[ipv6hackers] Justification for network recon of IPv6 space

Joe Klein jsklein at gmail.com
Fri Sep 25 15:32:27 CEST 2015


I was just reading Network Reconnaissance in IPv6 Networks,
draft-ietf-opsec-ipv6-host-scanning-08,
and must say it is a good read (Nice job Fernando). But it left me with one
question, and that is, Why is Network Reconnaissance still valid in an IPv6
world?

So it was useful during the 80's and 90's to know what was on your network
because at that time, router and DHCP logging sucked, and you wanted to
know who put what on your network. Around 2000, nmap was released and
everyone one that could take a SANS or hacker classes began using it to
scan their and other networks. From a defender's standpoint, this just
added additional noise into the system, increasing logs and making it
harder to identify attackers.

Now we have IPv6, and through the use of private tools available since
2004, and public tools since 2006 (van Hauser rocks!), we have begun seeing
the increase of noise. Small at first, but has been increasing in the last
year.

So my question to the group, who would have value for this information and
for what purpose? Can someone clue me in? Comments?

Joe Klein


More information about the Ipv6hackers mailing list