You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet

Video thumbnail (Frame 0) Video thumbnail (Frame 1533) Video thumbnail (Frame 3420) Video thumbnail (Frame 5210) Video thumbnail (Frame 6553) Video thumbnail (Frame 7972) Video thumbnail (Frame 10332) Video thumbnail (Frame 15894) Video thumbnail (Frame 16885) Video thumbnail (Frame 19761) Video thumbnail (Frame 22751) Video thumbnail (Frame 23756) Video thumbnail (Frame 24961) Video thumbnail (Frame 26761) Video thumbnail (Frame 30001) Video thumbnail (Frame 31327) Video thumbnail (Frame 32848) Video thumbnail (Frame 33921) Video thumbnail (Frame 34963) Video thumbnail (Frame 36288) Video thumbnail (Frame 37666) Video thumbnail (Frame 38720) Video thumbnail (Frame 39998) Video thumbnail (Frame 42928) Video thumbnail (Frame 44427) Video thumbnail (Frame 45397) Video thumbnail (Frame 46341) Video thumbnail (Frame 47669) Video thumbnail (Frame 48692) Video thumbnail (Frame 49597) Video thumbnail (Frame 50703) Video thumbnail (Frame 54039) Video thumbnail (Frame 54986) Video thumbnail (Frame 56888) Video thumbnail (Frame 57850) Video thumbnail (Frame 58762) Video thumbnail (Frame 59819) Video thumbnail (Frame 60945) Video thumbnail (Frame 63258) Video thumbnail (Frame 64211) Video thumbnail (Frame 66893) Video thumbnail (Frame 68565)
Video in TIB AV-Portal: You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet

Formal Metadata

You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet
Finding interesting targets in 128bit of entropy
Title of Series
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
In this talk we will explore and present various IPv6 scanning techniques that allow attackers to peek into IPv6 networks. With the already known difference between IPv4 and IPv6 firewalling (the latter is worse... ) we then demonstrate how these techniques can be combined and used to obtain a large-scale view on the state of IPv6 in infrastructures and data centers. To give the whole issue a somewhat more fun dimension, we will also look at some (security) sensitive applications of this technique. Complimentary code-snippets will be provided.
Keywords Security

Related Material

Video is cited by the following resource
Revision control CAN bus Goodness of fit Sign (mathematics) Internetworking Software Entropie <Informationstheorie> Video game Kognitionswissenschaft
Authentication Server (computing) Internetworking Positional notation Message sequence chart Internetworking Hash function Ultraviolet photoelectron spectroscopy Database Physical system Backup Connected space
Band matrix Server (computing) State of matter Computer worm Line (geometry) Mereology
Point (geometry) Web service Arm Internetworking Internetworking Constructor (object-oriented programming) Information security Event horizon 2 (number)
Server (computing) Internet forum Twin prime Personal digital assistant Shared memory Computer worm Information security Dressing (medical) Address space Theory Power (physics)
Point (geometry) Port scanner Total S.A. Event horizon Dressing (medical) Theory Power (physics) Number Facebook Blog Computer worm Spacetime Information security Address space Source code Arm Information Expression Port scanner Scalability Digital photography Googol Software Musical ensemble Address space
Ocean current Point (geometry) Dataflow Server (computing) Source code Set (mathematics) Repeating decimal Product (business) Goodness of fit Natural number Internetworking Information security Address space Social class Arm Proper map Information Planning Grass (card game) Cartesian coordinate system Data mining Word Internetworking Lie group Internet service provider Game theory Internet der Dinge Spacetime Address space
Web service Arm Computer worm Client (computing) Address space Address space
Point (geometry) Domain name Server (computing) Arm Transformation (genetics) Domain name IP address 2 (number) Arithmetic mean Error message Network topology Different (Kate Ryan album) Network topology Energy level Reverse engineering Resolvent formalism Address space Metropolitan area network Row (database) Reverse engineering
Implementation Pi Arm Software Block (periodic table) Multiplication sign Network topology Implementation Routing Address space Gradient descent Social class
Group action Code Virtual machine Code Computer network Data storage device Thread (computing) Virtual machine Neuroinformatik Product (business) Measurement Local ring Laptop
Laptop Server (computing) Arm Code INTEGRAL Length Time zone Mereology Formal language Programmer (hardware) Universal product code Bit rate Personal digital assistant Network topology Office suite Address space
Scripting language Point (geometry) Time zone Domain name Server (computing) Randomization Time zone Virtual machine Set (mathematics) Bit Fluid statics Software Personal digital assistant Network topology Computer worm Aerodynamics Reverse engineering Row (database)
