On 15 Jun 2011, at 01:42, Fred Baker wrote: > > On Jun 14, 2011, at 8:30 AM, Suresh Krishnan wrote: > >> RFC5157 IPv6 Implications for Network Scanning > > Personally, I think that RFC has been overtaken by events. Network scans have > been reported in the wild.
I just re-read the abstract and conclusion to 5157, and I think everything stated there still applies. The bit where we stated that we'd not seen traditional network scanning at our own site (to <prefix>::1, <prefix>::2, etc) is the part that has changed - we could now say there is some evidence of such activity. But that doesn't invalidate the advice to - for example - not have your DHCPv6 pools start with <prefix>::1, or the observation that attackers will look at other ways to glean addresses, with some discussion of those. The interesting newly discussed issue since 5157 was published is the possible impact on ND caches of scanning dark space, should such sweeps reach the target subnet/link. WRT the ITU-T doc, I agree it's probably not needed. Tim
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
