IPv6, NTP and SHODAN
-
Interesting.
http://arstechnica.com/security/2016/02/using-ipv6-with-linux-youve-likely-been-visited-by-shodan-and-other-scanners/
-
If you have a public IP address on the Internet, you've likely been visited by dozens, hundreds, or thousands of scanners… snooze. :-)
-
Generally outbound traffic like web browsing uses a random, temporary address, too.
-
But the gist of what they were saying was that the assigned IPv6 space is so large, nobody could run a scan and hit everything in their lifetime. Not even close, so you had a slight measure of protection from that. The SHODAN NTP servers allowed them to get addresses that were actually in use.
-
Eh, there are some interesting topics on scanning IPv6 around. Using other data like web logs, mail logs, etc is one way. Some of those logs make their way into google which leads to more exposure, etc. Relying on security through obscurity (or hiding among billions of billions of addresses) is a poor security model anyhow, I wouldn't consider that any measure of protection.
-
While I agree 100% in principle, assuming all other protection measures are in place I would rather be a grain of sand on the beach than a stone in the aquarium.
-
I suppose, but I'd rather head off anyone eager to tout that as a security measure in this day and age, too many people already thought NAT was a security measure in IPv4. Sure it might have helped or been part of a larger strategy, but it's not something that should be relied upon.
If devices use privacy addressing or hop addresses the collected data will only be useful during a small window anyhow.
