{"draft":"draft-ietf-opsec-ipv6-host-scanning-08","doc_id":"RFC7707","title":"Network Reconnaissance in IPv6 Networks","authors":["F. Gont","T. Chown"],"format":["ASCII","HTML"],"page_count":"38","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Operational Security Capabilities for IP Network Infrastructure","abstract":"IPv6 offers a much larger address space than that of its IPv4\r\ncounterpart.  An IPv6 subnet of size \/64 can (in theory) accommodate\r\napproximately 1.844 * 10^19 hosts, thus resulting in a much lower host\r\ndensity (#hosts\/#addresses) than is typical in IPv4 networks, where a\r\nsite typically has 65,000 or fewer unique addresses.  As a result, it\r\nis widely assumed that it would take a tremendous effort to perform\r\naddress-scanning attacks against IPv6 networks; therefore, IPv6\r\naddress-scanning attacks have been considered unfeasible.  This\r\ndocument formally obsoletes RFC 5157, which first discussed this\r\nassumption, by providing further analysis on how traditional\r\naddress-scanning techniques apply to IPv6 networks and exploring some\r\nadditional techniques that can be employed for IPv6 network\r\nreconnaissance.","pub_date":"March 2016","keywords":[],"obsoletes":["RFC5157"],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7707","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7707"}