Skip to main content

IPv6 Implications for Network Scanning
draft-ietf-v6ops-scanning-implications-04

Revision differences

Document history

Date Rev. By Action
2012-08-22
04 (System) post-migration administrative database adjustment to the No Objection position for Jari Arkko
2012-08-22
04 (System) post-migration administrative database adjustment to the No Objection position for Tim Polk
2012-08-22
04 (System) post-migration administrative database adjustment to the No Objection position for Russ Housley
2008-01-22
04 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2008-01-22
04 Amy Vezza IESG state changed to Approved-announcement sent
2008-01-22
04 Amy Vezza IESG has approved the document
2008-01-22
04 Amy Vezza Closed "Approve" ballot
2008-01-22
04 Ron Bonica State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Ron Bonica
2008-01-22
04 (System) IANA Action state changed to No IC from In Progress
2008-01-22
04 (System) IANA Action state changed to In Progress
2008-01-22
04 Jari Arkko [Ballot Position Update] Position for Jari Arkko has been changed to No Objection from Discuss by Jari Arkko
2007-11-20
04 Russ Housley [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley
2007-11-20
04 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Undefined by Tim Polk
2007-11-20
04 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to Undefined from Discuss by Tim Polk
2007-11-19
04 (System) Sub state has been changed to AD Follow up from New Id Needed
2007-11-19
04 (System) New version available: draft-ietf-v6ops-scanning-implications-04.txt
2007-11-03
04 Samuel Weiler Request for Telechat review by SECDIR Completed. Reviewer: Jeffrey Hutzelman.
2007-11-02
04 (System) Removed from agenda for telechat - 2007-11-01
2007-11-01
04 Amy Vezza State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza
2007-11-01
04 Jari Arkko
[Ballot discuss]
Overall, this document would be improved if it simply
described the implications or lack thereof for scanning,
as opposed to starting from the …
[Ballot discuss]
Overall, this document would be improved if it simply
described the implications or lack thereof for scanning,
as opposed to starting from the statement that scanning
is much harder in IPv6, and going through rather extreme
pain in making that statement true (e.g., filling DNS
with 2^64 entries).

Some suggested specific improvements:

From the abstract:

> The 128 bits of IPv6 address space is considerably bigger than the 32
> bits of address space of IPv4.  In particular, the IPv6 subnets to
> which hosts attach will by default have 64 bits of host address
> space.  As a result, traditional methods of remote TCP or UDP network
> scanning to discover open or running services on a host will
> potentially become less feasible, due to the larger search space in
> the subnet.  In addition automated attacks, such as those performed
> by network worms, that pick random host addresses to propagate to,
> may be hampered.  This document discusses this property of IPv6 and
> describes related issues for IPv6 site network administrators to
> consider, which may be of importance when planning site address
> allocation and management strategies.  While traditional network
> scanning probes (whether by individuals or automated via network
> worms) may become less common, administrators should be aware of
> other methods attackers may use to discover IPv6 addresses on a
> target network, and also be aware of appropriate measures to mitigate
> them.

I would rewrite this as:

  The 128 bits of IPv6 address space is considerably bigger than the 32
  bits of address space of IPv4.  In particular, the IPv6 subnets to
  which hosts attach will by default have 64 bits of host address
  space. This document discusses the implications or lack thereof
  for scanning attacks that attempt to discover open or running
  services on a host. There is little difference for attackers
  residing on the same network as victims. Some additional protection
  is provided when the attackers are elsewhere in the Internet, assuming
  the victim hosts are not easily found from DNS. However, there are
  other means to acquire address information, administrators should be
  aware of these methods, and also be aware of appropriate
  measures to mitigate them.

The rest of the document:

> 4. Alternatives for Attackers: On-link
>
> 4.1. General on-link methods
>
>
> If the attacker is on link, then traffic on the link, be it Neighbour
> Discovery or application based traffic, can invariably be observed,
> and target addresses learnt.  In this document we are assuming the
> attacker is off link ...

This seems contradictory. I would suggest not claiming such an
assumption. I think it is valuable to document the implications
for both on-link and off-link. (And the implications are at
a high level imho that for on-link there isn't much of a change
for on-link, and that there are some benefits in the off-link
situation under certain assumptions.)

> IPv6-enabled hosts on local subnets may be discovered through probing
> the "all hosts" link local multicast address.

For clarification, it would be better to start with "In addition
to making observations of traffic on the link, additional IPv6-enabled
hosts on local subnets may be ..."

Otherwise, the issue of merely listening on the link does not stand
out as prominently as it should be.

