Survey on Target-Generated IPv6 Network Address Scanning

Hou Bingnan; Liu Ning; Li Xionglüe; Zhou Tongqing; Chen Yingwen; Cai Zhiping; Lu Kai

doi:10.7544/issn1000-1239.202330335

Journal of Computer Research and Development > 2024 > 61(9): 2307-2320. > DOI: 10.7544/issn1000-1239.202330335 CSTR: 32373.14.issn1000-1239.202330335

Hou Bingnan, Liu Ning, Li Xionglüe, Zhou Tongqing, Chen Yingwen, Cai Zhiping, Lu Kai. Survey on Target-Generated IPv6 Network Address Scanning[J]. Journal of Computer Research and Development, 2024, 61(9): 2307-2320. DOI: 10.7544/issn1000-1239.202330335

Citation:

PDF (1129 KB)

Survey on Target-Generated IPv6 Network Address Scanning

College of Computer Science and Technology, National University of Defense Technology, Changsha 410073

Funds: This work was supported by the China Postdoctoral Science Foundation (2023TQ0089) and the Science and Technology Innovation Program of Hunan Province (2022RC3061, 2021RC2071).

More Information

Author Bio:
Hou Bingnan: born in 1987. PhD, postdoc. His main research interests include network measurement and network security

Liu Ning: born in 1998. Master candidate. His main research interest includes network measurement

Li Xionglüe: born in 1990. PhD candidate. His main research interests include network measurement and artificial intelligence

Zhou Tongqing: born in 1991. PhD, assistant professor. His main research interests include privacy preserving and edge computing

Chen Yingwen: born in 1979. PhD, professor. Senior member of CCF. His main research interests include network protocols and AIoT

Cai Zhiping: born in 1975. PhD, professor, PhD supervisor. Distinguished member of CCF. His main research interests include network measurement, network security, and artificial intelligence

Lu Kai: born in 1973. PhD, professor, PhD supervisor. Standing director of CCF. His main research interests include high performance computing, intelligent computing, and network security
Received Date: April 23, 2023
Revised Date: November 13, 2023
Available Online: April 27, 2024

Graphical Abstract

Abstract

Abstract

With the rapid evolution of IPv6 in recent years, the significance of IPv6 network measurement and security analysis has grown substantially. Obtaining a substantial number of active IPv6 addresses has become a fundamental and critical task in this domain. However, the sheer size of the IPv6 address space and the sparsely distributed nature of active hosts present challenges that render brute-force scanning tools, such as ZMap and MASSCAN. While ZMap can scan the entire IPv4 network in just 5 minutes with a 10-gigabit bandwidth, it would take hundreds of millions of years to scan the entire IPv6 network using similar methods. In response to this challenge and in a bid to enhance the efficiency of IPv6-wide scans, researchers have introduced a series of innovative search strategies tailored to IPv6 scans. These strategies aim to enhance the ability to discover assets and mitigate risks within the IPv6 network. We undertake the task of categorizing, organizing, and summarizing the target generation-based scanning approaches proposed by researchers in this field. We conduct a comprehensive analysis, comparing the hit rate, marginal benefit, and time costs of state-of-the-art solutions through real-network scan experiments. Furthermore, we provide valuable insights into the current landscape and emerging trends in IPv6 target generation scanning techniques. By doing so, we contribute to a deeper understanding of IPv6 network analysis and security, ultimately fostering advancements in this critical area of networking research.
- IPv6 network,
- network measurement,
- network scan,
- target generation algorithm,
- alias prefix detection

FullText(HTML)

References (73)

