pith. sign in

arxiv: 2604.19487 · v2 · submitted 2026-04-21 · 💻 cs.NI

Revisiting and Expanding the IPv6 Network Periphery: Global-Scale Measurement and Security Analysis

Zixuan Xie , Zitao Yang , Shurui Fang , Zhaoyang Li , Wenxing Xie , Nannan Fu , Liangyu Dong , Xiang Li This is my paper

Pith reviewed 2026-05-10 01:50 UTC · model grok-4.3

classification 💻 cs.NI
keywords IPv6network peripheryservice exposurerouting loopsglobal measurementsecurity analysisLLM verification
0
0 comments X

The pith

Global IPv6 measurements identify 281.9 million active peripheries across 73 regions with 2.5 percent of services still exposed and 4.5 million routing loops.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper expands an earlier regional study of IPv6 network peripheries to a global scale by introducing an efficient scanning approach that targets high-value address prefixes. It reports a large increase in active endpoints since 2021 and quantifies ongoing risks through direct service probing and loop detection. A new verification framework is applied to exposed tools, showing that insecure defaults allow unauthorized access in several cases. The results indicate that rapid IPv6 growth has not resolved underlying configuration and routing problems that leave parts of the periphery vulnerable.

Core claim

Using the Response-Guided Prefix Selection strategy to guide large-scale probing, the measurement locates more than 281.9 million active IPv6 network peripheries in 73 countries and regions. Service exposure analysis finds that 2.5 percent of reachable services present dangerous exposures such as outdated administrative interfaces and misconfigured servers, while correlation with known vulnerabilities shows recurring software issues. The Hierarchical LLM Exposure Verification framework identifies unauthorized-access risks in exposed LLM tools caused by insecure defaults and missing authentication. Re-examination of routing also locates 4.5 million loop-prone responses, confirming that flawed

What carries the argument

Response-Guided Prefix Selection (RGPS) strategy that selects high-value IPv6 prefixes for efficient probing, together with the Hierarchical LLM Exposure Verification (HLEV) framework that checks unauthorized-access risks in exposed deployment tools.

If this is right

  • IPv6 adoption has surged globally while security challenges remain structurally embedded in the network periphery.
  • A measurable fraction of reachable services continue to expose outdated administrative interfaces and misconfigured servers.
  • Routing-loop vulnerabilities affect millions of responses and appear across multiple vendors and regions.
  • Exposed LLM deployment tools exhibit repeated weaknesses from missing authentication and insecure default configurations.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Cross-checking future IPv6 scans against alternative prefix-selection techniques would help confirm whether reported growth rates hold under different sampling assumptions.
  • The continued presence of routing loops points to the need for vendor-specific IPv6 firmware updates that address loop-prevention logic.
  • Security audits for new technology deployments such as LLM servers could incorporate automated exposure-verification steps similar to the one presented.

Load-bearing premise

The Response-Guided Prefix Selection strategy combined with the scanning process yields a representative sample of active IPv6 peripheries, and the detected exposures and loops represent genuine persistent vulnerabilities rather than transient artifacts.

What would settle it

An independent global re-scan that employs a different prefix-selection method and reports substantially fewer active peripheries, lower exposure rates, or fewer loop-prone responses would indicate that the original sample is biased or that the vulnerabilities are not persistent.

Figures

Figures reproduced from arXiv: 2604.19487 by Liangyu Dong, Nannan Fu, Shurui Fang, Wenxing Xie, Xiang Li, Zhaoyang Li, Zitao Yang, Zixuan Xie.

Figure 1
Figure 1. Figure 1: Global IPv6 Network Periphery: Measurement, Service Exposure, and Security Analysis Overview. [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Distribution of Peripheries by Country/Region. [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Top 10 Countries/Regions by Periphery Count. [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Average Number of Exposed Services per Periphery. [PITH_FULL_IMAGE:figures/full_fig_p007_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Top 10 ASNs by Routing Loop [PITH_FULL_IMAGE:figures/full_fig_p011_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: The vulnerable population is strongly concentrated [PITH_FULL_IMAGE:figures/full_fig_p011_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Top 10 Vendors by Routing Loop Periphery Count. [PITH_FULL_IMAGE:figures/full_fig_p012_7.png] view at source ↗
read the original abstract

As IPv6 deployment accelerates, understanding the evolving security posture of network peripheries becomes increasingly important. A DSN 2021 study introduced the first large-scale discovery of IPv6 network peripheries, uncovering risks like service exposure and routing loops. However, its scope was limited to three regions and is now outdated. In this paper, we revisit and significantly expand upon that work, presenting a comprehensive, up-to-date security assessment of IPv6 network peripheries. To support efficient large-scale scanning, we propose a novel Response-Guided Prefix Selection (RGPS) strategy to identify high-value IPv6 prefixes for probing. Our global-scale measurement covers 73 countries/regions and identifies over 281.9M active IPv6 network peripheries, including a 371.2% increase (245M) over the 52M reported in 2021 for India, China, and America. Our service exposure analysis shows that 2.5% of reachable services are still dangerously exposed, including outdated administrative interfaces and misconfigured servers, while correlation with known CVEs reveals recurring software vulnerabilities. Building on this service-exposure perspective, we further design a Hierarchical LLM Exposure Verification (HLEV) framework to identify unauthorized-access risks in exposed LLM deployment tools, revealing multiple security weaknesses caused by insecure default configurations and missing authentication. Additionally, we revisit routing loop vulnerabilities and identify 4.5M loop-prone responses, confirming that flawed routing behaviors remain widespread across vendors and countries/regions. These findings suggest that while IPv6 adoption has surged, key security challenges persist and are structurally embedded.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper presents a global-scale empirical measurement of IPv6 network peripheries using a novel Response-Guided Prefix Selection (RGPS) strategy. It reports discovering over 281.9M active peripheries across 73 countries/regions (including a 371.2% increase to 245M more than the 2021 baseline in India, China, and America), finds that 2.5% of reachable services remain dangerously exposed, introduces a Hierarchical LLM Exposure Verification (HLEV) framework to detect risks in LLM deployment tools, and identifies 4.5M loop-prone routing responses, concluding that security challenges persist despite IPv6 growth.

