Abstract—It is tempting to assume that for IPv6, with its
64-bit Interface IDs (IIDs), some existing address scanning
attacks have become infeasible. RFC 5157 suggests how
Interface IDs could be allocated so as to minimize a site’s
vulnerability to address scans, essentially by using IIDs
consisting of a pseudorandom sequence of 1s and 0s. In this
paper, we investigate how network administrators are actually
allocating their Interface IDs. We have developed and carried
out a survey of various IPv6 addresses from 50 countries. We
find that few network administrators are using RFC 5157’s
allocation methods; instead we find that most network
administrators are using one of five simple allocation schemes
which tend to leave zero bits in large sections of their Interface
IDs. We observe that such schemes can leave networks
vulnerable to address scanning.
Index Terms—Address allocation mechanisms, IPv6, privacy,
security.
Qinwen Hu is with at computer science department of the University of
Auckland, Private Bag 92019, Auckland 1142, New Zealand (e-mail:
qhu009@aucklanduni.ac.nz).
Nevil Brownlee is with the CAIDA (the Cooperative Association for
Internet Data Analysis), the WAND Network Research group at the
University of Waikato and the IPFIX (IP Flow Information Export) Working
Group.
[PDF]
Cite: Qinwen Hu and Nevil Brownlee, "IPv6 Host Address Usage Survey," International Journal of Future Computer and Communication vol. 3, no. 5, pp. 341-345, 2014.