Hi, Daniel,
On 7/2/23 21:20, Daniel Marks via NANOG wrote:
Anecdotal but I've seen hacked AWS accounts with Cloudformation scripts
to create and destroy lots of tiny instances to rotate through IPv4
addresses.
As with everything, the question is always "what's the level of effort
that is required".
If an attacker is given the option to:
1) Hack an AWS account, and then script the creation of through-away VMs
just to be able to change the IP address each time, or,
2) Stay on the same machine, and be able to (even legitimately) use
2**64 addresses without even the need to hack any terraform scripts
They will probably go for #2. And aside of their choices, #1 requires
more skills than #2.
Being able to rotate through IP addresses is not a new thing,
I'm sure we all have networks in mind when we think of garbage/malicious
traffic just over IPv4 alone.
The difference is in the scale at which this is possible with IPv6, and
how high (or low) the bar is to do it.
There are some strange implementations of IPv6 that end up having a lot
of dissociated users grouped together in a /64 (i.e. Linode, AT&T
Wireless, etc)
Therein probably lies some good advice .. i.e., that to the extent that
is possible, folks refrain from sharing the same /64 across
unrelated/disassociated users.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fg...@si6networks.com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494
