Comment by throw0101c

2 years ago

> The "kids and enemy states" are just hosing address ranges.

If you could scan one million addresses every second it would take about 500,000 years to scan just one /64. Not sure how practical that would be.

When I was still with an ISP that did IPv6 my Asus would block any incoming connection attempt unless it was a reply (SPI firewall), though it may have (IIRC) allowed pings in by default.

3 comments

throw0101c

tflol 2 years ago

SPI firewall looks interesting, appreciate the education.

rainonmoon 2 years ago

Yeah that is an absolutely bonkers amount of time so you're probably right in that the approach of low-effort wide net-casting attackers would have to change. I'm curious to know how Shodan etc. deal with this.

kalleboo 2 years ago

Shodan ran an NTP pool time server on IPv6 and harvested the addresses of machines that checked in to get the time. Pretty clever.