[immibis]

> The IPv4 space is tiny and trivial to scan

Something many people don't expect is that the IPv6 space is also tiny and trivial to scan, if you follow certain patterns.

For example, many server hosts give you a /48 or /64 subnet, and your server is at your prefix::1 by default. If they have a /24 and they give you a /48, someone only has to scan 2^24 addresses at that host to find all the ones using prefix::1.

[Sayrus]

Assuming everyone is using /48 and binding to prefix::1, that's a 2^16 difference with scanning the IPv4 address space. Assuming a specific host with only one IPv6 /24 block and delegating /64, this is a 2^12 difference. Scanning for /64 on the entire IPv6 space is definitely not as tiny.

AWS only allows routing /80 to EC2 instances making a huge difference.

It doesn't mean that we should rely on obscurity, but the entire space is not tiny as IPv4 was.

[TZubiri]

Interesting, so you may see the Ipv6 space as a tree, and go just for the first addresses of the block.

But if you just choose a random address you would enjoy a bit more immunity from brute force scanners here.

[AStonesThrow]

IPv6 address space may be trivial from this perspective, but imagine trying to establish two-way contact with a user on a smartphone on a mobile network. Or a user whose Interface ID (64 bits) is regenerated randomly every few hours.

Just try leaving a User Talk page message on Wikipedia, and good luck if the editor even notices, or anyone finds that talk page again, before the MediaWiki privacy measures are implemented.