Malware not scanning IPv6 space

Powered by SC Magazine
 

Dark traffic experiment results show next-generation IP safer than today's.

The chief scientist of a group responsible for providing a stable online infrastructure in Australia says the evolution in the internet's lingua franca is safer from web nasties than that in use today.

Geoff Huston presented research results last week into "dark traffic" in IPv6, the next iteration of internet protocol, the chief scientist for the Asia Pacific Network Information Centre concluding there was no evidence virus scanners probed its empty-address blocks.

Dark traffic was "spam, e-mail denial-of-service attacks, malformed SMTP [e-mail protocol] packets and other requests and communications unrelated to the delivery of valid email messages", according to Net Security magazine.

Huston's research was published on his blog before being shown at the AusNOG conference in Sydney last week.

He estimated there were at least 5.5 Gbps and "possible more of traffic looking around for open ports, particularly port 445" used for file and printer sharing on today's dominant IPv4 networks.

Malicious hackers were "having a field day scanning for port 445, then easily and remotely commandeering Windows machines", according to Gibson Research.

"The IPv4 internet is now heavily polluted with various scanners and probes that attempt to detect the presence of vulnerable systems," Huston wrote in his blog.

"This traffic is dark traffic in that it exists irrespective of whether it solicits a response from a remote system or not."

Huston told delegates last week: "If you get really unlucky you actually get in excess of a megabit of traffic on a [slash]-24 that you never asked for. And if you're lucky enough to own 1.1.1.0/24 you're going to get 100 megabits of traffic every second, just continuous s--t."

The slash referred to the number of internet protocol addresses in a block assigned to a regional internet registry such as APNIC and the number of bits in the network, respectively.

Huston and other researchers used a "black hole" to conduct experiments in late June.

"Traffic can enter the experimental setup, but the setup generates no packets in response. All received packets are recorded," Huston explained in his blog.

The research found almost no dark traffic in IPv6.

"There is less than one packet per second of truly moronic-ly dark traffic, traffic going to nowhere," Huston said.

"In actual fact the true dark traffic is one packet every 36 seconds for an entire /12. There is almost no traffic at all.

"As far as I can see what happens in IPv4 - which is pretty toxic, quite frankly port 445 is just a huge amount of traffic - doesn't happen in IPv6 at all.

"There's no visible evidence right now of virus scanning in IPv6. The current tools and techniques used to infect folk in IPv4 is not being translated into v6 and actually cant be translated in that way."

That did not mean IPv6 was "all sunlight, flowers and waltzes through the meadows", he said.

Malicious users will "have to reverse scan the [domain name system] or something else to try and find out where you are and infect you", Huston said.

Copyright © iTnews.com.au . All rights reserved.


Malware not scanning IPv6 space
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1498

Vote