IPv6 Implications for Network Scanning
نویسنده
چکیده
The much larger default 64-bit subnet address space of IPv6 should in principle make traditional network (port) scanning techniques used by certain network worms or scanning tools less effective. While traditional network scanning probes (whether by individuals or automated via network worms) may become less common, administrators should be aware that attackers may use other techniques to discover IPv6 addresses on a target network, and thus they should also be aware of measures that are available to mitigate them. This informational document discusses approaches that administrators could take when planning their site address allocation and management strategies as part of a defence-in-depth approach to network security.
منابع مشابه
Comments : 5157 University of Southampton Category : Informational March 2008 IPv 6 Implications for Network Scanning
The much larger default 64-bit subnet address space of IPv6 should in principle make traditional network (port) scanning techniques used by certain network worms or scanning tools less effective. While traditional network scanning probes (whether by individuals or automated via network worms) may become less common, administrators should be aware that attackers may use other techniques to disco...
متن کاملDon't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy
There is growing operational awareness of the challenges in securely operating IPv6 networks. Through a measurement study of 520,000 dual-stack servers and 25,000 dual-stack routers, we examine the extent to which security policy codified in IPv4 has also been deployed in IPv6. We find several high-value target applications with a comparatively open security policy in IPv6 including: (i) SSH, T...
متن کاملScanning the IPv6 Internet: Towards a Comprehensive Hitlist
Active network measurements constitute an important part in gaining a better understanding of the Internet. Although IPv4-wide scans are now easily possible, random active probing is infeasible in the IPv6 Internet. Therefore, we propose a hybrid approach to generate a hitlist of IPv6 addresses for scanning: First, we extract IPv6 addresses from passive flow data. Second, we leverage publicly a...
متن کاملEnumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones
Security research has made extensive use of exhaustive Internet-wide scans over the recent years, as they can provide significant insights into the overall state of security of the Internet, and ZMap made scanning the entire IPv4 address space practical. However, the IPv4 address space is exhausted, and a switch to IPv6, the only accepted long-term solution, is inevitable. In turn, to better un...
متن کاملPerformance Analysis of IPSec in IPv6 Transition Mechanisms
Internet Protocol version 6 (IPv6) is the next generation Internet Protocol proposed by the Internet Engineering Task Force (IETF) to supplant the current Internet Protocol version 4 (IPv4). Lack of security below the application layer in IPv4 is one of the reasons why there is a need for a new Internet Protocol. IPv6 has built-in support for the Internet Protocol Security protocol (IPSec). IPS...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- RFC
دوره 5157 شماره
صفحات -
تاریخ انتشار 2008