Browse Prior Art Database

IPv6 Implications for Network Scanning (RFC5157)

IP.com Disclosure Number: IPCOM000169394D
Original Publication Date: 2008-Mar-01
Included in the Prior Art Database: 2008-Apr-15
Document File: 14 page(s) / 29K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

T. Chown: AUTHOR

Abstract

The much larger default 64-bit subnet address space of IPv6 should in principle make traditional network (port) scanning techniques used by certain network worms or scanning tools less effective. While traditional network scanning probes (whether by individuals or automated via network worms) may become less common, administrators should be aware that attackers may use other techniques to discover IPv6 addresses on a target network, and thus they should also be aware of measures that are available to mitigate them. This informational document discusses approaches that administrators could take when planning their site address allocation and management strategies as part of a defence-in-depth approach to network security.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 10% of the total text.

Network Working Group                                           T. Chown Request for Comments: 5157                     University of Southampton Category: Informational                                       March 2008

                  IPv6 Implications for Network Scanning

Status of This Memo

   This memo provides information for the Internet community.  It does    not specify an Internet standard of any kind.  Distribution of this    memo is unlimited.

Abstract

   The much larger default 64-bit subnet address space of IPv6 should in    principle make traditional network (port) scanning techniques used by    certain network worms or scanning tools less effective.  While    traditional network scanning probes (whether by individuals or    automated via network worms) may become less common, administrators    should be aware that attackers may use other techniques to discover    IPv6 addresses on a target network, and thus they should also be    aware of measures that are available to mitigate them.  This    informational document discusses approaches that administrators could    take when planning their site address allocation and management    strategies as part of a defence-in-depth approach to network    security.

 Chown                        Informational                      [Page 1]
 RFC 5157                 IPv6 Network Scanning                March 2008

 Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3

   2.  Target Address Space for Network Scanning  . . . . . . . . . .  4

     2.1.  IPv4 . . . . . . . . . . . . . . . . . . . . . . . . . . .  4

     2.2.  IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . .  4

     2.3.  Reducing the IPv6 Search Space . . . . . . . . . . . . . .  4

     2.4.  Dual-Stack Networks  . . . . . . . . . . . . . . . . . . .  5

     2.5.  Defensive Scanning . . . . . . . . . . . . . . . . . . . .  5

   3.  Alternatives for Attackers: Off-Link . . . . . . . . . . . . .  5

     3.1.  Gleaning IPv6 Prefix Information . . . . . . . . . . . . .  5

     3.2.  DNS Advertised Hosts . . . . . . . . . . . . . . . . . . .  6

     3.3.  DNS Zone Transfers . . . . . . . . . . . . . . . . . . . .  6

     3.4.  Log File Analysis  . . . . . . . . . . . . . . . . . . . .  6

     3.5.  Application Participation  . . . . . . . . . . . . . . . .  6

     3.6.  Multicast Group Addresses  . . . . . . . . . . . . . . . .  7

     3.7.  Transition Methods . . . . . . . . . . . . . . . . . . . .  7

   4.  Alternatives for Attackers: On-Link  . . . . . . . . . . . . .  7

     4.1.  General On-Link Method...