[nsp-sec] IPv6 bad actors ??
Gert Doering
gert at greenie.muc.de
Wed Mar 14 11:49:14 EDT 2012
Hi,
On Tue, Mar 13, 2012 at 03:14:10PM +0000, John Brown wrote:
> With IPv6 become more prevalent, what sort of IPv6 attack vectors are people seeing??
> I see lists of IPv4 stuff, but hardly ever see IPv6 address space show up.
> I've got to believe that bad actors are actively probing v6 networks and devices.
We've seen a handful of IPv6 "network scans" - not the full /64, of course,
but some of the addresses that people would manually config, like
$prefix::1, $prefix::2, $prefix::3...
$prefix::1:1, $prefix::1:2, $prefix::1:3...
and then there have been some "routing header" probes trying to send
packets through our networks that are readlly destined elsewhere.
Everything with very low frequency, like "once a month" or so.
(I'd certainly welcome to see at least *some* SPAM over IPv6, to help
anti-spam and blacklist providers to get their systems adjusted...)
gert
--
Gert Doering
SpaceNet AG, AS 5539, gert at space.net. PGP-KeyID: 0x65514975
Also reachable via gert at greenie.muc.de and gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20120314/63c2659b/attachment-0001.sig>
More information about the nsp-security
mailing list