IETF Logo Mail Archive

Re: [OPSEC] Mail regarding draft-gont-opsec-ipv6-host-scanning

Rama Darbha <radarbha@cisco.com> Fri, 16 November 2012 22:51 UTC

Return-Path: <radarbha@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2A6921F8669 for <opsec@ietfa.amsl.com>; Fri, 16 Nov 2012 14:51:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.367
X-Spam-Level:
X-Spam-Status: No, score=-10.367 tagged_above=-999 required=5 tests=[AWL=0.231, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cm-8DuNS4jkp for <opsec@ietfa.amsl.com>; Fri, 16 Nov 2012 14:51:34 -0800 (PST)
Received: from av-tac-rtp.cisco.com (av-tac-rtp.cisco.com [64.102.19.209]) by ietfa.amsl.com (Postfix) with ESMTP id 9DFBA21F866F for <opsec@ietf.org>; Fri, 16 Nov 2012 14:51:33 -0800 (PST)
X-TACSUNS: Virus Scanned
Received: from rooster.cisco.com (localhost.cisco.com [127.0.0.1]) by av-tac-rtp.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id qAGMpWpS012608; Fri, 16 Nov 2012 17:51:32 -0500 (EST)
Received: from dhcp-10-150-53-202.cisco.com (dhcp-10-150-53-202.cisco.com [10.150.53.202]) by rooster.cisco.com (8.13.8+Sun/8.13.8) with ESMTP id qAGMpVgH004765; Fri, 16 Nov 2012 17:51:31 -0500 (EST)
Message-ID: <50A6C373.1020804@cisco.com>
Date: Fri, 16 Nov 2012 17:51:31 -0500
From: Rama Darbha <radarbha@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:16.0) Gecko/20121026 Thunderbird/16.0.2
MIME-Version: 1.0
To: Gert Doering <gert@space.net>
References: <50987BAF.60909@cisco.com> <20121109135234.GH13776@Space.Net>
In-Reply-To: <20121109135234.GH13776@Space.Net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: opsec@ietf.org
Subject: Re: [OPSEC] Mail regarding draft-gont-opsec-ipv6-host-scanning
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/opsec>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2012 22:51:46 -0000

Gert,

Good point. Now that you explain it, my concerns below sound irrelevant. 
Thanks!

- Rama

On 11/9/12 8:52 AM, Gert Doering wrote:
> Hi,
>
> On Mon, Nov 05, 2012 at 09:53:35PM -0500, Rama Darbha wrote:
>> When I first read this, I immediately agreed that performing a
>> brute-force attach on a /64 network would be infeasible. But then I
>> started to reflect on why it would be so infeasible? Computers are
>> getting faster, and NICs have more capacity, so their ability to create
>> faster mappings scales in relation. Do we have current research numbers
>> to state how long it takes to do a brute force scan of a /64?
> Basic math.  If you can send 1000 packets/sec without being noticed,
> scanning 2^64 addresses will take about 584942417 *years*.
>
> If you can send a million packets/sec, it will only take 584942 years,
> though...
>
> Gert Doering
>          -- NetMaster


-- 
Rama Darbha, CCIE#28006
919-574-5071
radarbha@cisco.com
Cisco TAC - Security Solutions
RTP, NC, USA
Hours: 8h30 - 17h00 (EST)

http://www.cisco.com/tac/

v2.23.0 | Report a Bug | By Email