[ipv6hackers] Scanning for IPv6 addresses embedding TCP/UDP service ports

Andrew Yourtchenko ayourtch at gmail.com
Tue Feb 26 01:06:47 CET 2013


On Fri, Feb 22, 2013 at 2:39 PM, S.P.Zeidler <spz at serpens.de> wrote:
> Thus wrote Fernando Gont (fgont at si6networks.com):
>
>> On 02/22/2013 09:35 AM, S.P.Zeidler wrote:
>>
>> draft-ietf-6man-stable-privacy-addresses would have taken care of that ;-)
>
> Implementing that might be a nice GSoC project. Is there prior art?

FWIW, just to add to the picture - you might also look at
http://tools.ietf.org/html/draft-yourtchenko-humansafe-ipv6-00 - it's
a different approach, but has a running code with it (though I need to
fix a couple of bugs in it). As a free bonus to scan-resistance you
get a protection against corruption when using telnet-over-the-phone.
(and 8 ASCII chars for an arbitrary service name to store).

There's also running code in TCL for cisco IOS to do the same
transformation on-device.

--a

>
>> > The service only uses its
>> > special address, but the server has a "chassis address" additionally
>> > too, so I could migrate one service from one server to the next without
>> > needing to touch other services (or the zone).
>>
>> Understood. -- For curiosity sake: the "chassis address" is a "lowbyte"
>> address, IPv4-based address, SLAAC, or something else?
>
> At present bog standard SLAAC.
>
> regards,
>         spz
> --
> spz at serpens.de (S.P.Zeidler)
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers



More information about the Ipv6hackers mailing list