techniques, which so far are not the subject of this draft. Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1