References

[1]	Dhamdhere A, Luckie M, Huffaker B, et al. Measuring the deployment of IPv6: Topology, routing and performance[C]//Proc of the 12th ACM Internet Measurement Conf (IMC). New York: ACM, 2012: 537−550
[2]	李果,何林,宋光磊,等. 基于种子地址的IPv6地址探测技术综述[J]. 电信科学,2019,35(12):24−37 Li Guo, He Lin, Song Guanglei, et al. Survey of IPv6 address probing technology based on seed address[J]. Telecom Science, 2019, 35(12): 24−37 (in Chinese)
[3]	Durumeric Z, Wustrow E, Halderman J A, et al. ZMap: Fast Internet-wide scanning and its security applications[C]//Proc of the 22nd USENIX Security Symp (USENIX Security). Berkeley, CA: USENIX Association, 2013: 605–620
[4]	Graham R D. MASSCAN: Mass IP port scanner[CP/OL]. [2023-09-20].https://github.com/robertdavidgraham/masscan
[5]	Matherly J. Shodan: The search engine for Internet-connected devices[EB/OL]. [2023-09-20].https://www.shodan.io
[6]	Durumeric Z, Adrian D, Mirian A, et al. A search engine backed by Internet-wide scanning[C]//Proc of the 22nd ACM SIGSAC Conf on Computer and Communications Security (CCS). New York: ACM, 2015: 542–553
[7]	Fan Xun, Heidemann J. Selecting representative IP addresses for Internet topology studies[C]//Proc of the 10th ACM Internet Measurement Conf (IMC). New York: ACM, 2010: 411–423
[8]	Gasser O, Scheitle Q, Gebhard S, et al. Scanning the IPv6 Internet: Towards a comprehensive hitlist [J]. arXiv preprint, arXiv: 1607.05179, 2016
[9]	Song Guanglei, He Lin, Wang Zhiliang, et al. Towards the construction of global IPv6 Hitlist and efficient probing of IPv6 address space[C]//Proc of the 28th IEEE/ACM Int Symp on Quality of Service (IWQoS). Piscataway, NJ: IEEE, 2020: 11–20
[10]	Huz G, Bauer S, Claffy K, et al. Experience in using MTURK for network measurement[C]//Proc of the 15th ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data. New York: ACM, 2015: 27–32
[11]	Lone Q, Luckie M, Korczynski M, et al. Using crowdsourcing marketplaces for network measurements: The case of spoofer[C]//Proc of the 18th Network Traffic Measurement and Analysis Conf (TMA). Piscataway, NJ: IEEE, 2018: 10–18
[12]	Varvello M, Blackburn J, Naylor D, et al. EYORG: A platform for crowdsourcing Web quality of experience measurements[C]//Proc of the 12th Int Conf on Emerging Networking Experiments and Technologies (CoNEXT). New York: ACM, 2016: 399–412
[13]	Gont F, Chown T. RFC 7707 Network Reconnaissance in IPv6 Networks[S/OL]. 2016 [2023-09-20].https://datatracker.ietf.org/doc/rfc7707/
[14]	Strowes S D. Bootstrapping active IPv6 measurement with IPv4 and public DNS [J]. arXiv preprint, arXiv: 1710.08536, 2017
[15]	Fiebig T, Borgolte K, Hao Shuang, et al. Something from nothing (there): Collecting global IPv6 datasets from DNS[C]//Proc of the 17th Passive and Active Measurement Conf (PAM). Berlin: Springer, 2017: 30–43
[16]	Fiebig T, Borgolte K, Hao Shuang, et al. In rDNS we trust: Revisiting a common data-source’s reliability[C]//Proc of the 18th Passive and Active Measurement Conf (PAM). Berlin: Springer, 2018: 131–145
[17]	Borgolte K, Hao S, Fiebig T, et al. Enumerating active IPv6 hosts for largescale security scans via DNSSEC-signed reverse zones[C]//Proc of the 18th IEEE Symp on Security and Privacy (S&P). Piscataway, NJ: IEEE, 2018: 770–784
[18]	Gasser O, Scheitle Q, Foremski P, et al. Clusters in the expanse: Understanding and unbiasing IPv6 Hitlists[C]//Proc of the 18th ACM Internet Measurement Conf (IMC). New York: ACM, 2018: 364–378