> 3.4. Log File Analysis

> By using the IPv6 Privacy Extensions [3] hosts in a network may only
> be able to connect to external systems using their current
> (temporary) privacy address.

This seems incorrect. The privacy extensions certainly leave the
hosts in charge of how they want to connect. By no means is there
any prevention of them using their stable address, too, if they
want to .

> It may be worth exploring whether firewalls can be adapted to allow
> the option to block traffic initiated to a known IPv6 Privacy Address
> from outside a network boundary.  While some applications may
> genuinely require such capability, it may be useful to be able to
> differentiate in some circumstances.

There is no way to know what addresses are "known privacy addresses".

> dns filling
> 5.5 Rolling server addresses

The document contains recommendations that IMHO go way beyond
the cost/benefit ratio that makes sense. I would suggest
deleting these.

> Due to the much larger size of IPv6 subnets in comparison to IPv4 it
> will become less feasible for network scanning methods to detect open
> services for subsequent attacks.

I would say "less feasible .. assuming attackers are off-site
and the victim hosts and services are not listed in DNS."

> If administrators number their IPv6
> subnets in 'random', non-predictable ways, attackers, whether they be
> in the form of automated network scanners or dynamic worm
> propagation, will need to use new methods to determine IPv6 host
> addresses to target.  Of course, if those systems are dual-stack, and
> have open IPv4 services running, they will remain exposed to
> traditional probes over IPv4 transport.

This does not seem to include IP address leakage from logs, etc
as discussed earlier in the document.
2007-11-01
04 Jari Arkko
[Ballot discuss]
Overall, this document would be improved if it simply
described the implications or lack thereof for scanning,
as opposed to starting from the …
[Ballot discuss]
Overall, this document would be improved if it simply
described the implications or lack thereof for scanning,
as opposed to starting from the statement that scanning
is much harder in IPv6, and going through rather extreme
pain in making that statement true (e.g., filling DNS
with 2^64 entries).

Some suggested specific improvements:

From the abstract:

> The 128 bits of IPv6 address space is considerably bigger than the 32
> bits of address space of IPv4.  In particular, the IPv6 subnets to
> which hosts attach will by default have 64 bits of host address
> space.  As a result, traditional methods of remote TCP or UDP network
> scanning to discover open or running services on a host will
> potentially become less feasible, due to the larger search space in
> the subnet.  In addition automated attacks, such as those performed
> by network worms, that pick random host addresses to propagate to,
> may be hampered.  This document discusses this property of IPv6 and
> describes related issues for IPv6 site network administrators to
> consider, which may be of importance when planning site address
> allocation and management strategies.  While traditional network
> scanning probes (whether by individuals or automated via network
> worms) may become less common, administrators should be aware of
> other methods attackers may use to discover IPv6 addresses on a
> target network, and also be aware of appropriate measures to mitigate
> them.

I would rewrite this as:

  The 128 bits of IPv6 address space is considerably bigger than the 32
  bits of address space of IPv4.  In particular, the IPv6 subnets to
  which hosts attach will by default have 64 bits of host address
  space. This document discusses the implications or lack thereof
  for scanning attacks that attempt to discover open or running
  services on a host. Administrators should be aware of
  other methods attackers may use to discover IPv6 addresses on a
  target network, and also be aware of appropriate
  measures to mitigate them.

The rest of the document:

> 4. Alternatives for Attackers: On-link
>
> 4.1. General on-link methods
>
>
> If the attacker is on link, then traffic on the link, be it Neighbour
> Discovery or application based traffic, can invariably be observed,
> and target addresses learnt.  In this document we are assuming the
> attacker is off link ...

This seems contradictory. I would suggest not claiming such an
assumption. I think it is valuable to document the implications
for both on-link and off-link. (And the implications are at
a high level imho that for on-link there isn't much of a change
for on-link, and that there are some benefits in the off-link
situation under certain assumptions.)

> IPv6-enabled hosts on local subnets may be discovered through probing
> the "all hosts" link local multicast address.

For clarification, it would be better to start with "In addition
to making observations of traffic on the link, additional IPv6-enabled
hosts on local subnets may be ..."

Otherwise, the issue of merely listening on the link does not stand
out as prominently as it should be.

> 3.4. Log File Analysis

> By using the IPv6 Privacy Extensions [3] hosts in a network may only
> be able to connect to external systems using their current
> (temporary) privacy address.

This seems incorrect. The privacy extensions certainly leave the
hosts in charge of how they want to connect. By no means is there
any prevention of them using their stable address, too, if they
want to .

