IPv4 and IPv6 Greynets
Note: This ballot was opened for revision 05 and is now closed.
(Ron Bonica) Yes
(Jari Arkko) No Objection
(Stewart Bryant) No Objection
(Ralph Droms) No Objection
Comment (2010-08-12 for -** No value found for 'p.get_dochistory.rev' **)
Question based on this statement: It has been observed [RFC5157] that address scanning is less effective in IPv6 [RFC2460] networks, as there are more addresses to scan. The observation is of limited value, in that there are other approaches to identifying IPv6 systems, such as reading the 'Received:' lines in SMTP envelopes. Such attacks can be limited by the use of Privacy Addresses [RFC4941], which periodically change, rendering such historical information less useful, but the fact is that such analytic methods exist. Greynets are a tool that can be used to isolate and analyze them. Is there any deployment experience that indicates greynets provide useful information in IPv6, where the traffic to be captured by the greynet may come from seeding information about "lit" IPv6 addresses rather than address or prefix scanning?