[19]	Rapid7. DNS records (ANY)[EB/OL]. [2023-09-20].https://scans.io/study/sonar.fdns
[20]	Addy Y. Bitnodes API[EB/OL]. [2023-09-20].https://bitnodes.earn.com/
[21]	Alexa. The top sites on the Web[EB/OL]. [2023-09-20].https://www.alexa.com/topsites
[22]	Statvoo. Website analytics and reviews[EB/OL]. [2023-09-20].https://statvoo.com
[23]	Cisco. Cisco umbrella[EB/OL]. [2023-09-20].https://umbrella.cisco.com
[24]	PremiumDrops. Domain zone file and zone changes downloads[EB/OL]. [2023-09-20].https://www.premiumdrops.com/zones.html
[25]	CAIDA. IPv6 topology[EB/OL]. [2023-09-20]. http://www.caida.org/data/active/ipv6_allpref_topology_dataset.xml
[26]	RIPE. RIPE NCC Atlas[EB/OL]. [2023-09-20].https://atlas.ripe.net
[27]	Rye E C, Beverly R. Discovering the IPv6 network periphery[C]//Proc of the 20th Passive and Active Measurement Conf (PAM). Berlin: Springer, 2020: 3–18
[28]	Luckie M. Scamper: A scalable and extensible packet prober for active measurement of the Internet[C]//Proc of the 10th ACM Internet Measurement Conf (IMC). New York: ACM, 2010: 239–245
[29]	Beverly R, Durairajan R, Plonka D, et al. In the IP of the beholder: Strategies for active IPv6 topology discovery[C]//Proc of the 18th ACM Internet Measurement Conf (IMC). New York: ACM, 2018: 308–321
[30]	Hou Bingnan, Cai Zhiping, Wu Kui, et al. Search in the expanse: Towards active and global IPv6 hitlists[C]//Proc of the 23rd IEEE Int Conf on Computer Communications (INFOCOM). Piscataway, NJ: IEEE, 2023: 10–20
[31]	Hu Qinwen, Brownlee N. How interface ID allocation mechanisms are performed in IPv6[C]//Proc of the 14th ACM Int Conf on Emerging Networking Experiments and Technologies Student Workshop (CoNEXT Workshop). New York: ACM, 2014: 26–27
[32]	RIPE. RIPEstat data API[EB/OL]. 2021 [2023-09-20].https://stat.ripe.net/docs/data_api/
[33]	Barnes R, Altmann R, Kerr D. Mapping the great void smarter scanning for IPv6 [R/OL]. 2012 [2023-09-20].https://www.caida.org/workshops/isma/1202/slides/aims1202_rbarnes.pdf
[34]	Gasser. IPv6 Hitlist service[EB/OL]. [2023-09-20].https://ipv6hitlist.github.io/
[35]	Ullrich J, Kieseberg P, Krombholz K, et al. On reconnaissance with IPv6: A pattern-based scanning approach[C]//Proc of the 10th IEEE Int Conf on Availability, Reliability and Security (ARES). Piscataway, NJ: IEEE, 2015: 186–192
[36]	Foremski P, Plonka D, Berger A. Entropy/IP: Uncovering structure in IPv6 addresses[C]//Proc of the 16th ACM Internet Measurement Conf (IMC). New York: ACM, 2016: 167–181
[37]	Narten T, Jinmei T, Thomson S. RFC 4862 IPv6 stateless address autoconfiguration [S/OL]. 2007 [2023-09-23].https://www.rfc-editor.org/rfc/rfc4862
[38]	Cui Tianyu, Gou Gaopeng, Xiong Gang. 6GCVAE: Gated convolutional variational autoencoder for IPv6 target generation[C]//Proc of the 24th Pacific-Asia Conf on Knowledge Discovery and Data Mining. Berlin: Springer, 2020: 609–622
[39]	Cui Tianyu, Xiong Gang, Gou Gaopeng, et al. 6VecLM: Language modeling in vector space for IPv6 target generation[C]//Proc of the 21st European Conf on Machine Learning and Knowledge Discovery in Databases. Berlin: Springer, 2021: 192–207
[40]	Cui Tianyu, Gou Gaopeng, Xiong Gang, et al. 6GAN: IPv6 multi-pattern target generation via generative adversarial nets with reinforcement learning[C]//Proc of the 21st IEEE Int Conf on Computer Communications (INFOCOM). Piscataway, NJ: IEEE, 2021: 11–20
[41]	Murdock A, Li F, Bramsen P, et al. Target generation for Internet-wide IPv6 scanning[C]//Proc of the 17th ACM Internet Measurement Conf (IMC). New York: ACM, 2017: 242–253