Point (geometry) Direct numerical simulation Web service Server (computing) Arm Length Network topology Time zone Computer worm Row (database)
Point (geometry) Source code Direct numerical simulation Complex (psychology) Server (computing) View (database) Algorithm Network topology Error message Row (database)
Mobile Web Scripting language Server (computing) Algorithm Length Projective plane Source code Set (mathematics) Bit Event horizon Pointer (computer programming) Computer worm Right angle Iteration Row (database)
Point (geometry) Arm State of matter Multiplication sign Parallel port Planning Computer programming Row (database) Subset
Point (geometry) Socket-Schnittstelle Observational study Information overload Length Virtual machine Port scanner Parallel port Mereology IP address Thread (computing) Dressing (medical) Power (physics) Software Personal digital assistant Operator (mathematics) Computer worm Resolvent formalism Address space
Optical disc drive Arm Frequency Natural number Query language 1 (number) Data structure System call Dressing (medical) Address space Row (database)
Observational study Arm Internet service provider Set (mathematics) Bit Mereology Web service Frequency Software Internet service provider Personal digital assistant Address space Address space
Information Observational study 40 (number) Forcing (mathematics) 1 (number) Internet service provider Port scanner Dressing (medical) Software Personal digital assistant Internet service provider Green's function System programming Computer worm Information security Hydraulic jump Address space Row (database)
Software Independence (probability theory) Computer worm Data structure Mereology
Software Router (computing)
Dataflow Process (computing) Software Network topology Elasticity (physics) Counting Physical system
Topology Software Operator (mathematics) Network topology Moment (mathematics) Website Set (mathematics) Computer worm
Web service Software Interface (computing) System administrator Family Orbit Physical system
Execution unit Open source Software Product (business) 19 (number)
Topology Software Reduction of order
Point (geometry) Collaborationism Slide rule Arm Link (knot theory) Military base Set (mathematics) Planning Number Number Dynamic Host Configuration Protocol Mathematics Software Personal digital assistant Telecommunication Free variables and bound variables Computer worm Quicksort Musical ensemble Address space Physical system
Arm Interface (computing) Planning Bit Ripping Revision control Digital rights management Web service Internetworking Operator (mathematics) Website Computer worm Data structure Lie group Form (programming)
Authentication Arm Information Computer file Dreizehn Mereology Goodness of fit Web service Software Internetworking Blog Videoconferencing Computer worm Proxy server Information security Elasticity (physics) Point cloud
Point (geometry) Group action Arm Software Internetworking View (database) Computer worm Instance (computer science) Measurement File Transfer Protocol Row (database)
Direct numerical simulation Time zone Link (knot theory) Forest Insertion loss Row (database)
Suite (music) Arm Image resolution System administrator Virtual machine Bit Mereology Measurement Computer programming Direct numerical simulation Goodness of fit Process (computing) Chain Order (biology) Speech synthesis Office suite Resolvent formalism Resultant
Server (computing) Network topology Right angle Key (cryptography) Acoustic shadow Row (database)
Slide rule Server (computing) Arm Moment (mathematics) Source code Client (computing) Number Revision control Statement (computer science) Utility software Quicksort Computing platform Resultant Metropolitan area network Reverse engineering
Point (geometry) Software Observational study Personal digital assistant Expression Mathematical analysis Port scanner Vector potential
Digital media Median Cartesian closed category
you the hour day.
some risk of a war but also to be a speedy would talking about i be version six global scanning thank you. the.
i have. a good evening everybody on nice that you still made it even though it eleven p.m. of course is not a work of me allow on its giant work with colleagues from u.c. santa barbara on kevin burgled are shown how chris the struggle and germany now on.
fish thing about me on i have about two are signs of cognitive science and some not notice that was not really my life on so actually went on to get as much as his network engineering and since i got that i'm more or less desperately trying to get a ph d. from my professor feldman professor seifert tudela.
on my research interest can be summarised as a basically what nobody else does but not because most of his engineers but because most people say well that's your but that won't work anyway on and i think we all know this as miss consideration so on.
