[ppml] And as for assignments...
William Herrin
arin-contact at dirtside.com
Sun Aug 26 14:55:09 EDT 2007
On 8/26/07, Jonathan Barker <jonathan at qx.net> wrote:
> for years people have launched bots to scan the network for open
> hosts to infect. Now - they have infinitely more space to scan, and have
> to transmit more and larger packets to do it. With ever increasing
> processor power... Bot scanning and the massive number of packets now
> needed to scan for hosts could become a real problem.
Jonathan,
I think you have this backwards. The massive size of the subnet will
make it impractical to scan for hosts off the local subnet, regardless
of the available bandwidth and processor power. Its an unintended but
useful consequence of the large subnet size. Worms will have to look
for other cues to find addresses to infect, such as publicly posted
http transaction logs. That will tend to blunt their spread a bit.
On the flip side, I can remotely identify the make and model of the
ethernet card from the MAC address encoded in the IP address which
ought to make it much easier to target driver bugs. For example, I can
trivially tell that 6to4.nro.net (2001:dc0:2001:7:2d0:b7ff:feb7:f7f9)
is using a NIC made by Intel (MAC 00-d0-b7-b7-f7-f9). With a better
MAC database than what I found in 5 minutes of searching, I could
figure out which model Intel NIC, when it was made and what revision
of the firmware it shipped with.
Regards,
Bill Herrin
--
William D. Herrin herrin at dirtside.com bill at herrin.us
3005 Crane Dr. Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the ARIN-PPML
mailing list