Hi Fred,
On Fri, 18 Mar 2005 06:58:31 -0500
Baker Fred <fred@cisco.com> wrote:
Multicast in various forms. The most useful ones would be the
All-Nodes
Multicast Address (link-local) and the All-Routers Multicast Address
(site-local).
Oh, OK, the good old "broadcast ping", using m/c in IPv6. I don't think
I've heard of them being called "letter-bombs" before.
In IPv4, a simple letter-bomb is subnet broadcast. If you know or
think
that 123.45.67.0/24 is a subnet in a company, pinging 123.45.67.255
might very well get you an ICMP Echo Response from each host on that
LAN. In IPv6, pinging any multicast address should get you an ICMPv6
Echo Response from each host in the multicast group. The pinging
All-Routers should get you a list of the routers in a network, and
therefore a list of the transit subnets in a network (but not
necessarily the edge LANs that have only one router on them).
Subnet-router anycast address will certainly find a router in your
subnet, and (rather than arping for each of your neighbors as is
currently done by viruses), pinging the All-Nodes Multicast Address
should get you an echo response from every node on your local LAN.
Solicited-Node Multicast also gives you some sweeping capability,
albeit only on your local lan.
It's a bit of a surprise to me that the offlink sourced methods you've
described would work in IPv6, because I've assumed that as directed
broadcast style techniques had been deprecated in IPv4, they also
wouldn't be available in IPv6. It seems that isn't the case. Based on
my
assumption, unicast sweep pinging seemed to be the only possible way to
find remote hosts.
Is there some mechanism in IPv6 that would allow selective responses to
multicast ICMPv6 echo requests, somehow based on the source address or
a
combination of the source address and multicast scope ? For example, an
echo-reply to a multicast echo-request would only be sent if the scope
of the destination multicast address was site, and the source IPv6
address was a member of the same site or possibly the source address as
the same /48 prefix as one of the unicast addresses assigned to one of
the interfaces on the possibly responding host.
I've had a look at the ICMPv6 RFC, the section on Echo-requests/replys
doesn't mention any selective response mechanisms. I'll start looking
at
some others, it will also help me brush up on IPv6 details again. If
there are any other pointers to RFCs covering this area, I'd
appreciate it.
So the counterpart of today's IPv4 virus that sweeps its local LAN is
a
virus that sends two pings, one to All-Nodes and one to All-Routers.
The echo responses give the application information about the network.
I'd think they'd be quite common, as it seems pretty easy today to get
an user to install software they don't know about behind their NAT box
or proxy server.
Thanks,
Mark.
--
The Internet's nature is peer to peer.