you all the know these nice people that are running database servers on the internet without authentication and i have heard of a big guys p that actually managed to run their positioning system on the internet which was not that good for connectivity for customers on. there's also another nice example summit partly night and the was actually pretty good and doing back ups and they even encrypt at them and stuart the a.f.p. with it. i. on and there's always the fun of finding and i started he buys some that belongs to some bulletproof coaster ride on the internet on and something i had to learn there's something called remote the a.m.a. what could be better isn't doing d.n.a. over the internet.
so i'm basically whatever i will tell you today is directed at finding these on. the first things first have sex.
i'm a tell you about a nice tool to have a lot of fun with that basically we don't just do it you don't cross state lines from your house you get near by the f.b.i. where your brains in your ass.
follow this goodbyes on.
think about this event think about the amount of bandwidth you have think about the amount of other people have think about them having on this nice time between of the holidays at the end of the year where they don't want to work on which might happen if suddenly dns servers start crashing and other services. come on reliable. so on back to my motivation and some of you have a great work. first part will be a little bit dry on so if you start to get bored on there's a special flight were asked the person next to you to wake you up.
just right before the funds to start so please don't run away. so in the beginning there was that meant that was like three years ago.
arm and it started this whole thing about we can scan the whole i pay for internet we can do like internet white security regulations. some and. that was actually a whole new whole lot of fun so on i think two years ago there was as nicer isn't one of the lecture hall at this event where you would have something like chatroulette only was the n.c. service it.
last but to actually brings us to the second point of stops being funny when you find some. said construction facility in india on one of these flights on that night was heavily used to scan for hot plate and to do and i was unhappy was mitigated.
that never was used to scan forum well at least open to the ports where you couldn't do and the exchange to see how its key sharing between a sheep the answer is in the wild and that was research and education attack servers well basically the amplifiers for the implication attacks and this ability to. to exhaust the fleece can actually help the security community a lot but as with all good things are other not so good things in this case.
before is coming to an aunt i'm there is only as so many addresses to to the power of thirty two in fact theoretically. and that there's a lot of work investigating how this is getting more and more exhausted and by now getting out before dresses actually pretty heart. so on.
what happened is that people introduced i p v six like twenty years ago roundabout think even more from with i t v six there comes a lot more dress like to to the power of hundred twenty eight theoretically.
arm and when we can actually see that every six and starting together that that photograph a half year as actually a band with graft from this event. and with the that at the point we will. at the points we saw around twenty five percent of the six traffic. from this is a little bit scared because as soon as we deplore i p v six to use a network you will suddenly see a lot of traffic to like two or three big players like a google with you tube and facebook. but it's still demonstrates that i would be six the thing it's coming on him. however if we start news for example that matt and i p six will suddenly have to wait now. i cannot really pronounce that number but it's really really huge and i don't really intent on living that long ago. so i'm quite come to related work so i'm looking at ivy before dresses was an interesting to all it was not only used in security community and but especially their and helped a lot their arm so people want to have the same thing for i.t.v. six. on current work is relatively i'm focused on starting on trying to observe i p v six address usage in the wild not doing at the scans but having some vantage point where they sit where they can read something which provide some information about used by piece expresses.
third from the plan kind bagger on their using the axis lots of a large city and of course as good scientist the dancers clear with which he and this is but one of them has and i got my mailing address. some. six at all who are. mostly the vantage point for years of them all on their using various the u.s. data sources but not the same as i will present of this talk and then there's grass at all on they do have for some reason access to a large european i expect the and can look on flow daters there. by can get information about you to last up to six address in the wild. so let's quickly go over these so on french the plan current era actually provide a nice work on whether use their data sources to train a tool which could send predict another active that means replying to i.c.m.p. i would be six address based on the data set i had previously. arm they are mostly using the years sea and daters that they have a small really really tiny portion of data that was a surge as the data are present on. utilize trace raw data on this has certain products for example the city and lots of course not really represent a lot of well servers on especially not thirty's and provide internet out there today. peter is by nature really really really biased towards networking devices because well it fresh arteta it on the work the grass at all in principle is somewhat similar so they also tried to predict active i p v six address is based on a data sets a half. the plan we have says that all classes and all are actually on. doing various mining's on the interstate assets are they have been recorded data sets so they actually get locked from the u.s. workers. they also doing as and something really fun where they would actually do p.r. look up for every address and the happy for space. and then to do and what they look up to get the i p v six address for that after the end. their work is actually one of the big motivations for what i'll be presenting today big because they figured out that i'd be security is not really doing that well arm and other words doing terribly. farm. but well. so in summary arm i looked in my basement i didn't find a cd and i look to go further and i didn't find an xp and when i asked my ears and eyes p if they wanted to let me on read their on recurs texas locks they also said something including know it. well i'm but on the other hand so what if i was a politician i would now be like but we have this i'll teasers internet of things says we really need this game to protect all the people so on. well we came up with methodology. on by the way on this is the point where you want to wake up people next to you that didn't really care about related work.
