IPv4 and IPv6 Greynets
RFC 6018

Note: This ballot was opened for revision 05 and is now closed.

Search Mailarchive

(Ron Bonica) Yes

(Jari Arkko) No Objection

(Stewart Bryant) No Objection

(Ralph Droms) No Objection

Comment (2010-08-12 for -)
Question based on this statement:

   It has been observed [RFC5157] that address scanning is less
   effective in IPv6 [RFC2460] networks, as there are more addresses to
   scan.  The observation is of limited value, in that there are other
   approaches to identifying IPv6 systems, such as reading the
   'Received:' lines in SMTP envelopes.  Such attacks can be limited by
   the use of Privacy Addresses [RFC4941], which periodically change,
   rendering such historical information less useful, but the fact is
   that such analytic methods exist.  Greynets are a tool that can be
   used to isolate and analyze them.

Is there any deployment experience that indicates greynets provide useful information in IPv6, where the traffic to be captured by the greynet may come from seeding information about "lit" IPv6 addresses rather than address or prefix scanning?

(Peter Saint-Andre) No Objection

(Sean Turner) No Objection