Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Network Networking

Mapping the Spectral Landscape of IPv6 Networks (duo.com) 163

Trailrunner7 writes: Like real estate, we're not making any more IPv4 addresses. But instead of trying to colonize Mars or build cities under the sea, the Internet's architects developed a separate address scheme with an unfathomably large pool of addresses. IPv6 has an address space of 2^128, compared to IPv4's 2^32, and as the exhaustion of the IPv4 address space began to approach, registries started allocating IPv6 addresses and there now are billions of those addresses active at any given time. But no one really knows how many or where they are or what's behind them or how they're organized.

A pair of researchers decided to tackle the problem and developed a suite of tools that can find active IPv6 addresses both in the global address space and in smaller, targeted networks. Known as ipv666, the open source tool set can scan for live IPv6 hosts using a statistical model that the researchers built. The researchers, Chris Grayson and Marc Newlin, faced a number of challenges as they went about developing the ipv666 tools, including getting a large IPv6 address list, which they accumulated from several publicly available data sets. They then began the painful process of building the statistical model to predict other IPv6 addresses based on their existing list.

That may seem weird, but IPv6 addresses are nothing at all like their older cousins and come in a bizarre format that doesn't lend itself to simple analysis or prediction. Grayson and Newlin wanted to find as many live addresses as possible and ultimately try to figure out what the security differences are between devices on IPv4 and those on IPv6.

This discussion has been archived. No new comments can be posted.

Mapping the Spectral Landscape of IPv6 Networks

Comments Filter:
  • by Anonymous Coward

    Remember when /. used to be a tech site that knew "large, but finite" wasn't the same as "infinite"?
    Pepperidge Farm remembers.

    Natalie Portman would be ashamed of being referenced by a site like this!

    • Remember when /. was a content aggregator, providing news for nerds, stuff that matters and not the goddam author of the fucking articles?

      • I do remember when /. was a content aggregator. At the time, people complained that the posted articles were things they had already seen elsewhere. (quite often weeks before) There have been a few times in /. history where the staff flat out asked the users for suggestions on improving the site. One perennial suggestion was to provide meaningful, original content. This article is clearly geek worthy, whether it matters is subject to individual taste, so they are fulfilling their mission statement.
    • I could say I remembered a time when Slashdot didn't get fixed into details of semantics. However that was never the case.
      2^128 would be enough for every atom on earth to get an address. So in essence it is more then we could ever conceive of using. In terms of practicality the supply of address is so high, we can treat it like infinity

      • But then you have to take into account that any IPv6 endpoint is meant to have a whole /64 to itself to allow for the automatic host part of an address based on MAC address, or the privacy addresses, or .... And then any ISP is meant to be giving /56 (or even more) to each customer, so as to allow them to do some subnetting themselves without abusing the /64 (like I do).

        So, we're mostly left with something like 2^56 effective IPv6 addresses, 2^64 if you squint. It's still a huge number, but not anythin

        • by Calydor ( 739835 )

          For the purpose of determining active addresses, though, it's still 2^128. Just because every customer is given a /56 doesn't mean that every single one of those addresses is useful and active.

          • by thogard ( 43403 )

            People are scanning IPv6 the same way they used to brute force SNMP MIBs.

            There are two different issues. First is finding networks and the second is finding hosts on a network.

            You start by mapping the routable /32. You can take short cuts if you have access to a global routing table. That drops the number of networks from about 4 billion to less than 2,000 with no scanning at all. Inside each /32 is a /48 to /56. Once again a global routing table will reduce the search space. The right kind of ping ca

  • golang? (Score:2, Interesting)

    by QuietLagoon ( 813062 )
    I've been seeing some golang spider probing my websites in an odd way, so now it is blocked.
    • That was invented by Evonne Goolagong and, sure, her racket had a kind of "web," (sorta), but it's not blocked.

      Sadly, she died.

  • by rahvin112 ( 446269 ) on Monday December 03, 2018 @11:03AM (#57740642)

    The Post author is completely wrong when he says that IPv6 is in some bizarre format. IPv6 is exactly the same as IPv4, it's block of numbers. The primary difference is that IPv4 was arranged in a set of 4 blocks of 255 bit numbers. This was workable with a 32 bit address. Ipv6 on the other hand has 128 bits.

