On Mon, Dec 9, 2013 at 1:10 AM, Hey, Lukas (KRZ) <[email protected]> wrote: > I have a /64 network at home. Do you want to scan 2^64 IPs > (18,446,744,073,709,551,616) to get the IP currently used by the laptop which > is changed via the IPv6 privacy extension? The only machine having a fixed > public IPv6 address, is the IPv6 Gateway. And this one has ip6tables :-)
This is security by obscurity. And no, you don't have 2^48 different IPv6 even with the Privacy extension enabled. You have at most 2^48 (the MAC address, from which is derived the IPv6, is 48 bits long). >From this MAC address you can remove all the non attributed prefixes (widely available). And you can certainly only target the prefixes that have been allocated to domestic network cards. You could well be under 2^32 with that. And we all know here that scanning 2^32 is fairly easy nowadays. -- Jérémie MARGUERIE -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAKS89GpstTE=ucm-5_3voaaofvu9_yjoduddufdajwzutev...@mail.gmail.com
