[PLUG] IPv4 address exhaustion - beginning of the end in 8 days

Randal L. Schwartz merlyn at stonehenge.com
Thu Jan 27 03:25:22 UTC 2011


>>>>> "Michael" == Michael Rasmussen <michael at jamhome.us> writes:

Michael> Ping me if you like 2001:470:a:4af::2

OK...

    Locohost.local:~ % ping6 2001:470:a:4af::2
    PING6(56=40+8+8 bytes) 2001::4137:9e76:0:f226:b8c4:77e8 -->
    2001:470:a:4af::2
    16 bytes from 2001:470:a:4af::2, icmp_seq=0 hlim=61 time=132.864 ms
    16 bytes from 2001:470:a:4af::2, icmp_seq=1 hlim=61 time=43.426 ms
    16 bytes from 2001:470:a:4af::2, icmp_seq=2 hlim=61 time=44.492 ms
    16 bytes from 2001:470:a:4af::2, icmp_seq=3 hlim=61 time=40.568 ms
    16 bytes from 2001:470:a:4af::2, icmp_seq=4 hlim=61 time=40.292 ms
    16 bytes from 2001:470:a:4af::2, icmp_seq=5 hlim=61 time=40.283 ms
    16 bytes from 2001:470:a:4af::2, icmp_seq=6 hlim=61 time=45.263 ms
    ^C

Now, here's the scary part:

    Locohost.local:~ % nmap -6 -v 2001:470:a:4af::2 

    Starting Nmap 5.21 ( http://nmap.org ) at 2011-01-26 19:23 PST
    Initiating Ping Scan at 19:23
    Scanning 2001:470:a:4af::2 [2 ports]
    Completed Ping Scan at 19:23, 0.05s elapsed (1 total hosts)
    Initiating System DNS resolution of 1 host. at 19:23
    Completed System DNS resolution of 1 host. at 19:23, 0.00s elapsed
    Initiating Connect Scan at 19:23
    Scanning michaelrpdx-1-pt.tunnel.tserv14.sea1.ipv6.he.net
    (2001:470:a:4af::2) [1000 ports]
    Discovered open port 993/tcp on 2001:470:a:4af::2
    Discovered open port 143/tcp on 2001:470:a:4af::2
    Discovered open port 113/tcp on 2001:470:a:4af::2
    Discovered open port 22/tcp on 2001:470:a:4af::2
    Completed Connect Scan at 19:23, 2.78s elapsed (1000 total ports)
    Nmap scan report for michaelrpdx-1-pt.tunnel.tserv14.sea1.ipv6.he.net
    (2001:470:a:4af::2)
    Host is up (0.076s latency).
    Not shown: 996 closed ports
    PORT    STATE SERVICE
    22/tcp  open  ssh
    113/tcp open  auth
    143/tcp open  imap
    993/tcp open  imaps

    Read data files from: /opt/local/share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 2.87 seconds

If that wasn't already a public-facing machine, and you were counting on
NAT as a firewall (reasonable until now), time to lock down your machine
a bit more. :)

By the way, I'm currently sitting at a wifi hotspot, with my v6
connectivity automatically enabled via Miredo (a Teredo client).  Didn't
have to hit a thing, and I'm on V6.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.posterous.com/ for Smalltalk discussion




More information about the PLUG mailing list