Home page logo
/

nanog logo nanog mailing list archives

RE: just seen my first IPv6 network abuse scan, is this the startfor more?
From: "Jamie Bowden" <jamie () photon com>
Date: Tue, 7 Sep 2010 09:03:12 -0400

Forgive the top posting, but Lookout is the corporate standard.

Now, on to the topic at hand.  Why would you scan the address space in
the first place?  Wouldn't it be easier to compromise a known host and
look at the ARP table?  Or better yet, the router on the edge?  If it's
moving packets, something on the network has mapped the MAC address to
its IP at some point.

Jamie

-----Original Message-----
From: Dobbins, Roland [mailto:rdobbins () arbor net] 
Sent: Friday, September 03, 2010 3:42 PM
To: NANOG list
Subject: Re: just seen my first IPv6 network abuse scan, is this the
startfor more?


On Sep 4, 2010, at 12:19 AM, Steven Bellovin wrote:

See http://www.cs.columbia.edu/~smb/papers/v6worms.pdf

I've seen it and concur with regards to worms (which don't seem to be
very popular, right now, excepting the 'background radiation' of old
Code Red, Nimda, Blaster, Nachi, SQL Slammer, et. al. hosts).  I believe
that hinted scanning is still viable, and I'd argue that the experience
of the OP who kicked off this thread is an indication of same.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

               Sell your computer and buy a guitar.







  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]