Forgive the top posting, but Lookout is the corporate standard.

Now, on to the topic at hand.  Why would you scan the address space in
the first place?  Wouldn't it be easier to compromise a known host and
look at the ARP table?  Or better yet, the router on the edge?  If it's
moving packets, something on the network has mapped the MAC address to
its IP at some point.
Jamie

-----Original Message-----
From: Dobbins, Roland [mailto:rdobb...@arbor.net] 
Sent: Friday, September 03, 2010 3:42 PM
To: NANOG list
Subject: Re: just seen my first IPv6 network abuse scan, is this the
startfor more?


On Sep 4, 2010, at 12:19 AM, Steven Bellovin wrote:

> See http://www.cs.columbia.edu/~smb/papers/v6worms.pdf

I've seen it and concur with regards to worms (which don't seem to be
very popular, right now, excepting the 'background radiation' of old
Code Red, Nimda, Blaster, Nachi, SQL Slammer, et. al. hosts).  I believe
that hinted scanning is still viable, and I'd argue that the experience
of the OP who kicked off this thread is an indication of same.

-----------------------------------------------------------------------
Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com>

               Sell your computer and buy a guitar.






Reply via email to