[AusNOG] IPv4 Exhaustion, APNIC EC, and James is a nice bloke ; -)

Matthew Moyle-Croft mmc at internode.com.au
Wed Jul 23 09:06:42 EST 2008

>> Try doing a port scan over available addresses in a 128 bit 
>> address space. Takes eons. You've just multiplied security by 
>> obscurity by 2^56, given the default subnet size differences 
>> (2^8 vs 2^64).
So, port scans aren't going to be useful anymore.   <shrug>

Things will move on - there will be more focus on predictable things.  
eg.  with so MUCH address space we'll focus more on discovery of other 
devices.   This'll lead to a focus on end-device discovery using other 
means rather than port scans.   Harvesting addresses through other means 
(email headers etc?)

More Static IP addresses will mean a change in tactics - once you've 
found a machine that's vunerable and you know it's IP address then most 
likely, just like house thieves today, they'll come back again and again 
to the same address in the future.   It might be that attacks become 
more complex - get you to goto an "infected" website, discover your IP 
address that way, then start the direct attacks etc - no need to scan.   
Once they've got access to your computer they can then do further 
harvesting of IPs via looking at your email messages and headers, 
various logs, arp tables of local machines etc.

Assuming that the "bad guys" won't move on and come up with new and 
exciting techniques to overcome sparse address allocation is to really 
underestimate them.


Matthew Moyle-Croft - Internode/Agile - Networks
Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia
Email: mmc at internode.com.au  Web: http://www.on.net
Direct: +61-8-8228-2909		    Mobile: +61-419-900-366
Reception: +61-8-8228-2999          Fax: +61-8-8235-6909

More information about the AusNOG mailing list