    To handle a 128 bit address with the same 255 block format of ipv4 you'd need 16 blocks rather than 4. To make this easier and narrow it down to just 8 blocks of 4 digits they decided using HEX would be easier. The addressing scheme was also designed to solve many of the problems Ipv4 had, including automatic creation of a private locally addressable-only address space (the link local).

    They also added an address assignment scheme that didn't required DHCP to find an assign an IPv6 address. This is called SLACC and in theory makes it trivial to setup an IPv6 network of devices without needing to build a huge DHCP server (for example in a factory where machinery needs IP addresses but have very primitive computing resources). They also designed the network so that it wouldn't be fragmented requiring huge BGP tables. Every Ipv6 network address is supposed to come with 64 bits of addresses for the user (providing the ISP complies with the RFC and provides each user a /64 as the RFC requires. What this means is that with every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network.

    There was a lot of though that went into IPv6 into solving a lot of the problems of IPv4. It does take a little getting used to because the numbers are so much bigger and it uses HEX by default to narrow down the number of digits. But other than the spin up of learning about all the new features of IPv6 and getting used to using HEX addressing it's quite a bit nicer to use IMO.

    • They probably just discovered nmap and now are "security researchers".
    • Re: (Score:2, Insightful)

      by sosume ( 680416 )

      Maybe it's not bizarre for someone with years of background, but to regular users, the address format is the biggest hurdle to adoption. I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex. Whoever designed that should be put against the wall retroactively.
      My IP is ::::ff::00 -- say what? My gateway address is ::::323::f0::c7, so my local address is ::::00::e1::27??

      I still don't

      • by stooo ( 2202012 ) on Monday December 03, 2018 @11:28AM (#57740782) Homepage

        >> but to regular users, the address format is the biggest hurdle to adoption.
        That's OK.
        Regular users don't need to do anything with an IP address.

        • Yeah, I used Excel to generate a whole list of IPv4 and port combinations to scan and record open ports. Then I'd reduce the population to that useful subset and continue refining until I could get positive hits on common ports like FTP, RDP, Telnet, SMTP and all that simple stuff and entertain myself for hours.

          IPv6 was too hard for automation so I stick with IPv4.

          All you bastards or bitches, as may apply are welcome and stuff.

          • How is it hard?

            Remember, (type):(prefix):(suffix)

            Where everything in the prefix is either a 16 bit identifier for a router at a particular level or a zero - and 16 bits of zeroes are only possible if what is left is the suffix.

            So, you have a 16 bit pointer into a 16 bit pointer into a 16 bit pointer and so on until you reach the 48 bit suffix.

            Tables that point into tables. And you found you couldn't manage this in automation.

            Pardon my whilst I spill tea laughing helplessly.

            This is not only the simplest poss

        • >> but to regular users, the address format is the biggest hurdle to adoption. That's OK. Regular users don't need to do anything with an IP address.

          Except tell them to websites and services that have inadvertently blocked them.

          And sometimes, if they are super helpful, provide them to developers who are troubleshooting issues ...

      • Easy.

        The top two bytes identify packet type.

        The next two bytes are the ID of a router.

        The next two bytes are the ID of a router on a given connection.

        And so on, until you reach 48 bits that identify the computer on a router.

        From any given point, you care about the two bytes above and either the two bytes below or the 6 bytes below if they're the last 6.

        It's the equivalent of being given directions. Take a left at the third roundabout, then take a right at the second traffic light.

        There's no nine year old ou

      • by rl117 ( 110595 )
        The scheme is simple and takes just a few minutes to familiarise yourself with. That's all it is, familiarity. By the way, you only need two colons "::", which means "pad blocks with zeros". The rest are redundant. For example my link-local address is currently fe80::e2d5:5eff:fea8:50c9; my global address is something like 2001:8b0:860:ccbe:243b:81de:43b2:fb37. So it's 8 blocks of 4 hex digits, separated by colons, with optional eliding of ":0000:" with "::". That's it. Your nine year old should be a
        • That's the tip of the iceberg though. There's link local addressing, how subnetting is handled etc. and that's even without going into the other aspects of the protocol like extension headers and replacement of ARP, tunneling IPv6 over IPv4 and vice versa etc. It's a lot to take in.
          • by rl117 ( 110595 )
            Most of that can be ignored though. Tunelling is dead; ignore it. It's 0.00% for the last couple of years, 0.01 or less for the last 6 years. 26% native today. So not important to learn-just go native. Link-local can be ignored for the most part; avahi/zeroconf and the like make it transparent. Subnets are also ignorable since it's part of the first 64 bits after the routing prefix; there is nothing to configure. For regular setup and use, all of this should be transparent and ignorable for the commo
      • > I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex.