so i'm first things first so on.
and there's another person i'd like to try to be different but i'm not really sure if i can do the i j thing correctly because i'm not dutch on but i hope. but tried anyway. i met him at last i checked in berlin. as i well thirty's dutch. so if someone who started to talk about the asset arm and he said if i want to get a lot of happy six addresses that are assigned to service not clients i should actually look at well i p v six rivers genius.
he said he had from like interesting preview resolve thing is and i should start to dig into that so well as i sat dutch people know about the and as like most of the dinosaurs were continuing come from the netherlands. let's try so on let's start with the for a short recap.
i b six address at hundred twenty eight it and you can represented and thirty two so-called know both on there's a little things representing acted like a dozen more characters we see. your arm and reversed in as a way to get for an ip address you have after rianna fully qualified to make name arm. you do this by on doing some transformation to the i p v six address so the first reverse it. on and then you could basically points between each of the nibbles for different levels and the p.r. tree and as top level domain and second level the man you have to be sick stop or on another that tree on you then find. occurred and the record you can repeat your request to and then you get a fury and from the u.s. or. sue the next thing that is somewhat. important at this point is how he and his works so on are see ten thirty four i hope i get this right. see somebody and the audience that will probably be out of a downturn. and it's not really clear about it but tries to minute third got clarified an r c a t twenty. the meaning of an extra main harm technically an extra man should mean if you receive the reply an extra man from a server and four point in a tree if i'm like you want to the right arm that there's nothing at that point you requested or anywhere there and.
arm so what this technology basically years is descending trees are where we received an hour for the route. and we can actually try this so we we we we have or given ruteere which is thirty six that are and we do it in as carry four zero six and other we get an extreme so we don't dissent and that tree which is the same for the one we do the same for the two three four up to the e.u. and we always. get an extra main we know well don't have to the sense that tree when we had the effort we do get a new era we don't get any data back but we get nowhere so while descent the tree. try. um. i never managed to clear our class story on the way we do the same thing again and this time we start with a zero and we need to get a new data or no ever so we can be sent that tree already. arm and do the same thing again and then we descend that's tree and by doing this thirty two times or an i p v six address their city to know both arm we can finally arrived at utilized i p six addresses on and this year if we start with your this is basic. we adapt first surge in this huge the industry that has spanned up by the reversed us name system. i. so as i said this is in itself not new. r.c. something seven or seven which actually discusses as a possible technique for network reconnaissance and one that works.
they actually reference and this be different guy who recommended this technique to me on and he actually i wrote a small block article about this like three four years ago and provided the pies implementation which you can utilise to actually scan a network or rather the s.p.d. a prefix.
on this was also starting around for the tooling our which will be provided to you in the end of this talk. what i used to conduct the scan says.
well it's basically the computer we have four and doing machine learning at the research group and my colleagues were not so happy that they have to stop doing this was a mask and on but as i produce something called academic code which is basically like starker what the town called production ready. but if everybody who loft works in a start up.
arm but i'm pretty sure that somebody who's actually better with care than me so like a programmer who can actually bright production code will also be able to run this code well because they write himself on the laptop as the. so on and the first saying what was when i thought about this technique was on that that that i do adapt first search which is a pretty bad thing if the first part of the tree is on a really really slowed as server on the other side of the world.
so you want to have the opportunity to do some kind of breath for search to paralyze have a different and investors. tom for this i basically just iterate enforceable steps so in a first step i well it's rate up to a language of on foreigners else. for all possible actually and wreck will be on trees. or collect all of these and for each of these are do the integration step for another four novels on based on flavor arm on personal case one my also ought to go from sixteen nobles to surrey to direct place or from sixty four were two hundred twenty eight but which may have landed just may have disadvantage. is a but we will see that later when we look at the data. so on this was basically what i built directly after i.d.f. why i'm actors together some went to the office ran at.
what was pretty happy because after i run for week i found something million records.
