Re: [swinog] Strange IPv6 scans from big networks
except scanning a /64 takes a ethernity > On 1 Dec 2019, at 19:05, Nico Schottelius > wrote: > > > Hey Klaus, > > I am surprised you are surprised. > > Why would one *not* want to scan your particular home network? > > IPv6 is on the rise and scanning networks / IPs is a standard thing in > the IPv4 world. So it would be a surprise to me, why people would not > want to at least try to find devices in IPv6 based networks. > > Best, > > Nico > > > Klaus Ethgen writes: > >> Hi, >> >> Currently I see day long IPv6 scans from networks of Akamai >> (2a02:26f0:f3::/48), Google (2a00:1450:4000::/37), Apple >> (2a01:110::/31), Microsoft (2a01:b740::/29), Swisscom (2001:918::/32) >> and Init7 (2001:1620::/32) to my Network @HOME. They all try to >> enumerate hosts and ports in 2a02:168:4e82:0:* that does not and never >> have exists. >> >> The net is a fiber7 port. >> >> Anybody an idea what is going on here? On request I can provide more >> informations like pcaps. >> >> The scans are sourced from all over that mentioned networks above. >> >> While I have no scruples to block Apple, Microsoft, Akamai or other bad >> behaving networks, I do not want to block Swisscom or Init7 if not >> needed. >> >> Needless to say that I do not have any public service behind my fiber7 >> port. >> >> Gruß >> Klaus > > > -- > Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Strange IPv6 scans from big networks
Hey Klaus, I am surprised you are surprised. Why would one *not* want to scan your particular home network? IPv6 is on the rise and scanning networks / IPs is a standard thing in the IPv4 world. So it would be a surprise to me, why people would not want to at least try to find devices in IPv6 based networks. Best, Nico Klaus Ethgen writes: > Hi, > > Currently I see day long IPv6 scans from networks of Akamai > (2a02:26f0:f3::/48), Google (2a00:1450:4000::/37), Apple > (2a01:110::/31), Microsoft (2a01:b740::/29), Swisscom (2001:918::/32) > and Init7 (2001:1620::/32) to my Network @HOME. They all try to > enumerate hosts and ports in 2a02:168:4e82:0:* that does not and never > have exists. > > The net is a fiber7 port. > > Anybody an idea what is going on here? On request I can provide more > informations like pcaps. > > The scans are sourced from all over that mentioned networks above. > > While I have no scruples to block Apple, Microsoft, Akamai or other bad > behaving networks, I do not want to block Swisscom or Init7 if not > needed. > > Needless to say that I do not have any public service behind my fiber7 > port. > > Gruß >Klaus -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Strange IPv6 scans from big networks
Hi, Currently I see day long IPv6 scans from networks of Akamai (2a02:26f0:f3::/48), Google (2a00:1450:4000::/37), Apple (2a01:110::/31), Microsoft (2a01:b740::/29), Swisscom (2001:918::/32) and Init7 (2001:1620::/32) to my Network @HOME. They all try to enumerate hosts and ports in 2a02:168:4e82:0:* that does not and never have exists. The net is a fiber7 port. Anybody an idea what is going on here? On request I can provide more informations like pcaps. The scans are sourced from all over that mentioned networks above. While I have no scruples to block Apple, Microsoft, Akamai or other bad behaving networks, I do not want to block Swisscom or Init7 if not needed. Needless to say that I do not have any public service behind my fiber7 port. Gruß Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
