[ipv6hackers] IPv6 host scanning in IPv6

Marc Heuse mh at mh-sec.de
Fri Apr 20 09:32:16 CEST 2012

Hi Fernando!

Am 20.04.2012 08:57, schrieb Fernando Gont:
> We've just published an IETF internet-draft about IPv6 host scanning
> attacks.
> The aforementioned document is available at:
> <http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt>

in chapter 4, the distribution is not what I have seen, neither at
customers, nor DNS analysis (host scanning results are biased of course
and therefore not valid as comparison). 2008 - so four years ago - the
IPv6 internet was different from what it is today, and the same will be
the case four years in the future. but thats rather a marginal thing I

the "abuse scan" mentioned by [Ybema2010] was most likely my scan I did
on the IPv6 internet to perform a statistical analysis to optimize
further ipv6 pentests (some rough results being in my ipv6 presentations
from 2010-2011).
I had some people complaining that they got something like 50k packets
per minute (which means they were on a slow connection... ;-) )
(everyone who sent my ISP a "we dont want that" email got on the
blacklist for future scans of course)

at my presentations at the coming conferences (HITB Kuala Lumpur in
October, H2HC Sao Paulo in October and Hackingzone Cali in November) I
will show all remote and local host detection techniques I have found
and developed, and a little later the tool which does that will finally
be released with a big update to thc-ipv6 with a lots of new tools and
attacks. (in my trainings already includes all this stuff)


P.S. the reference date for Ybema2010 is wrong:
August 2011 - but URL says /nanog/2010-September/

Marc Heuse

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list