Network Reconnaissance in IPv6-based Residential Broadband Networks
share
Network scanning has been a widely used technique to gather information on the Internet as a whole. The transition from IPv4 to IPv6 causes traditional network scanning to become less useful. An increasing number of hosts is either IPv6-only or not publicly addressable via IPv4 due to the use of NAT, prompting a need for network scanning techniques for the IPv6-based Internet. All current approaches to IPv6 network scanning make use of hitlists (lists of IPv6 addresses to be scanned). A variety of methods for compiling hitlists have been presented, but they have a strong bias towards server hosts, and do not find addresses of client hosts – smartphones, tablets, PCs, 'smart home' devices, etc. – in a significant amount. Client hosts are the majority of devices connected to the Internet. Furthermore, when connected to a residential broadband connection, they can exchange data at substantial speeds, making them attractive targets for botnets. Scanning residential broadband networks is challenging because the active addresses are changing much more frequently than addresses of server hosts. This master's thesis aims to adapt prior IPv6 network scanning techniques to residential broadband networks. To this end, the following contributions are made: Description and evaluation of an IPv6 address space visualization method, Introduction of the NTP Pool Project as a public and passive IPv6 hitlist source detecting mostly client hosts, 'Smart Home' devices and CPEs, Description of a scanning technique for Internet access provider networks, Case study on the three major German residential broadband networks.
READ FULL TEXT