[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

just seen my first IPv6 network abuse scan, is this the start for more?

Subject: just seen my first IPv6 network abuse scan, is this the start for more?
From: igor at ergens.org (Igor Ybema)
Date: Fri, 3 Sep 2010 14:02:21 +0200
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

> Sheng Jiang has discussed this issue in his draft:
> http://tools.ietf.org/html/draft-jiang-v6ops-nc-protection-01

If I understand the RFC correctly it is based on an attack within the
same subnet. Looks a lot like arp-flooding.

However this scan was from a external host. The only traffic I saw on
the subnet was normal/valid NA lookups from the router towards an
increasing IPv6-address (starting with ::1, then ::2 etc). On the
router side I clearly saw the icmp traffic from the source doing a
scan on these destination hosts. None of these IPv6 addresses are
alive so no succes in scanning for comprised machines.

regards, Igor

Follow-Ups:
- just seen my first IPv6 network abuse scan, is this the start for more?
  - From: rdobbins at arbor.net (Dobbins, Roland)
- just seen my first IPv6 network abuse scan, is this the start for more?
  - From: matthias.flittner at de-cix.net (Matthias Flittner)

References:
- just seen my first IPv6 network abuse scan, is this the start for more?
  - From: igor at ergens.org (Igor Ybema)
- just seen my first IPv6 network abuse scan, is this the start for more?
  - From: matthias.flittner at de-cix.net (Matthias Flittner)

Prev by Date: just seen my first IPv6 network abuse scan, is this the start for more?
Next by Date: ISP port blocking practice
Previous by thread: just seen my first IPv6 network abuse scan, is this the start for more?
Next by thread: just seen my first IPv6 network abuse scan, is this the start for more?
Index(es):
- Date
- Thread