undefined | Better HN

0 pointssomerandomqaguy3y ago0 comments

>For one thing, a /64 issued to a house is a pretty daunting search space for the scanning worms of yesterday.

Eh...

-----

We have outlined a number of techniques that scanning worms can use in an IPv6 Internet to locate potential targets. These techniques are equally applicable to the current IPv4 Internet, albeit not as efficient as random scanning. Although “conventional” address-space scanning is prohibitively expensive in that environment, we believe that the diversity of sources we discussed (which is by no means exhaustive) guarantees a rich target set for worms.

---

https://www.cs.columbia.edu/~smb/papers/v6worms.pdf

A lot of them do rely on getting that first host infected though, but that's not exactly dissimilar to IPv4 networks as well.

>Finally, having remote desktop shouldn't be a problem if people don't know your password, no? It's not like there is a firewall stopping baddies from guessing your Gmail password.

That actually begs an interesting point. IPv4 allows for services to block use IP profiling to limit an attacker's attempts to brute-force / semi-brute-force a password or other attacks like a DDoS. What would be IT / Security processionals response when an attacker can just jump to another IPv6 address and resume the attack?

0 comments

wmf3y ago

I think the best practice is to rate limit by /24 in IPv4 and by /48 in IPv6. That way all the attacker's IPs are treated as a single user. These have corner cases like if the attack is coming from inside the house but they're decent defaults.

j / k navigate · click thread line to collapse