IPv6 comes with a slew of improvements from larger address space to self-organizing addressing to required support of multicast, but these improvements are a double-edged sword. With NAT going away, DHCP no longer being required, modern operating systems and networks supporting and preferring IPv6 over IPv4, ICMP being required for network operation, iptables not applying to IPv6, and multiple IP addresses being associated with individual interfaces, IPv666 conjures the perfect storm of fail open defaults.
Why, then, haven’t more boxes been popped via IPv6? Because 2^128 is far larger than 2^32.
In this talk we will take a practical look at how to enumerate hosts over IPv6, using statistical models to discover servers and novel IPv6 honeypotting techniques to discover clients. We’ll talk about what works and what doesn’t when it comes to finding IPv6 addresses and how we used our model and scanning techniques to start amassing a corpus of the global IPv6 address space. We’ll cover statistics about how much more exposed IPv6 hosts are over their IPv4 counterparts and how prevalent IPv6 hosts are on various hosting platforms. Lastly, we will release our scanning software (open source) and all of the data we’ve collected.