Hi, Tim, On 04/20/2012 04:22 AM, Tim Chown wrote: >> On 04/18/2012 05:55 PM, Bob Hinden wrote: >>> This is an area I would like to know more about, and it would be >>> good to quantify the problem. >> >> I've just posted this drafty I-D, which hopefully shed some light >> on the subject (or triggers further discussion): >> <http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt> > > Don't forget RFC5157, which talks about other ways addresses can be > gleaned,
Yes, as noted in Section 1 of the I-D, this is a very drafty version, pushed out to answer Bob's question. :-) -- There's lots of stuff that still needs to be added. > The ND cache exhaustion issue is also linked in to the scanning > topic. Yep. Note: Some text present in the document on which draft-gont-opsec-ipv6-host-scanning is based has been deliberately excluded from draft-gont-opsec-ipv6-host-scanning-00: the aforementioned document on which this draft is based was mostly about *designing* a port scanner, and targeted a different audience. (e.g., draft-ietf-v6ops-v6nd-problems was being referenced in a section about "selecting the probe rate"). P.S.: I will try to incorporate some of the missing stuff, and rev shortly -- in any case, I felt it was more productive to submit this drafty version of the draft, than answering Bob's question/request with a two-liner in an e-mail. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
