DeepAI AI Chat
Log In Sign Up

Glowing in the Dark Uncovering IPv6 Address Discovery and Scanning Strategies in the Wild

10/05/2022
by   Hammas Bin Tanveer, et al.
0

In this work we identify scanning strategies of IPv6 scanners on the Internet. We offer a unique perspective on the behavior of IPv6 scanners by conducting controlled experiments leveraging a large and unused /56 IPv6 subnet. We selectively make parts of the subnet visible to scanners by hosting applications that make direct or indirect contact with IPv6- capable servers on the Internet. By careful experiment design, we mitigate the effects of hidden variables on scans sent to our /56 subnet and establish causal relationships between IPv6 host activity types and the scanner attention they evoke. We show that IPv6 host activities e.g., Web browsing, membership in the NTP pool and Tor network, cause scanners to send a magnitude higher number of unsolicited IP scans and reverse DNS queries to our subnet than before. DNS scanners focus their scans in narrow regions of the address space where our applications are hosted whereas IP scanners broadly scan the entire subnet. Even after the host activity from our subnet subsides, we observe persistent residual scanning to portions of the address space that previously hosted applications

READ FULL TEXT

page 6

page 9

page 16

10/19/2022

Illuminating Large-Scale IPv6 Scanning in the Internet

While scans of the IPv4 space are ubiquitous, today little is known abou...
07/18/2018

FRVM: Flexible Random Virtual IP Multiplexing in Software-Defined Networks

Network address shuffling is one of moving target defense (MTD) techniqu...
08/12/2019

Identifying and characterizing ZMap scans: a cryptanalytic approach

Network scanning tools play a major role in Internet security. They are ...
03/02/2023

Predicting IPv4 Services Across All Ports

Internet-wide scanning is commonly used to understand the topology and s...
10/11/2021

Spoki: Unveiling a New Wave of Scanners through a Reactive Network Telescope

Large-scale Internet scans are a common method to identify victims of a ...
06/23/2020

Classifying Network Vendors at Internet Scale

In this paper, we develop a method to create a large, labeled dataset of...
01/31/2021

Follow the Scent: Defeating IPv6 Prefix Rotation Privacy

IPv6's large address space provides ample freedom for assigning addresse...