There are "smarter" ways to scan v6 address space than this approach. My favorite is "First, the attacker may rely on the administrator conveniently numbering their hosts from [prefix]::1 upward. This makes scanning trivial."
Most definitely- but not doing that should be considered best practices.
-Don
