Enumerating Active IPv6 Hosts for Large-Scale Security Scans via DNSSEC-Signed Reverse Zones

Explore a novel technique for enumerating active IPv6 addresses through DNSSEC-signed reverse zones in this IEEE conference talk. Delve into the challenges of conducting large-scale security scans in the IPv6 era and discover the significant security implications of this approach. Learn about the exposure of sensitive data, improperly controlled access to hosts, and the potential risks associated with automatic IPv6 address assignment. Gain insights into the practicality of IPv6 host enumeration, the current state of IPv6 security compared to IPv4, and the major security concerns arising from unintended IPv6 connectivity. Examine the methodology, findings, and limitations of this research, which highlights the importance of including IPv6 addresses in comprehensive security evaluations and scans.

Introduction
How the Internet looks today
IPv6 penetration
Enumerating IPv6 addresses
Recap
Reverse DNS
NSTIC
N63
Collecting N63
Online Collection
Pointer and NS Records
Specific Networks
What we found
Limitations
Summary