Nowadays, there are fewer and fewer IPv4 addresses, but IPv6 is popular because it has enough addresses. Assuming an attacker scans at a rate of 1 million hosts per second, it will take 500,000 years. So it seems that IPv6 is very secure, and the address scanning attack is invalid. But after thorough research, we found several vulnerabilities to scan or obtain IPV6 addresses effectively.
One of the vulnerabilities affects all Linux kernel devices! One affects all Android devices! So it looks like all iPhones, Android phones and smart devices like routers, Smart speakers, and even car entertainment systems are affected. Using these vulnerabilities, we can easily get those random IPv6 addresses, for example, we can get the IPv6 addresses of all devices in a city in one minute. And this kind of attack is universal. This will cause all clients to be directly accessed, just like all the devices in a big Intranet, so we can access the ADB debug port, web services, telnet...Compared with the servers on Internet, the port vulnerability of IOT devices in Intranet is more serious.
We will also introduce some other IPv6 security risks, hoping to draw your attention to IPv6 Security.