theroux on. i then looked into the later and was wondering why got this funny mare from a large i speak with them complaining about a lot of traffic from my machine to theirs. calm and i land about a really nice feature you want to have in your reversed loans when you're offering rivers zones or other networks to customers and end users which is to make reversed zones so i have an example here so when you have a big network and. you don't want to manually thats all those two to the power of sixty four rivers entries for the possible uses you could have just said the script in your d n a server that actually generates the rivers of q.e. and i'm for any given i'm well reversed pointer. the record i'm they also may be static and i also found funny or dynamically generated looking domains that are probably been as possible something like that at least they were always returning subject to bits of something random. point being in this case you will never find an extra main so i'm when your iger isn't is just plain mr buckley going in there it will find a lot of records but they all belong to well however big this rivers has the stomach to generate reversed honest i'm. so on. i thought about one hundred sticks on and i first saw about doing something computationally sticks and hand theft where would compare we turned down rivers have returned after the end to figure out if they may or may not be actually somewhat related turns out doesn't really work doesn't really perform. what perform for better is just just trying to create and static set of records from and at least three of these acts with the fumes of the main or rather the tree is dynamic a generator.
and that the three records as a personal preference arm the picking off on filling up the tree to a length of service to noble's with zero swans to three up until after it's another person reference some people are recommended to me to do this with some random data. but then you actually have to have enough on looking and for before that so three well. this question but i'm this actually works. so on using this actually try this again so i started the i p six that up or letting him around and i for one point six million records.
and you have to say i started off with like seventy million was like really amazed and now i only have one point six million records come so i was somewhat confused. which brought me to another nice funding so they're dns servers that are for some reason not r.c.a. twenty compliant.
so they may actually sent an extra main cent of nowhere on we have an example here so if on the dns servers on which have thought i'd be sick start up or down. the resident on. sense and annexed the main because it has no explicit record at that point. well then i will not see the error got left out i can think about her home and to actually counter this issue if i'd got the idea of ceding moderate so i do not start i be sick start up or what i started very as well known pre-determined two x. this well stop.
trees have you been a three forty six a rubber. i built a somewhat funny a reason for that. at each step so at each bomb noble lancs remember the flight complex back. so for four novels i would actually trouble on the seat on record.
to lanka for mobiles and riyadh the full record length again as a seat record just so that i get at each iteration on all the information possible from my seat records. was he thought as i used where's the reviews project and has the right and c c m.
for the called think something was busy p really view i always forget any way on these are publicly available. on and actually are documented in the script that will be published with this talk other possible sources are of course on the reason i'm so that all used where they would actually do see what they look up for the return after the end of a bit before reversed some pointers and basically what. the data set you can get your hands on on so if you can for example. if you are a big event or a lot of people are using remote i p v six servers and you were actually able to reach the network traffic which i recommend not to do then you can also use that as source for seeing.
so now with with a seat said i actually ran the program's again this time it took for nearly three days of running a parallel was a threat and i found five point three million records which is sounding really small but i'm due to the.
the well state of the six and the plan practices and i v six this is probably still pretty decent so arm it can show a full fulfil picture that shows a large subset. but i wasn't really satisfied with the speed of this so i try to paralyze more on because i realize that my answer was well not really that busy i tried to run it was fun or threats that ran faster found last arm and the lesson had to learn.
learned was that basically i'm the one ip address are used for resolving run out of sockets third you want to have any power lies as armed. due to do it on multiple machines with more dresses to actually use for out point in us currys arm.
i think that falls into this as stunted if you're running this yourself on half local resolved because latency to your local resolve our for example in this network to resolve our part of a network operations. extremely in crieff length of the scans. and possibly will overload them so don't run against just report. so on this is basically the start of for the case studies on.
first look into this arm. you see basically a potter's years the amount of curries i needed for records in slash sixty fourth. we basically see a nice distribution between from is structured learned so those that have. colin call on wankel onto an extreme structured and those that have nearly random addresses are for simply at you i sixty four dresses on to the left basically there was where needs them more credits to find less records.
and then here are the structure ones which due to that first nature of the odds and well to be found first that hours and found was less paris.
but i promise more fun parts. on you can also utilize this tool to look at something specific so i'm from the huge data set you collect you can think a lot of civic networks.
and this for example is an overview of how software as a service provider dust the network assignment policy so so high is expressing networks are signed with that service provider arm figuring out which has provided with his left as an exercise to the reader. i'm and i was told that this is to academic and just boring on so i look at something else which full bit more fun so i personally do not really do a lot of stock trading but if you look at the six networks people suddenly have a whole lot of addresses to use so they were dressed as.
