IPv6 Hitlists at Scale: Be Careful What You Wish For


ABOUT

Today's network measurements rely heavily on Internet-wide scanning, employing tools like ZMap that are capable of quickly iterating over the entire IPv4 address space. Unfortunately, IPv6's vast address space poses an existential threat for Internet-wide scans and traditional network measurement techniques. To address this reality, e!orts are underway to develop "hitlists" of known-active IPv6 addresses to reduce the search space for would-be scanners. As a result, there is an inexorable push for constructing as large and complete a hitlist as possible.

This project asks: what are the potential benefits and harms when IPv6 hitlists grow larger? To answer this question, we obtain the largest IPv6 active-address list to date: 7.9 billion addresses, 898 times larger than the current state-of-the-art hitlist. Although our list is not comprehensive, it is a significant step forward and provides a glimpse into the type of analyses possible with more complete hitlists.

We compare our dataset to prior IPv6 hitlists and show both benefits and dangers. The benefits include improved insight into client devices (prior datasets consist primarily of routers), outage detection, IPv6 roll-out, previously unknown aliased networks, and address assignment strategies. The dangers, unfortunately, are severe: we expose widespread instances of addresses that permit user tracking and device geolocation, and a dearth of firewalls in home networks. We discuss ethics and security guidelines to ensure a safe path towards more complete hitlists.

DATA

Download the 7,205,127 active /48 prefixes we discovered from running our NTP servers here.

Note that the dataset contains some prefixes from the Unique Local and Link-Local address blocks, as well as other non-Global Unicast prefixes.

PUBLICATIONS

pdf IPv6 Hitlists at Scale: Be Careful What You Wish For
Erik Rye, Dave Levin
ACM SIGCOMM

PEOPLE

The following people have contributed to this project:

 

Web Accessibility