We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.NI

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Networking and Internet Architecture

Title: Glowing in the Dark Uncovering IPv6 Address Discovery and Scanning Strategies in the Wild

Abstract: In this work we identify scanning strategies of IPv6 scanners on the Internet. We offer a unique perspective on the behavior of IPv6 scanners by conducting controlled experiments leveraging a large and unused /56 IPv6 subnet. We selectively make parts of the subnet visible to scanners by hosting applications that make direct or indirect contact with IPv6- capable servers on the Internet. By careful experiment design, we mitigate the effects of hidden variables on scans sent to our /56 subnet and establish causal relationships between IPv6 host activity types and the scanner attention they evoke. We show that IPv6 host activities e.g., Web browsing, membership in the NTP pool and Tor network, cause scanners to send a magnitude higher number of unsolicited IP scans and reverse DNS queries to our subnet than before. DNS scanners focus their scans in narrow regions of the address space where our applications are hosted whereas IP scanners broadly scan the entire subnet. Even after the host activity from our subnet subsides, we observe persistent residual scanning to portions of the address space that previously hosted applications
Comments: 13 pages, 18 pages with appendix + bib, To appear in USENIX Security '23
Subjects: Networking and Internet Architecture (cs.NI)
Cite as: arXiv:2210.02522 [cs.NI]
  (or arXiv:2210.02522v1 [cs.NI] for this version)

Submission history

From: Hammas Bin Tanveer [view email]
[v1] Wed, 5 Oct 2022 19:43:07 GMT (35094kb,D)

Link back to: arXiv, form interface, contact.