> It may be worth exploring whether firewalls can be adapted to allow
> the option to block traffic initiated to a known IPv6 Privacy Address
> from outside a network boundary.  While some applications may
> genuinely require such capability, it may be useful to be able to
> differentiate in some circumstances.

There is no way to know what addresses are "known privacy addresses".

> dns filling
> 5.5 Rolling server addresses

The document contains recommendations that IMHO go way beyond
the cost/benefit ratio that makes sense. I would suggest
deleting these.

> Due to the much larger size of IPv6 subnets in comparison to IPv4 it
> will become less feasible for network scanning methods to detect open
> services for subsequent attacks.

I would say "less feasible .. assuming attackers are off-site
and the victim hosts and services are not listed in DNS."

> If administrators number their IPv6
> subnets in 'random', non-predictable ways, attackers, whether they be
> in the form of automated network scanners or dynamic worm
> propagation, will need to use new methods to determine IPv6 host
> addresses to target.  Of course, if those systems are dual-stack, and
> have open IPv4 services running, they will remain exposed to
> traditional probes over IPv4 transport.

This does not seem to include IP address leakage from logs, etc
as discussed earlier in the document.
2007-11-01
04 Jari Arkko
[Ballot discuss]
> 4. Alternatives for Attackers: On-link
>
> 4.1. General on-link methods
>
>
> If the attacker is on link, then traffic …
[Ballot discuss]
> 4. Alternatives for Attackers: On-link
>
> 4.1. General on-link methods
>
>
> If the attacker is on link, then traffic on the link, be it Neighbour
> Discovery or application based traffic, can invariably be observed,
> and target addresses learnt.  In this document we are assuming the
> attacker is off link ...

This seems contradictory. I would suggest not claiming such an
assumption. I think it is valuable to document the implications
for both on-link and off-link. (And the implications are at
a high level imho that for on-link there isn't much of a change
for on-link, and that there are some benefits in the off-link
situation under certain assumptions.)

> IPv6-enabled hosts on local subnets may be discovered through probing
> the "all hosts" link local multicast address.

For clarification, it would be better to start with "In addition
to making observations of traffic on the link, additional IPv6-enabled
hosts on local subnets may be ..."

Otherwise, the issue of merely listening on the link does not stand
out as prominently as it should be.

> 3.4. Log File Analysis

> By using the IPv6 Privacy Extensions [3] hosts in a network may only
> be able to connect to external systems using their current
> (temporary) privacy address.

This seems incorrect. The privacy extensions certainly leave the
hosts in charge of how they want to connect. By no means is there
any prevention of them using their stable address, too, if they
want to .

> It may be worth exploring whether firewalls can be adapted to allow
> the option to block traffic initiated to a known IPv6 Privacy Address
> from outside a network boundary.  While some applications may
> genuinely require such capability, it may be useful to be able to
> differentiate in some circumstances.

There is no way to know what addresses are "known privacy addresses".
2007-11-01
04 Jari Arkko
[Ballot discuss]
> 4. Alternatives for Attackers: On-link
>
> 4.1. General on-link methods
>
>
> If the attacker is on link, then traffic …
[Ballot discuss]
> 4. Alternatives for Attackers: On-link
>
> 4.1. General on-link methods
>
>
> If the attacker is on link, then traffic on the link, be it Neighbour
> Discovery or application based traffic, can invariably be observed,
> and target addresses learnt.  In this document we are assuming the
> attacker is off link ...

This seems contradictory. I would suggest not claiming such an
assumption. I think it is valuable to document the implications
for both on-link and off-link. (And the implications are at
a high level imho that for on-link there isn't much of a change
for on-link, and that there are some benefits in the off-link
situation under certain assumptions.)
2007-11-01
04 Jari Arkko [Ballot Position Update] New position, Discuss, has been recorded by Jari Arkko
2007-11-01
04 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2007-11-01
04 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2007-11-01
04 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2007-11-01
04 Chris Newman [Ballot comment]
I concur with Sam.
2007-11-01
04 Chris Newman [Ballot Position Update] New position, Abstain, has been recorded by Chris Newman
2007-10-31
04 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2007-10-31
04 Tim Polk
[Ballot discuss]
To be effective, address obfuscation must be performed in coordination with local
security organization (since they probably employ tools that depend on scanning), …
[Ballot discuss]
To be effective, address obfuscation must be performed in coordination with local
security organization (since they probably employ tools that depend on scanning),
the local DNS folks (since DNS walking and zone transfers can expose the same
information), and an effective security policy for local hosts (since log files, etc. may
provide the same information).  That is, address obfuscation can add a layer of
protection in a well-coordinated environment with decent security already.  If
deployed in a haphazard fashion or in an environment that in already insecure it
is a waste of time.

