----- Original Message ----- > On Tue, 25 Jan 2011 13:42:29 -0500, Owen DeLong <o...@delong.com> > wrote: > > Seriously? Repetitively sweeping a /64? Let's do the math... > ... > > We've had this discussion before... > > If the site is using SLAAC, then that 64bit target is effectively > 48bits. > And I can make a reasonable guess at 24 of those bits. (esp. if I've > seen > the address of even one of the machines.)
I wouldn't say you could assume that because one machine is a particular manufacturer, that they are all the same. I would say you could certainly limit a scan to a set list of well-known 24-bit IDs (say ~100 or so?), that would still take a couple days at least to scan. Could there not be something implemented in the firewall to prevent an incoming scan causing an issue with ND ? If you block all incoming by default, why would the router try to do a ND on an address that is not allowed? -Randy
