Re: Interesting paper by Steve Bellovin - Worm propagation in a v6 internet
On 2/14/06, Mohacsi Janos <mohacsi@niif.hu> wrote:
In the 6NET project we identified, that exhaustive search in IPv6 is not feasible (e.g. nmap does not support it for IPv6), but there are also
Interesting. By the way is there a "currently" missing between "not" and "feasible" there? Even given the sheer size of v6 space some of the other traits noted by SMB - like the tendency of network equipment to be clustered in the first few bits of a /48, and possibly observing new v6 netblocks get announced and routed might be used by someone to make intelligent guesses. And nmap can probably be hacked into doing that kind of scanning. After all when there's an unlimited number of hosts connected to the v6 network, all that needs to happen is a small botnet to develop, and then start to port scan. The potentially larger number of hosts that can get infected will probably help do an exhaustive search for you, so that v6 botnets start small and then grow exponentially in size over time. I rather suspect that the portscanning will grow to keep pace with the actual number of v6 connected hosts. -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Tue, 14 Feb 2006 18:42:33 +0530, Suresh Ramasubramanian said:
After all when there's an unlimited number of hosts connected to the v6 network, all that needs to happen is a small botnet to develop, and then start to port scan.
The potentially larger number of hosts that can get infected will probably help do an exhaustive search for you, so that v6 botnets start small and then grow exponentially in size over time.
OK.. let's say we have a /48 allocated to an end site, and their router falls over at 1Mpps. The exhaustive search will completely clog their pipe for (2 ** (128 - 48))/1000000 seconds, or approximately 38,334,786,263 *years*. (That 2**80 is *huge*, a lot bigger than people think...) Even the most dim-witted site will notice after a day or two of this. And that's why a worm would have to use techniques like Steve and fiends wrote about.
participants (2)
-
Suresh Ramasubramanian
-
Valdis.Kletnieks@vt.edu