Re: Review of IPv6 Implications for Network Scanning

[Brian E Carpenter <brc@zurich.ibm.com>]

On 2007-04-27 09:31, Soininen Jonne (NSN FI/Espoo) wrote:

> Section 5.5. Rolling Server Addresses:
>
> I don't know if I now open an old can of worms and this was already
> substantially discussed in the mailing list in the past. However, I find
> this section a bit silly. The idea of a server is to be locatable. Actually
> you make it easier reachable by adding its address to the DNS usually. So,
> there are usually easier and more effective ways of finding it than scanning
> the whole network. For instance, if you want to attack the mail server of a
> network, you don't usually scan the whole network, but look at the
> appropriate MX record - just the same you would do if you want to send mail
> to that network. So, advising people to change the addresses on their
> servers seem unlikely to bring any benefit.
>
> I don't think the section is per se harmful. However, it might confuse some
> readers. An I think the section not particularly useful either. I would
> propose to remove it completely.

I think what's confusing is that it is nothing to do with scanning attacks.
I have no idea whether the example given is real (do spammers log IP addresses
of mail servers rather than using current MX records?) but they don't get them
as a result of scanning, surely?

So while the section may make perfect sense, I agree with Jonne that it doesn't
really belong here. Section 5.6 *does* make sense to me, but would need
some rephrasing if 5.5 goes. In fact I would tie 5.6 closely to 5.1 (use
a different privacy address for each new application instance, if you
really want to confuse scanners).

    Brian