在 Linux 上使用 IPv6?你很可能已经被 Shodan 和其他扫描仪访问过了。

  • IPv6 Benefits and Privacy: IPv6 offers enhanced privacy compared to IPv4 with a huge number of theoretical addresses (2128 or about 3.4×1038). Its IP pool is immune to systematic scans by criminals. IPv6 addresses can have changing, partially randomized extensions, providing quasi anonymity.
  • Scanner's Method: Network administrators discovered that scanners can pierce IPv6's cloak by setting up IPv6-based Network Time Protocol (NTP) services. The server operators can harvest IPv6 addresses and scan them for vulnerabilities. Shodan has been contributing NTP services and scanning devices.
  • Shodan's Harvesting: Shodan's harvesting scheme ended when NTP Pool Project maintainers ejected its time-keeping servers. But it's likely others were or still are doing the same. This means IPv6 privacy assurances may be diminished.
  • NTP Pool Project and IPv6: IPv6 is growing rapidly, with about 10 percent of Google users using it. All major operating systems offer IPv6 connectivity by default. The exhaustion of IPv4 addresses and the proliferation of connected devices lead to an expected increase in IPv6 traffic.
  • Security Implications: IPv6's added security has led some administrators and manufacturers to overlook v6 device defenses. For example, the Buffalo WZR-HP-G300NH router supports IPv6 routing but lacks IPv6 firewall capabilities. Shodan's harvesting shows the security-through-obscurity approach doesn't work.
  • Revelations about Shodan: Network administrator Brad Hein noticed unsolicited scans on his IPv6 devices. By connecting to NTP servers, he found that Shodan was using them to harvest v6 addresses. DNS lookups confirmed the IP addresses belonged to Shodan.
  • Proposed Remedies: Some forum participants suggested using a secondary v6 address for NTP queries or limiting IPv6 address lifespan. But these may not provide much protection due to the short turnaround time. Admins need to apply strict firewall regimens to v6 devices.
  • Conclusion: People should accept that some harvesting is unavoidable and apply the same firewall measures to v6 devices as for v4 devices. Probing the Internet is a common occurrence, and devices should be prepared for it.
阅读 6
0 条评论