Ricerc@Sapienza

It has previously been assumed that the size of an IPv6 network would make it impossible to scan the network for vulnerable hosts. Recent work has shown this to be false, and several methods for scanning IPv6 networks have been suggested. However, most of these are based on external information like DNS, or pattern inference which requires large amounts of known IP addresses. In this paper, DeHCP, a novel approach based on delimiting IP ranges with closely clustered hosts, is presented and compared to three previously known scanning methods. The method is shown to work in an experimental setting with results comparable to that of the previously suggested methods, and is also shown to have the advantage of not being limited to a specific protocol or probing method. Finally we show that the scan can be executed across multiple VLANs.