everything they will address look back address was public address as they will address it me with public and dresses everything so if you look at such a network in this case starting here. and nine september are with with sixty five k. of host roundabout you suddenly see a huge jump jump of around ten k. and just a matter of well two weeks on and like two months later you can realize that this as heirs provider actually an ounce. the record sales quarter so. this is one of the opportunities where you could use is to ring for actually gathering information on company growth. that which is probably a lot more fun as looking at apologies so for me was the most fun thing i could do with this apart from security scans what we all know what they will turn up it so facing idea it was looking at i speak by the way i'd like to mention that. this all is my personal opinion and i'm not representing affiliations and so forth. so on iran and rescue reais are holes us or sixty force. red cross last forty eight. and green arthur study to see if. and turn of his him out a little you can also see black ones black ones are those that are for some reason connected to to flesh sixty four score more.
siro. after importing this is actually looks more like a boy cute than anything fun. however as a basically director graft one can sources. on make it float apart a little so you can actually recognize part of the structure.
on you can at funny labels to it. i'm thirty then you can look at what you can feet so on this is a network of a huge like speed on this is for example arm. their pop in and work. on basic as a peer network. on course they also have independence and frankfurt.
nothing you can actually see years and served or black friend over there they can actually see on the networks to customers are having our behind the router on.
behind appearing and frankfurt on they also have the same is like calling infrastructure which you can see being. connected to their provisioning on and some internal routing or interconnect infrastructure. in five was six years to be their central far wall and now frankfurt.
on was a whole lot of on hose connected to it for example and numb elastic search system for a customer counting.
on and processing flow data.
on but i think nerds are somewhat more into on other networks to this is an example of now zad a cough. on the but there's also some have bigger topology as one might want to look at.
on everybody familiar with got milk. few a little site know i'm also doing on the monitor in front of our operations and we will now look into it at the moment the only network.
i have to feeling that another topology of debtors and the network at this conference. on. for reasons on it will remain anonymous for the purpose of this talk. a quickie the data sets of public. so. let's have a huge journey to or through a network.
i'm so like orbit networks and has a bar altar. on and some portal cistern some administration interfaces. on and possibly user access networks.
i'm also run like africa infrastructure for example i'm host called big brother on which is which is actually an ancient monitoring system i want to give them that. on which they actually had to have a lot of service for but they are currently apparently migrating to premise years which is a somewhat your monitoring system to fight.
and so let's look at their infrastructure how do they run so arm around a lot of open source software so we see gentoo.
you can trust and probably not so who.
and they also have a production host.
on. well they also have enough like our which which made me think so you eat which many things that might be a honeypot. but what worries me most is actually this one. try a trip on a little more serious note on what is also teaches us that these networks are run by a nurse.
so on some more fun things due to a popular the manteca quietly on the reductions happened due to and well.
you. for some reason it is not a change to expose the i p for just a military installations when you have collaborators from the united states. another nice thing we actually found in our data set is that the sleepy six six six the number of the back plane and six six six and this case is a placeholder.
because for reasons i actually talked with the sort of the company before this talk and they were like me nice the away we kind of know about this and i was like cool nice thoughts i can talk about and i would like yeah well with us. so what. when were scanning some of the other six address be collected we would find them the c.c.p. for being opened on hosts that would also expose town as agent g.d.p. and somewhat look like back on links arm funnily enough the t.c.p. port which should be on the slide was more related to a technology. body usually don't find on the backbone writer. after some communication with a couple of friends star we figured out that technically is a sport should be bound to local holes on the systems. so on. as it is used for some back pain services. the funny side note on the band the didn't even know how they customers managed to get this exposed. so. so then we have these the h.p.v. six. some we all know the issues of well devices that suddenly get them i p v six addresses and become the unreachable my most favorite where printers. arm and something you see a lot is that these devices that as an exposed and that are really vulnerable arm actually do have. for what point are for their country and that is returned from forty six address that points to an arching nineteen eighteen so a private network address. arm other things you find is it me.
so about management and various forms of what you basically use when everything burns down on one really nice lies largely operator actually on has all their company interface which always i.c.m.p. version six. or which which make me wonder what would happen which i of course didn't do but well it's. it's something i'm wondering about because well you don't really want your it me on the internet and also something for the people a little bit more into an african for structure and be the sites are exposed back planes.