[42]	Liu Zhizhu, Xiong Yinqiao, Liu Xie, et al. 6Tree: Efficient dynamic discovery of active addresses in the IPv6 address space[J]. Computer Networks, 2019, 155(1): 31−46
[43]	Yang Tao, Hou Bingnan, Cai Zhiping, et al. 6Graph: A graph-theoretic approach to address pattern mining for Internet-wide IPv6 scanning[J]. Computer Networks, 2022, 203(1): 108−130
[44]	Yang Tao, Hou Bingnan, Zhou Tongqing, et al. 6Forest: An ensemble learning-based approach to target generation for Internet-wide IPv6 scanning[C]//Proc of the 22nd IEEE Int Conf on Computer Communications (INFOCOM). Piscataway, NJ: IEEE, 2022: 1679–1688
[45]	Zirngibl J, Steger L, Sattler P, et al. Rusty clusters? Dusting an IPv6 research foundation[C]//Proc of the 22nd ACM Internet Measurement Conf (IMC). New York: ACM, 2022: 395–409
[46]	Hou Bingnan, Cai Zhiping, Wu Kui, et al. 6Hit: A reinforcement learning-based approach to target generation for Internet-wide IPv6 scanning[C]//Proc of the 21st IEEE Int Conf on Computer Communications (INFOCOM). Piscataway, NJ: IEEE, 2021: 11–20
[47]	Song Guanglei, Yang Jiahai, He Lin, et al. AddrMiner: A comprehensive global active IPv6 address discovery system[C]//Proc of the 22nd USENIX Annual Technical Conf (ATC). Berkeley, CA: USENIX Association, 2022: 309–326
[48]	Hou Bingnan, Cai Zhiping, Wu Kui, et al. 6Scan: A high-efficiency dynamic Internet-wide IPv6 scanner with regional encoding[J]. IEEE/ACM Transactions on Networking, 2023, 99(1): 1−16
[49]	Hou Bingnan. HMap6 IPv6 Hitlists[EB/OL]. [2023-09-20].https://hbn1987.github.io/HMap6.github.io/
[50]	Beverly R. Yarrp’ing the Internet: Randomized high-speed active topology discovery[C]//Proc of the 16th ACM Internet Measurement Conf (IMC). New York: ACM, 2016: 413–420
[51]	Huang Yuchen, Rabinovich M, Al-Dalky R. FlashRoute: Efficient traceroute on a massive scale[C]//Proc of the 20th ACM Internet Measurement Conf (IMC). New York: ACM, 2020: 443–455
[52]	Spring N, Mahajan R, Wetherall D. Measuring ISP topologies with rocketfuel[J]. ACM SIGCOMM Computer Communication Review, 2002, 32(4): 133−145 doi: 10.1145/964725.633039
[53]	MaxMind. Geolite API[EB/OL]. [2023-09-20]. http://dev.maxmind.com/geoip/legacy/geolite/
[54]	MaxMind. IP2Location[EB/OL]. [2023-09-20]. http://lite.ip2location.com
[55]	Fontugne R, Pelsser C, Aben E, et al. Pinpointing delay and forwarding anomalies using large-scale traceroute measurements[C]//Proc of the 17th ACM Internet Measurement Conf (IMC). New York: ACM, 2017: 15–28
[56]	Padmanabhan R, Schulman A, Dainotti A, et al. How to find correlated Internet failures[C]//Proc of the 19th Passive and Active Measurement Conf (PAM). Berlin: Springer, 2019: 210–227
[57]	Hou Bingnan, Hou Changshen, Zhou Tongqing, et al. Detection and characterization of network anomalies in large-scale RTT time series[J]. IEEE Transactions on Network and Service Management, 2021, 18(1): 793−806 doi: 10.1109/TNSM.2021.3050495
[58]	Czyz J, Luckie M, Allman M, et al. Don’t forget to lock the back door! A characterization of IPv6 network security policy[C]//Proc of the 16th Network and Distributed System Security Symp (NDSS). Berkeley, CA: USENIX Association, 2016: 13–25
[59]	Li Xiang, Liu Baojun, Zheng Xiaofeng, et al. Fast IPv6 network periphery discovery and security implications[C]//Proc of the 51st IEEE/IFIP Int Conf on Dependable Systems and Networks (DSN). Piscataway, NJ: IEEE, 2021: 88–100