While some of this is said in the body of the document, I beieve that it should be
clearl;y stated in the security considerations.
2007-10-31
04 Tim Polk [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk
2007-10-31
04 Cullen Jennings
[Ballot comment]
Section 3.2

I suspect I am not understanding this because I am thinking it might require a huge number of DNS entries. How …
[Ballot comment]
Section 3.2

I suspect I am not understanding this because I am thinking it might require a huge number of DNS entries. How many entries will this be in DNS? Is that amount alright?


Section 5.5 , para 2.

I don't see how this would help - wouldn't spammer just use the DNS name?


Section 2.5

I'm a little confused by what you mean by "on link" here when we are talking about switches. Do you just mean that the Administrator will have ways of knowing all the IP talking to the switches?

Section 5.4 - note this is a comment not discuss.
I am somewhat uncomfortable with a information document from a different WG putting strong specifications on how a DHCP server should work.
2007-10-31
04 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2007-10-30
04 Sam Hartman [Ballot comment]
I don't think the quality or value of this document justifies publication.
2007-10-30
04 Sam Hartman [Ballot Position Update] New position, Abstain, has been recorded by Sam Hartman
2007-10-29
04 Russ Housley
[Ballot discuss]
Based on Gen-ART Review by Brian Carpenter.
 
  Section 3.2 says:
  >
  > It is also worth noting that the …
[Ballot discuss]
Based on Gen-ART Review by Brian Carpenter.
 
  Section 3.2 says:
  >
  > It is also worth noting that the reverse DNS tree may also expose
  > address information.  In such cases, populating the reverse DNS
  > tree for the entire subnet, even if not all addresses are actually
  > used, may reduce that exposure.
  >
  Do we really think that it is okay to publish up to 2^64 bogus PTR
  records for every subnet?
2007-10-29
04 Russ Housley [Ballot Position Update] New position, Discuss, has been recorded by Russ Housley
2007-10-27
04 Lars Eggert
[Ballot comment]
Section 1., paragraph 6:
>    Finally, note that this document is currently intended to be
>    informational; there is not yet …
[Ballot comment]
Section 1., paragraph 6:
>    Finally, note that this document is currently intended to be
>    informational; there is not yet sufficient deployment experience for
>    it to be considered BCP.

  Suggest to rephrase "is currently intended to be" as "has been
  published as".


Section 10., paragraph 2:
>    [2]  Thomson, S. and T. Narten, "IPv6 Stateless Address
>          Autoconfiguration", RFC 2462, December 1998.

  Obsoleted by RFC 4862.


Section 10., paragraph 3:
>    [3]  Narten, T. and R. Draves, "Privacy Extensions for Stateless
>          Address Autoconfiguration in IPv6", RFC 3041, January 2001.

  Obsoleted by RFC 4941.


Section 10., paragraph 12:
>    [12]  Davies, E., Krishnan, S., and P. Savola, "IPv6 Transition/
>          Co-existence Security Considerations
>          (draft-ietf-v6ops-security-overview-06)", October 2007.

  Published as RFC 4942.
2007-10-27
04 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2007-10-26
04 Samuel Weiler Request for Telechat review by SECDIR is assigned to Jeffrey Hutzelman
2007-10-26
04 Samuel Weiler Request for Telechat review by SECDIR is assigned to Jeffrey Hutzelman
2007-10-26
04 Amanda Baber IANA Evaluation comments:

As described in the IANA Considerations section, we understand this document
to have NO IANA Actions.
2007-10-19
04 Ron Bonica [Ballot Position Update] New position, Yes, has been recorded for Ronald Bonica
2007-10-19
04 Ron Bonica Ballot has been issued by Ron Bonica
2007-10-19
04 Ron Bonica Created "Approve" ballot
2007-10-19
04 (System) Ballot writeup text was added
2007-10-19
04 (System) Last call text was added
2007-10-19
04 (System) Ballot approval text was added
2007-10-19
04 Ron Bonica Placed on agenda for telechat - 2007-11-01 by Ron Bonica
2007-10-19
04 Ron Bonica State Changes to IESG Evaluation from Publication Requested by Ron Bonica
2007-06-21
04 Dinara Suleymanova
PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, …
PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

I am the document shepherd, and I believe that this is ready for
publication.

