[nsp-sec] IPv6 bad actors ??
Dario Ciccarone
dciccaro at cisco.com
Wed Mar 14 15:49:58 EDT 2012
Gert:
Same question I asked Eli - you mention IPv6 traffic w/ RH headers -
I assume you mean RH0 w/ segleft > 0 ? And how did you became aware of
it - classification/filtering ACLs, or IDS/IPS signatures?
Thanks,
Dario
On 3/14/12 11:49 AM, Gert Doering wrote:
> ----------- nsp-security Confidential --------
>
>
>
> Hi,
>
> On Tue, Mar 13, 2012 at 03:14:10PM +0000, John Brown wrote:
>> With IPv6 become more prevalent, what sort of IPv6 attack vectors are people seeing??
>> I see lists of IPv4 stuff, but hardly ever see IPv6 address space show up.
>> I've got to believe that bad actors are actively probing v6 networks and devices.
> We've seen a handful of IPv6 "network scans" - not the full /64, of course,
> but some of the addresses that people would manually config, like
>
> $prefix::1, $prefix::2, $prefix::3...
> $prefix::1:1, $prefix::1:2, $prefix::1:3...
>
> and then there have been some "routing header" probes trying to send
> packets through our networks that are readlly destined elsewhere.
>
> Everything with very low frequency, like "once a month" or so.
>
> (I'd certainly welcome to see at least *some* SPAM over IPv6, to help
> anti-spam and blacklist providers to get their systems adjusted...)
>
> gert
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list