[BBLISA] IPv6 as a security improvement?
Dan Ritter
dsr-bblisa at randomstring.org
Tue Oct 4 06:23:19 EDT 2016
On Tue, Oct 04, 2016 at 12:44:59AM -0400, Bill Bogstad wrote:
> http://www.infoworld.com/article/3126784/security/ipv6-servers-beat-ipv4-in-security-for-now.html#tk.rss_networking
>
> The above article reports on how long it took for unadvertised
> insecure servers to
> be "owned". Servers with IPv4 addresses were owned in less than 30 minutes.
> After a week, the servers with only IPv6 addresses had yet to be scanned.
>
> Is this an example of security through obscurity actually working?
> Or is it increasing the size of a brute force search space (like we do
> when we ask people to use longer passwords or encryption keys)?
>
> Obviously, there would be no benefit for publicly known servers whose
> IP addresses can be found with DNS via published hostnames. (Or even
> guessable hostnames.) If everybody switched to IPv6 only for
> non-public systems, how would hackers respond? Would this help with
> IoT (Internet of Things)
> security?
>
> Thoughts?
Hidden causality: the kind of people who set up IPv6-only
systems in 2016 pay more attention to security than everyone
else. This will change.
In the meantime, it is the case that a 10-gige connection can
scan the whole of IPv4 space for a vulnerability in a few hours
(TCP) or, best-case UDP, 5 minutes.
-dsr-
More information about the bblisa
mailing list