IPv6 scanning and device fingerprinting presentation at the FIRST 2022 Conference
Dave De Coster and Piotr Kijewski from The Shadowserver Foundation presented results from the VARIoT IPv6 scanning and IoT device fingerprinting at the June 2022 FIRST (Forum of Incident Response Security Teams) conference in Dublin, Ireland. The FIRST conference is the leading conference for incident response practitioners. The 2022 edition attracted nearly 1000 participants from all over the world.
In the presentation titled “Internet Spelunking: IPv6 Scanning and Device Fingerprinting” Shadowserver gave an overview of their Internet IPv4 scanning process, before explaining how it scans the IPv6 Internet using IPv6 hitlists made up of IPv6 addresses that are seen to be in use (for example, via passive DNS techniques). Techniques for fingerprinting IoT devices both in the IPv4 and IPv6 space were also explained. You can read more on IPv6 scanning in the Shadowserver blog announcing the new scans and view the presentation recording here.
You can view some of the results of the IPv6 scans in the newly published Shadowserver Public Dashboard. For example, IPv6 scan results for potentially vulnerable services with a breakdown of each service scanned per country can be found here. The dashboard will be updated in the coming weeks with more data from the VARIoT project, including attack data from our honeypot network and device fingerprint statistics.