        A phone number uses dashes as separators and is in base 10; IPV6 uses colons and is in base 16. Is it really THAT hard to understand??? (Also you don't write leading zeroes which is true in any base.)

        e.g.
        * 555-1234
        * ::55:12:34

        > adding two octals to the current IPv4 scheme.

        Because if you are going to require a completel

        • Re: (Score:3, Interesting)

          by Anonymous Coward

          Actually, phone numbers are also in base16 - though the end user has no way of dialing {a..f}. It's mainly a curiosity, but they're used internally for diagnostics and range remapping...

      • Re: (Score:2, Informative)

        by Anonymous Coward

        First off, if you're going to complain about something, you really ought to know what you're complaining about. The various addresses you mention are quite frankly. WRONG and INCORRECTLY formatted. An IPv6 address is simply 8 groups of 4 hexadecimal numbers. Then to reduce the length of the notation, you first remove any leading zeros. And finally, you can eliminate the largest string of zeros with "::". A properly formatted IPv6 address will have at most ONE pair of colons with nothing between them.

        So let'

      • If done right most users should never need to see an IPv6 address. Actually they shouldn’t need to see an IPv4 address. This is much the same as most developers don’t need to worry about MAC addresses. When there is a need then they’ll put up with it for as long as it is useful.

        The IPv6 numerical format is designed to clearly handle supporting a 128 bit address. It also provides some features to allowing for the abbreviation of an address, when there is a series of zeros. Also, base 16 pr

        • by arth1 ( 260657 )

          The IPv6 numerical format is designed to clearly handle supporting a 128 bit address. It also provides some features to allowing for the abbreviation of an address, when there is a series of zeros.

          IPv4 also has that.
          127.0.0.1 can also be written 127.1
          192.168.0.1 can also be written 192.168.1

          • I was not aware of that and this does not seem to be common knowledge. Add to that I have never seen an input field allow for that, in the case of IPv4

            • by arth1 ( 260657 )

              Add to that I have never seen an input field allow for that, in the case of IPv4

              People who design input fields are often idiots.
              Most email address fields, for example, will reject many legal and working e-mail addresses, because the designers never consulted the actual RFCs.
              To say nothing about names and addresses. (My "last name" is two words, no hyphen. And I used to live at an address that had no street.)

              But using x, x.y and x.y.z forms for IP addresses really works. Try it in a web browser - if you have a local web server, http://127.1/ [127.1] will work, as it should, and so will http: [http]

      • Isp controlling your local address range is bad for corp networking.

      • Those addresses aren't possible, so irrelevant.

        The format is: (type):(network prefix):(computer suffix)

        How, exactly, is that hard?

        There are dead people who can understand that.

        As noted by others, you can never have ::::

        Since the prefix describes a path, it will typically have no long sequences of zeroes. You get those between the prefix and suffix.

        So it's more likely you'll get: (type):(prefix)::(suffix)

        What if you want to use your IPv4 address as your suffix? That's fine. ::(ipv4) is a perfectly valid suff

      • by Hadlock ( 143607 )

        Ideally everyone is using DNS or some variant. The only time you should be at the IP level is for debugging.

      • I am able to explain an IPv4 address to a nine year old. However I don't understand Ipv6 addressing fully myself as it's just too damn complicated and cryptic with all colons and hex.

        I don't understand IPv4 either. It's so damn hard. At least if I want to go to sprints website via IPv6 I can browse to 2600::

        Via IPv4 it's this jumbled mass of meaningless seemingly random numbers with all of these dots all over the place. 65.173.211.241 ? ? ?? ?

        ::::ff::00 ::::323::f0::c7 ::::00::e1::27

        These are invalid. Zero compression can only be used once.

        I still don't understand what would be hard in adding two octals to the current IPv4 scheme. 10.1.192.168.1.7 would be a valid, understandable address.

        Most people have control over at the very least last 64-bits of their address. My public IPv6 address has only 5 sets of numbers in it and is actually easier to remember than your exam

      • If you're a regular user then even IPv4 can be complicated... I think you mean as a regular sysadmin, or regular network support guy.

