Hi, Jimmy, On 04/20/2012 09:22 PM, Jimmy Hess wrote: > The mathematical argument in the draft doesn't really work, because > it's too focused on there being "one specific site" that can be > scanned.
Not sure what you mean. Clearly, in the IPv6 world you'd target specific networks. How could you know which networks to scan? -- Easy: the attacker is targeting a specific organization, are you gather possible target networks as this information leaks out all too often (e-mail headers, etc.). > You can't just "pick a random 120 bit number" and have a good chance > of that random IP happening to be a live host address. That would be pretty much a "brute force" attack, and the argument in this paper is that IPv6 host-scanning attacks will not be brute force (as we know them). > The draft is unconvincing. The expected result is there will be very > little preference for scanning, and those that will be launching > attacks against networks will be utilizing simpler techniques that > are still highly effective and do not require scanning. Not sure what you mean. Could you please clarify? > Such as the exploit of vulnerable HTTP clients who _navigate to the > attacker controlled web page_, walking directly into their hands, > instead of worms "searching for needles in haystacks". Well, this is part of alternative scanning techniques, which so far are not the subject of this draft. Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1