on. besides are exposed back planes on you will also find a lot of recall their lot of p.g.p. arm and talent a sage of internet infrastructure it has a backbone services. on another fun thing to find a doctor on.
on one part is the nice things you can deploy as dr for example arrested search on it's really amazing who runs a less tax search as a service without authentication only reachable by if i could be six. not reachable as i p v six and four dr and senses and i don't know if if you do know what these t.c.p. ports mean for gawker installation i'm this is actually an a.p.i. for which you have to protect this information the documentation how you can enable authentication there's actually good blog post on how you can. and a label authentication using certificates and calm and the next reversed proxy but you can also just exposed to the internet armed if.
he well. arm so this is just as set out the opportunities you can have. on which you shouldn't have. on besides actually doing the right thing and doing filing feel your ip six network you could also do something well security about thirty on you could try to contact your video reversed eunice learns in a way that always returns are no data or whatever.
i'm basically asking them to this. if your heart to say that this is an attack but basically to this on this was already available in two thousand and twelve when i first played with those on. these tools available not a playable to all the answers are there but the concert should be clear should be implemented well on the other hand we should think about on techniques that probably are clickable even do this specific technical just presented is not available. so let's quickly concluded.
arm in the end you can try to reject package but you kind of hygiene network apology should think before setting on p.r. records and you should think before connecting things to the internet. and you can download my to change our own from they get love instance of my own research group. and there's an academic publication coming up in a march two thousand and seventeen which is also dealing with this technique on a more measurement related point of view. on thank you and i'll be happy to answer any questions out.
the you very much and it first question is usually goes to the single engine. the to actually think about trying dns zone transferred to see this super would give up a bushel your records to to miss configuration on.
using other techniques like take the forest discussed in the research publication but we didn't actually try it on. well there's a good link. if. the next question goes to market another five i yet you got me loss of so you get the loss of it here when you said that they may be correct me if i'm wrong.
you should run your own low call us resolve her to get faster i don't know what i am counting wondering when did you use some can have a secret noose i know. in order like to to powell your resolutions instead of using a local result her or maybe i had misunderstood what this was sold in the running a local resolve on the machine you're doing the measurements on is basically i'm following the issue of overloading on the local resolve our pew research institution having your system administrators. sitting in your office being really very angry arm you know all the things that happen when they suddenly have to deal with the dns recurs as doing mostly the crease you're doing and not those of other people in the room or research is that you guys in suits not improving the speech actually have to level with speed because palm. either you do the resulting yourself or you put it somewhere else and you basically have to wait for the answers so if you have a little bit of latency arm to what's your occurs or the whole process will pop up take longer than your local machine you basically reduce one one small part of latency but again you can probably do. it's better when you do the recurring and resolving from the two chain which i did do because i'm not a good program friendship next question because some are from them.
ok so did you actually consider that there might be a few servers hidden in the shadows subtenant to have these are generated b.t.r. records from yes there may be third is hidden in their but due to the dynamic to generate a p.r. records i cannot verify theres without.
softly him rating the whole well the whole tree which just gets really really large ok so huge his ideas like the right now and i cannot for our thank you again next question cost an arm or from are too high from experience i found.
but the physics reverse look up some are more sparse them the i.p.u. the four versions so do you have a reference on how many you hosts you find with that technique versus host that are there without reverse look up.
really loft a half that. also so basically if you want to make the statement you you just basically asked for and you would have to compare on this data said was another independent data said with which looks at another in anger off by p six for example arm larger xp arm for example arm. thirty and dataset well three and their said will be biased for clients and servers so most probably the ice peter said on. at the moment i didn't happen well ability of those so i didn't investigate that. the remark from number six you mention the results or the data sets off your work our public so where is a desert. well so it's actually thought in a disputed man and a lot of the in a thirst. you a. as you know it from all cool platforms on that there's a dedicated donald client you have to utilized donald client source code is available at that location. ok emerge from number five of the so quick question most of the that on the slides was sort of the western.
the male expressions on so are just as a general question the to explore the i p v six so explore a lot of does on the asian networks of say korea china which has massive i p v six years because of the latency thing you know. actually i didn't really focus on a paper continent analysis i mostly on presented so far in the academic work the technique in itself on and i pick interesting case studies. that would demonstrate the potential of the technique but what you suggest is actually an interesting point for for the work old the for anyone interested in that i would recommend hong kong as to the start seeing points to the scans years. care any more questions.
ok thank you very much that. which new york.