{
  "draft": "draft-ietf-opsec-ipv6-host-scanning-08",
  "doc_id": "RFC7707",
  "title": "Network Reconnaissance in IPv6 Networks",
  "authors": [
    "F. Gont",
    "T. Chown"
  ],
  "format": [
    "TEXT",
    "HTML"
  ],
  "page_count": "38",
  "pub_status": "INFORMATIONAL",
  "status": "INFORMATIONAL",
  "source": "Operational Security Capabilities for IP Network Infrastructure",
  "abstract": "IPv6 offers a much larger address space than that of its IPv4 counterpart.  An IPv6 subnet of size /64 can (in theory) accommodate approximately 1.844 * 10^19 hosts, thus resulting in a much lower host density (#hosts/#addresses) than is typical in IPv4 networks, where a site typically has 65,000 or fewer unique addresses.  As a result, it is widely assumed that it would take a tremendous effort to perform address-scanning attacks against IPv6 networks; therefore, IPv6 address-scanning attacks have been considered unfeasible.  This document formally obsoletes RFC 5157, which first discussed this assumption, by providing further analysis on how traditional address-scanning techniques apply to IPv6 networks and exploring some additional techniques that can be employed for IPv6 network reconnaissance.",
  "pub_date": "March 2016",
  "keywords": [],
  "obsoletes": [
    "RFC5157"
  ],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC7707",
  "errata_url": "https://www.rfc-editor.org/errata/rfc7707"
}