        IPv6 is in hex because in the dotted style of IPv4 you'd have 16 numbers. Not just 2 extra octets. So your address might be 1.2.3.4.5.6.7.8.9.10.11.12.13.14.15.16. Do you really need to know all those numbers? A colon is the same as a dot, so that's easy. Hex is easy for anyone who knows about IPv4 anyway, so no worries there. The only snag is the double colon '::', wh

      • the address format is the biggest hurdle to adoption.

        What is this IP address you speak of? A user doesn't care anymore. Plug two windows computers in a network they just work by name. Plug them into a modem they talk to the internet. Even that super complicated networky thing of setting up a router has been reduced to plug it in, turn it on and type http://tplinkwifi.net/ [tplinkwifi.net] (or whatever address your router hijacks) and it magically works.

        Basically these days the need for ipaddress is obsolete for users for any reason other than diagnosing why their network does

    • by Anonymous Coward

      every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network

      Actually you have as many internets worth of IPv4 addresses as there are IPv4 addresses on the internet: 2^32 times 2^32. Don't you think that some of the iimplications of the IPv6 addressing scheme could be considered bizarre? Or how there is no ARP, and every interface has multiple IPv6 addresses, and there are things like "valid" prefixes and "preferred" prefixes and associated addresses and lifetimes? IPv6 is almost nothing like IPv4, except that it uses a number of bits as addresses.

      • The lack of an ARP table is because it is redundant in IPv6. The IPv6 is supposed to be the MAC address.

        Otherwise, I wouldn't consider it bizarre, but flexible. Older networking schemes were designed for limited devices with limited performance capabilities. IPv6 is designed for a future of nearly unlimited devices, and a wide variety of capabilities.

        It is quite possible that either the guys deciding on IPv6 couldn't decide on its implementation, and so built flexibility to allow it to be implemented n
        • The IPv6 is supposed to be the MAC address.

          No part of the IPv6 requires the MAC address to be part of, or even related to, the IPv6 address. It has always been possible to assign arbitrary addresses manually using any suffix you prefer. It is true that many implementations use EUI64 for auto-generated addresses by default, which embeds the MAC address in the IPv6 address suffix as an easy way to make it both stable and unique. However, if you want to avoid sharing your MAC address you can turn on privacy extensions—the relevant RFC dates back

    • by Anonymous Coward

      The problem with /64 being the smallest subnet possible translates to the actual usable number of IP adresses in IPv6 not being 2^128 but more in the range of 2^72 (assuming 256 devices per /64) since too many device in the same subnet cause problems as well.

      Combined with other wasteful decisions (organisations getting /32 subnets, some even wanting /16!), the question how long IPv6 will last us is already on the table.

      Then there are privacy implications since the MAC address of the interface becomes part o

      • You can't have smaller subnets and guarantee unconditionally that people can move around the network from router to router, ISP to ISP, without losing connection.

        The /64 is the real address, the prefix is the address of the address. Indirection.

        When you move between networks, your prefix changes. That information propagates over the Internet, so that all packets heading to your former network location get redirected.

        People ask about NAT and IPv6. This is it. This is NAT that is restricted to the prefix alon

    • by mea2214 ( 935585 )
      Just fired up a Comcast Business circuit. While getting my network working for IPv4 I pinged 8.8.8.8. I had things misconfigured for IPv4 but the IPv6 pings were working. That was truly bizarre.
      • IPv6 was designed to make asking for an IP address obsolete in that it could configure itself automatically with self-discovery.

        People are so used to IPv4 they forget how difficult it was to learn when they first started. One of the IPv6 design goals was to get rid of the whole what is my IP and where do it type it in phase of network setup. You don't need to know your IP, or your netmask or gateway, IPv6 can self discover all of that in addition to being able to self identify local network segments and rou

      • by rl117 ( 110595 )
        A few times recently I've had the IPv4 networking randomly break, but all the IPv6 services and websites worked without interruption. The autoconfiguration is worth something. Better than NetworkMangler which is the cause of the IPv4 outages, no doubt.
      • When Comcast Business first started handing out IPv6, I noticed that IPv4 pings were noticeably slower than IPv4 things. I had heard somewhere that Comcast had switched their entire network over to IPv6-native with IPv4 running through an automatic 4in6 tunnel, "IPv4-as-a-service." They've fixed the IPv4 slowdowns since then, so now both are nearly equal.
    • ...and provides each user a /64 as the RFC requires. What this means is that with every public IPv6 address you have 2 IPv4 networks worth of addresses to use on your own network.