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

The Acknowledgments sections notes a number of direct contributors:

Thanks are due to people in the 6NET project (www.6net.org) for
discussion of this topic, including Pekka Savola, Christian Strauf
and Martin Dunmore, as well as other contributors from the IETF
v6ops
and other mailing lists, including Tony Finch, David Malone, Bernie
Volz, Fred Baker, Andrew Sullivan, Tony Hain, Dave Thaler and Alex
Petrescu.

In addition, there was some discussion on the list and in the working
group, mostly in review.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization, or XML?

No, I don't think it needs to have further review.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the
document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this
document
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
this issue.

In truth, I think the biggest value of the document is in debunking
some of the marketing concerning IPv6. The statement has been made
for some time that IPv6 is inherently more secure than IPv4 because
IPsec is an interior header rather than a sub-layer between IP and
its transport, and that the larger address space makes network
scanning an inefficient attack. In fact, the additional security of
IPv6 is debatable - there are other ways to scan a network, such as
sending a ping to the local broadcast address, and other ways to find
the systems on a LAN without directly sending a message to any of
them. The draft makes what I consider a fairly objective review of
the tactics that attackers and defenders might use and gives
practical advice intended to help operational staff ensure the
security of their networks.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

As noted, there have been a number of reviewers and participants,
mostly one-on-one with the author. Working group review has reflected
a perception that the document is done and waiting for the IETF
process to push it out.

(1.f) Has anyone threatened an appeal or otherwise indicated
extreme
discontent? If so, please summarize the areas of conflict in
separate email messages to the Responsible Area Director.
(It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

Not to my knowledge.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/.) Boilerplate checks are
not enough; this check needs to be thorough.

Yes, and it passes those checks.

The result of the idnits tools is as follows:

idnits 2.04.09

tmp/draft-ietf-v6ops-scanning-implications-03.txt:

Checking boilerplate required by RFC 3978 and 3979, updated by RFC
4748
:

------------------------------------------------------------------------
----

No issues found here.

Checking nits according to http://www.ietf.org/ietf/1id-
guidelines.txt:

------------------------------------------------------------------------
----

No issues found here.

Checking nits according to http://www.ietf.org/ID-Checklist.html:

------------------------------------------------------------------------
----

No issues found here.

Miscellaneous warnings:

------------------------------------------------------------------------
----

No issues found here.

Checking references for intended status: Informational

------------------------------------------------------------------------
----

No issues found here.

No nits found.
------------------------------------------------------------------------
--------

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents
that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative
references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

The references have been split, in the sense that they are all
considered "informative". There are no "normative" references.

(1.i) Has the Document Shepherd verified that the document's IANA
Considerations section exists and is consistent with the body
of the document?

There are no IANA considerations for this document, and the IANA
considerations section says that.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

there are no such sections.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up. Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

The 128 bits of IPv6 address space is considerably bigger than the 32
bits of address space of IPv4. In particular, the IPv6 subnets to
which hosts attach will by default have 64 bits of host address
space. As a result, traditional methods of remote TCP or UDP network
scanning to discover open or running services on a host will
potentially become less feasible, due to the larger search space in
the subnet. In addition automated attacks, such as those performed by
network worms, that pick random host addresses to propagate to, may
be hampered. This document discusses this property of IPv6 and
describes related issues for IPv6 site network administrators to
consider, which may be of importance when planning site address
allocation and management strategies. While traditional network
scanning probes (whether by individuals or automated via network
worms) may become less common, administrators should be aware of
other methods attackers may use to discover IPv6 addresses on a
target network, and also be aware of appropriate measures to mitigate
them.


Working Group Summary

The working group process was uneventful.

Document Quality

The document addresses the widespread practice in IPv4 of scanning a
network to detect the presence of hosts, how hosts might be detected
in an IPv6 network, and how an administration might defend against
those attacks. The working group generally believes that it will be
helpful to an IPv6 network administration.

Personnel

The Document Shepherd is Fred Baker. Ron Bonica is He Who Is
Responsible.
2007-06-21
04 Dinara Suleymanova Draft Added by Dinara Suleymanova in state Publication Requested
2007-03-28
03 (System) New version available: draft-ietf-v6ops-scanning-implications-03.txt
2007-03-08
02 (System) New version available: draft-ietf-v6ops-scanning-implications-02.txt
2006-10-26
01 (System) New version available: draft-ietf-v6ops-scanning-implications-01.txt
2006-06-21
00 (System) New version available: draft-ietf-v6ops-scanning-implications-00.txt