[ipv6hackers] Zmap

Sun Sep 1 22:33:22 CEST 2013

Thanks for the mention, Merike.  We're still doing work on improving those
heuristics (and on making a better publication).

Everyone, please feel free to let me know if you're interested in results
or collaboration.

On Sun, Sep 1, 2013 at 1:44 PM, Merike Kaeo
<merike at doubleshotsecurity.com>wrote:

> Also check out work by Richard Barnes and his colleagues:
>
> http://www.caida.org/workshops/isma/1202/slides/aims1202_rbarnes.pdf
>
> "Nothing's impossible only mathematically improbable" ( I think
> attributable to the Avengers) - the math changes as new mechanisms of
> intelligence are realized.
>
> - merike
>
>
> On Aug 31, 2013, at 6:46 PM, Joe Klein wrote:
>
> > See my presentation I gave at gogonet last year.
> >
> >
> >
> >
> > Joe Klein
> > Cell: (703) 594-1419
> > jsklein at gmail.com
> >
> >
> > On Sat, Aug 31, 2013 at 9:09 PM, <bmanning at vacation.karoshi.com> wrote:
> >
> >>
> >> people have been scanning the entire v4 address space for nearly two
> >> decades.  (I think I was
> >> the first to do an exaustive scan)  Zmap is fraught with the primary
> >> problem of scanning, in
> >> that it is -very- noticable and will be blocked by even semi-comatose
> >> network admins.
> >>
> >> For those of us in the research space, scanning v6 presents some novel
> >> challanges.  v4 techniques
> >> are not readily convertable to the v6 universe.  that said, there are a
> >> couple of projects which
> >> show promise for low cost, minimal impact scanning of IPv6.   We should
> >> see early results
> >> soon.
> >>
> >> /bill
> >>
> >>
> >>
> >> On Sat, Aug 31, 2013 at 11:57:11PM +0000, Jim Small wrote:
> >>> zmap is an interesting tool which allows scanning all public IPv4
> >> addresses (IPv4 Internet) in about 45 minutes:
> >>> https://zmap.io/
> >>>
> >>>
> >>> To quote from Tech Week Europe<
> >> http://www.techweekeurope.co.uk/news/zmap-internet-scan-zero-day-125374
> >:
> >>>
> >>> The tool is only possible because the Internet is currently all
> squeezed
> >> into the (comparatively) small IP version 4 (IPv4) address space,
> leaving
> >> empty the much larger IP version 6 (IPv6) address space, where a brute
> >> force scan would be impossible using current hardware.  "We are living
> in a
> >> unique period", the researchers said in their talk. "IPv4 can be
> quickly,
> >> exhaustively scanned - IPv6 has not yet been widely deployed."
> >>>
> >>> I found this interesting because from a security vantage point you
> could
> >> argue that IPv6 is superior in the sense that you can't brute force
> scan it
> >> (Entire IPv6 Internet) whereas with IPv4 you can.  Do you think this
> >> constitutes an IPv6 advantage?
> >>>
> >>> --Jim
> >>>
> >>> _______________________________________________
> >>> Ipv6hackers mailing list
> >>> Ipv6hackers at lists.si6networks.com
> >>> http://lists.si6networks.com/listinfo/ipv6hackers
> >> _______________________________________________
> >> Ipv6hackers mailing list
> >> Ipv6hackers at lists.si6networks.com
> >> http://lists.si6networks.com/listinfo/ipv6hackers
> >>
> > _______________________________________________
> > Ipv6hackers mailing list
> > Ipv6hackers at lists.si6networks.com
> > http://lists.si6networks.com/listinfo/ipv6hackers
> >
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>