      Actually, 64 bits gives you 2^32 (i.e., about 4 billion) "IPv4 networks worth of addresses to use on your own network". Behold the power of exponentiation!

  • Like real estate, we're not making any more IPv4 addresses.

    New IP addresses are made every time an organization rolls out a VLAN in the 10/8 range.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Reality - we're not giving away FREE ipv4 addresses any more.

      AWS just got 3.0.0.0/8 - I thought we'd run out? Oh wait, lots of big allocations still sitting basically unused all over the place.

      Charge even $1/year and watch how much ipv4 address space frees up.

      • Mobil Oil has a class C that they are not even using. They got bought out by Exxon and those goofballs don't know about it.

    • Like real estate, we're not making any more IPv4 addresses.

      New IP addresses are made every time an organization rolls out a VLAN in the 10/8 range.

      ... and new real estate is made every time Kilauea's lava reaches the sea.
       

      • good catch
      • Balderdash comes to us from the Greeks (ca. Wally of Dilbert) in the form of the concatenated, corrupted words for "more bald," and "haberdashery."

        It applies to old geeks who think "cool," is wearing their ties as a sweat band.

    • Those are not new addresses, they're cohabited old addresses. Same way a block of flats is one building, not a hundred.

    • by fisted ( 2295862 )

      a VLAN in the 10/8 range

      You, Sir, seem to have an excellent understanding of networking. Hats off to you.

      </sarc>

      • That seems to be how some ISPs are solving the problem of providing client modems with IPv4 addresses. PAT is an extension of IPv4 to provide pseudo IPs for those machines on the VLAN with a 10/8.

        So an IPv4 isn't just 255.255.255.255, but it is 255.255.255.255:65536.

        In the context of the summary, it would seem a valid claim, despite the debatable aspect of "creating" vs "allocating/re-allocating".
    • Comment removed based on user account deletion
  • That may seem weird, but IPv6 addresses are nothing at all like their older cousins and come in a bizarre format that doesn't lend itself to simple analysis or prediction.

    Just wait until IPv8 comes out.

  • by argStyopa ( 232550 ) on Monday December 03, 2018 @11:58AM (#57740956) Journal

    Haven't we heard about the "impending" exhaustion of IP addresses now for what, at least a decade?

    • by Anonymous Coward

      While IPv6 is a technological failure -- came way too early, full of design problems, partially already obsolete before good and well deployed -- the IPv4 address space exhaustion is real. You don't hear that much about it yet since the anglophone space still has lots of grandfathered unused space that can be squeezed a bit in a pinch. But CGNAT is the scaled-up version of the idiot and fairly desperate NAT thing, and it shows up in ever more places. Again, often in places that don't necessarily speak Engli

    • But we have essentially exhausted all IP addresses already. We got around it with a hack called NAT. There are some unassigned addresses still but you can't assign them out to just anyone because they belong to particular companies (Ie, IBM).

    • Comment removed based on user account deletion
    • Haven't we heard about the "impending" exhaustion of IP addresses now for what, at least a decade?

      We have, and we've run out. Completely. No new address spaces are being issued. All gone. All allocations are in private hands, and so we have been dicing and splicing and NATing, and then NATing the already NATed just to keep the internet functional. However even that is breaking if you look at BGP table growth: https://bgp.potaroo.net/ [potaroo.net]

      By the way there's a magic number in there that when the BGP table hits will obsolete some older and very VERY expensive gear that is keeping the internet running.

  • by Solandri ( 704621 ) on Monday December 03, 2018 @12:37PM (#57741248)
    I'm seeing more and more help requests from gamers who aren't able to play a networked game because they sit behind a NATed IPv4 firewall they don't control, which blocks the ports their game needs and doesn't have UPnP enabled (for automatic port forwarding). Usually they're apartment dwellers, but a small number of them are people whose ISPs are putting them behind a NAT (i.e. the ISP has more customers than IPv4 addresses).
    • by sims 2 ( 994794 )

      I kind of doubt it as the majority of games seem to be using servers now that can act as a go between to establish NAT to NAT connections.

      The cell carriers have short changed their customers with IPv6.

      With IPv4 on cellular you got a public IPv4 address that you could host a webcam or whatever you wanted and access it remotely with just the IP and port number.

      With IPv6 on cellular they give you a IPv6 address that blocks all incoming connections so even if you know the IP address and port you still can't mak

  • That could claim infinite end points is TUBA, one of the other IPng contenders.

Where are the calculations that go with a calculated risk?

Working...