[AusNOG] IPv4 Exhaustion, APNIC EC, and James is a nice bloke ; -)
Matthew Moyle-Croft
mmc at internode.com.au
Wed Jul 23 09:06:42 EST 2008
>> Try doing a port scan over available addresses in a 128 bit
>> address space. Takes eons. You've just multiplied security by
>> obscurity by 2^56, given the default subnet size differences
>> (2^8 vs 2^64).
So, port scans aren't going to be useful anymore. <shrug>
Things will move on - there will be more focus on predictable things.
eg. with so MUCH address space we'll focus more on discovery of other
devices. This'll lead to a focus on end-device discovery using other
means rather than port scans. Harvesting addresses through other means
(email headers etc?)
More Static IP addresses will mean a change in tactics - once you've
found a machine that's vunerable and you know it's IP address then most
likely, just like house thieves today, they'll come back again and again
to the same address in the future. It might be that attacks become
more complex - get you to goto an "infected" website, discover your IP
address that way, then start the direct attacks etc - no need to scan.
Once they've got access to your computer they can then do further
harvesting of IPs via looking at your email messages and headers,
various logs, arp tables of local machines etc.
Assuming that the "bad guys" won't move on and come up with new and
exciting techniques to overcome sparse address allocation is to really
underestimate them.
MMC
--
Matthew Moyle-Croft - Internode/Agile - Networks
Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia
Email: mmc at internode.com.au Web: http://www.on.net
Direct: +61-8-8228-2909 Mobile: +61-419-900-366
Reception: +61-8-8228-2999 Fax: +61-8-8235-6909
More information about the AusNOG
mailing list