On Tue, 14 Feb 2006 18:42:33 +0530, Suresh Ramasubramanian said: > After all when there's an unlimited number of hosts connected to the > v6 network, all that needs to happen is a small botnet to develop, and > then start to port scan. > > The potentially larger number of hosts that can get infected will > probably help do an exhaustive search for you, so that v6 botnets > start small and then grow exponentially in size over time.
OK.. let's say we have a /48 allocated to an end site, and their router falls over at 1Mpps. The exhaustive search will completely clog their pipe for (2 ** (128 - 48))/1000000 seconds, or approximately 38,334,786,263 *years*. (That 2**80 is *huge*, a lot bigger than people think...) Even the most dim-witted site will notice after a day or two of this. And that's why a worm would have to use techniques like Steve and fiends wrote about.
pgpFlyyGzZbSU.pgp
Description: PGP signature