|
|
|
|
|
|
by iod
2654 days ago
|
|
|
If one were to scan all the IPv4 internet for broken/exposed UPnP service to target, they could then use IPv4 to craft a special message instructing the service to phone home to an IPv6-only domain. If the client has IPv6 enabled and the phone-home goes through, it is determined that there is a link from broken/exposed IPv4 UPnP to a potentially unknown IPv6 address. This gives a new set of previously unknown IPv6 addresses. These IPv6 addresses can now be scanned for other vulnerabilities. |
|
|