When dealing with any kind of security, whether physical or electronic, there are two kinds of attacks to worry about – those that are picking their targets based on opportunity, and those that are picking their targets based on intent. To borrow a common example, a target of opportunity is simply walking down the street trying to door handle on every car looking for one that is unlocked, while a target of intent is trying to steal a specific car. When it comes to the internet, many large entities (especially government organizations) are regular targets of intent. On the other hand things like viruses and worms that scan indiscriminately for unpatched systems are perfect examples of targets of opportunity.
Most internet organizations currently consider both lines of attack when designing a security plan, although this may start to change if IPv6 ever becomes a full fledged reality. (Whether or not IPV6 ever does gain wide acceptance is not a matter I care to speculate on). Since IPv6 uses 128 bit IP addresses, (IPv4 uses 32 bit addresses), there will be approximately 3.4×1038 total IP addresses. Even small organizations could have IP spaces that dwarf the entire IPv4 address space. Scanning random IPv6 addresses looking for targets will likely become an exercise in futility. One way attackers will have to adapt in an all IPv6 world is to spend much more time footprinting their targets – trying to find specific system’s through publicly available information sources before attacking them. Parts of this process can clearly be automated by opportunists. For example, an attacker could use Google to find web servers at random and then check them for web specific flaws. However, this will likely deter several common methods of finding targets of opportunity. The danger to this of course is that internet organizations will get lazy and assume that if they can simply hide something in the larger IP space it will never be found. As well know, difficult does not mean impossible.