[60]	Durumeric Z, Kasten J, Bailey M, et al. Analysis of the HTTPS certificate ecosystem[C]//Proc of the 13th ACM Internet Measurement Conf (IMC). New York: ACM, 2013: 291–304
[61]	Durumeric Z, Li F, Kasten J, et al. The matter of heartbleed[C]//Proc of the 14th ACM Internet Measurement Conf (IMC). New York: ACM, 2014: 475–488
[62]	Durumeric Z, Adrian D, Mirian A, et al. Neither snow nor rain nor MITM..: An empirical analysis of email delivery security[C]//Proc of the 15th ACM Internet Measurement Conf (IMC). New York: ACM, 2015: 27–39
[63]	Holz R, Amann J, Mehani O, et al. TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication[C]//Proc of the 16th Network and Distributed System Security Symp (NDSS). Berkeley, CA: USENIX Association, 2016: 13–25
[64]	Kuhrer M, Hupperich T, Bushart J, et al. Going wild: Large-scale classification of open DNS resolvers[C]//Proc of the 15th ACM Internet Measurement Conf (IMC). New York: ACM, 2015: 355–368
[65]	Pearce P, Jones B, Li F, et al. Global measurement of DNS manipulation[C]//Proc of the 26th USENIX Security Symp (USENIX Security). Berkeley, CA: USENIX Association, 2017: 307–323
[66]	Springall D, Durumeric Z, Halderman J A. FTP: The forgotten cloud[C]//Proc of the 46th IEEE/IFIP Int Conf on Dependable Systems and Networks (DSN). Piscataway, NJ: IEEE, 2016: 503–513
[67]	Li F, Durumeric Z, Czyz J, et al. You’ve got vulnerability: Exploring effective vulnerability notifications[C]//Proc of the 25th USENIX Security Symp (USENIX Security). Berkeley, CA: USENIX Association, 2016: 1033–1050
[68]	Feng Xuan, Li Qiang, Wang Haining, et al. Acquisitional rule-based engine for discovering Internet-of-thing devices[C]//Proc of the 27th USENIX Security Symp (USENIX Security). Berkeley, CA: USENIX Association, 2018: 327–341
[69]	李振宇,丁勇,袁方,等. 基于IPv6网络的移动目标防御与访问控制融合防护方法[J]. 计算机研究与发展,2022,59(5):1105−1119 doi: 10.7544/issn1000-1239.20211118 Li Zhenyu, Ding Yong, Yuan Fang, et al. An integrated protection method of moving target defense and access control based on IPv6 network[J]. Journal of Computer Research and Development, 2022, 59(5): 1105−1119 (in Chinese) doi: 10.7544/issn1000-1239.20211118
[70]	Geoffrey A, Antonio M E, Jedidiah R C. Detecting TCP/IP connections via IPID Hash collisions[J]. Proceedings on Privacy Enhancing Technologies, 2019, 4(1): 311−328
[71]	Feng Xuan, Fu Chuangpu, Li Qi, et al. Off-path TCP exploits of the mixed IPID assignment[C]//Proc of the 20th ACM SIGSAC Conf on Computer and Communications Security (CCS). New York: ACM, 2020: 1323–1335
[72]	Feng Xuewei, Li Qi, Sun Kun, et al. PMTUD is not panacea: Revisiting IP fragmentation attacks against TCP[C]//Proc of the 22nd Network and Distributed System Security Symp (NDSS). Berkeley, CA: USENIX Association, 2022: 12–25
[73]	Li Guangyu, Zhang Menghao, Guo Chen, et al. IMap: Fast and scalable in-network scanning with programmable switches[C]//Proc of the 19th USENIX Symp on Networked Systems Design and Implementation (NSDI). Berkeley, CA: USENIX Association, 2022: 667–681

Cited By

Cited by

Periodical cited type(6)

1.	韩宇捷，徐志杰，杨定裕，黄波，郭健美. CDES:数据驱动的云数据库效能评估方法. 计算机科学. 2024(06): 111-117 .
2.	刘传磊，张贺，杨贺. 地铁保护区智能化巡查系统开发及应用研究. 现代城市轨道交通. 2024(09): 23-30 .
3.	董文，张俊峰，刘俊，张雷. 国产数据库在能源数字化转型中的创新应用研究. 信息通信技术与政策. 2024(10): 68-74 .
4.	阎开. 计算机检测维修与数据恢复技术及应用研究. 信息记录材料. 2023(08): 89-91 .
5.	冯丽琴，冯花平. 基于人脸识别的可控化学习数据库系统设计. 数字通信世界. 2023(10): 69-71 .
6.	张惠芹，章小卫，杜坤，李江. 基于数字孪生的高校实验室高温设备智能化监管体系的探究. 实验室研究与探索. 2023(11): 249-252+282 .