Internet Spelunking: IPv6 Scanning and Device Fingerprinting
Internet Spelunking: IPv6 Scanning and Device Fingerprinting
Speakers: Piotr Kijewski (The Shadowserver Foundation, PL), Dave De Coster (The Shadowserver Foundation, US)
About speakers:
Piotr makes things happen as the Shadowserver Foundation CEO, and also coordinates large-scale data collection, analysis projects, and Shadowserver’s CSIRT relationships. He has a strong CSIRT background, working at NASK in Poland for 14 years at the CERT Polska (CERT.PL) team. He was the Head of the CERT Polska team from 2010 – 2016, where he expanded the sensor projects, malware analysis and malware disruption capability. Piotr’s interests include threat intelligence, incident response, honeypot technologies (he is a member and ex-Director of the Honeynet Project) as well as botnets/malware networks (which he likes to disrupt).
Dave De Coster is the Internet Spelunker for The Shadowserver Foundation and has been involved in internet security for over 20 years. When he is not scanning the internet, you can find him doing things not online.
—-
Ever wonder what it takes to scan the entire IPv4 Internet dozens of times a day and get that data (for free) into the hands of people that need it? This talk will discuss how Shadowserver scans the Internet many dozens of times per day (68 different protocols and constantly increasing) and how our scanning cluster operates. We will explain the rationale behind our scanning decisions. We will also go into recent developments: how we have recently started to expand into the realm of IPv6 scanning, and the huge challenges faced there due to the seemingly near infinite address space. We will show how our scanning benefits the Internet defender community, and how we additionally began to use it to fingerprint remote devices at scale by type/vendor/model, enabling defenders to better understand their exposed attack surface. The presentation will also include snapshots of our scanning and device identification results.
Views : 70
ipv6