Hacker News new | ask | show | jobs
by xyst 824 days ago
Now do IPv6
1 comments
sgjohnson 824 days ago
Yeah, just go ahead, scan PTR records for some mere 2^120 addresses.

Even if we scan just the first address of each /64, it’s still about 2^56. Unlikely anyone is ever going to do it.

This is another thing I like about IPv6. Makes mass address scanning completely useless.

link
mike_d 824 days ago
I'm currently mass scanning IPv6, so are others. v6 results have been on Shodan for I think 7 or 8 years at least?
link
sgjohnson 823 days ago
Are you aware of what SLAAC does? For the most part your scan results are going to be useless in <24h
link
mike_d 821 days ago
https://www.rfc-editor.org/rfc/rfc7707#section-4

But in general devices using SLAAC are not typically the things you are looking for when scanning.

link
maxmouchet 822 days ago
Hosts with randomized addresses are likely to have auto-generated PTR records, or none at all, so for the purpose of rDNS resolution those are not a big issue.

And that’s a detail, but SLAAC as in RFC4842 is deterministic. The randomization is introduced by the privacy extensions in RFC4941.

link
Avamander 823 days ago
How large of a prefix are you scanning and are you preseeding your scans?
link