;login - Worm Propogation and IPv6
tjc at ecs.soton.ac.uk
Wed Jan 24 11:47:52 CET 2007
On Wed, Jan 24, 2007 at 02:20:38AM -0800, Roland Dobbins wrote:
> On Jan 24, 2007, at 12:16 AM, Roland Dobbins wrote:
> >The bad guys will figure them out; it's up to the good guys to
> >point them out so that we can do things to protect against them.
> I'll also point out that, despite the baseless claims of those who've
> asserted that IPv6 somehow provided a 'defense' against worms due to
> the large address space, those of us who think about these things
> have known about every single one of the techniques discussed in this
> paper and talked about them at length. Messrs. Bellovin, Cheswick,
> and Keromytis simply wrote them down; no research was required in
> order to write this article, it's simply a useful compilation of
> 'hints' which worm writers may use; also note that none except ND are
> IPv6-specific (and ARP can be used in similar fashion in the IPv4
> world). They seem to've not discussed Link-Local, but add it to the
Constructive cricism of the following draft would be useful.
It's been through a few revisions, but I'd be very happy to revise it further
from operator input.
I would agree that many tricks can be shared between the two protocols, but
that with IPv6 the worm writer is more likely to have to use more tricks
to make their worm more effective. The point remains rather moot however
while networks are dual stack (except that the state of IPv6 firewalls/IDS
may make IPv6 in some ways an easier target).
More information about the ipv6-ops