Significance. If the sampling and detection methods prove representative and low-bias, the work substantially expands prior limited-scope IPv6 periphery studies to global coverage, supplies actionable data on service exposures and routing flaws, and contributes the RGPS scanning approach plus the HLEV verification framework as reusable tools for the measurement community.

major comments (3)
  1. [RGPS strategy section] RGPS strategy section: because prefix selection is explicitly response-guided, the method preferentially retains prefixes that answer initial probes. This creates a plausible selection bias toward networks containing open or misconfigured devices while under-sampling silent or filtered ones, directly affecting the headline 281.9M periphery count, the 2.5% exposure fraction, and the 4.5M loop count. The manuscript provides no cross-check against uniform random sampling, RIPE Atlas ground truth, or re-running the 2021 method on the same address space.
  2. [Measurement results section] Measurement results section: the reported numerical findings (281.9M peripheries, 371.2% regional growth, 2.5% dangerous exposure, 4.5M loops) are presented without accompanying error analysis, false-positive rates for the scanning pipeline, confidence intervals, or discussion of transient versus persistent responses. This omission makes it impossible to determine whether the observed increases and exposure rates reflect genuine population statistics or artifacts of the RGPS filter and scanning process.
  3. [HLEV framework section] HLEV framework section: the Hierarchical LLM Exposure Verification framework is introduced to assess unauthorized-access risks in exposed LLM tools, yet no validation metrics (precision, recall, or inter-rater agreement against manual review) are supplied. Without such evidence, the claimed security weaknesses cannot be confidently attributed to the framework rather than LLM hallucination or prompt sensitivity.
minor comments (2)
  1. [Introduction] Define 'active IPv6 network peripheries' and 'dangerously exposed' with precise operational criteria in the introduction or methodology, as these terms are central to all quantitative claims.
  2. [Results] Add a table or map legend clarifying the exact 73 countries/regions covered and the criteria used to classify a prefix as 'active'.

Simulated Author's Rebuttal

3 responses · 1 unresolved

We thank the referee for the thorough and constructive review. We address each major comment below, indicating planned revisions to improve the manuscript while maintaining the integrity of our empirical findings.

read point-by-point responses

  1. Referee: [RGPS strategy section] RGPS strategy section: because prefix selection is explicitly response-guided, the method preferentially retains prefixes that answer initial probes. This creates a plausible selection bias toward networks containing open or misconfigured devices while under-sampling silent or filtered ones, directly affecting the headline 281.9M periphery count, the 2.5% exposure fraction, and the 4.5M loop count. The manuscript provides no cross-check against uniform random sampling, RIPE Atlas ground truth, or re-running the 2021 method on the same address space.

    Authors: We appreciate the referee's identification of this methodological issue. RGPS is intentionally response-guided to make global-scale discovery of active peripheries computationally tractable, as uniform sampling across the IPv6 space is infeasible. The reported 281.9M figure and related counts are direct discoveries of responsive devices rather than extrapolated population estimates, which aligns with the study's focus on observable security exposures. That said, we acknowledge the potential bias toward responsive networks. In revision, we will add an explicit limitations discussion in the RGPS section, including a small-scale uniform-sampling comparison on a subset of prefixes to quantify differential response rates. Comprehensive RIPE Atlas cross-validation or exact re-execution of the 2021 pipeline is not feasible with available resources and data. revision: partial

  2. Referee: [Measurement results section] Measurement results section: the reported numerical findings (281.9M peripheries, 371.2% regional growth, 2.5% dangerous exposure, 4.5M loops) are presented without accompanying error analysis, false-positive rates for the scanning pipeline, confidence intervals, or discussion of transient versus persistent responses. This omission makes it impossible to determine whether the observed increases and exposure rates reflect genuine population statistics or artifacts of the RGPS filter and scanning process.

    Authors: The referee correctly notes the absence of quantitative error characterization. The headline numbers are empirical counts from our scans, not statistical inferences, yet we agree that additional analysis strengthens interpretability. We will revise the measurement results section to incorporate: repeated-scan data distinguishing transient from persistent responses, false-positive rates obtained via manual validation of sampled detections, and a discussion of how RGPS filtering may affect observed rates. While full confidence intervals are challenging for active global measurements, we will report validation-derived bounds and sensitivity checks. revision: yes

  3. Referee: [HLEV framework section] HLEV framework section: the Hierarchical LLM Exposure Verification framework is introduced to assess unauthorized-access risks in exposed LLM tools, yet no validation metrics (precision, recall, or inter-rater agreement against manual review) are supplied. Without such evidence, the claimed security weaknesses cannot be confidently attributed to the framework rather than LLM hallucination or prompt sensitivity.

    Authors: We recognize the value of formal validation for the HLEV framework. Although the framework was refined through iterative manual review of exposed LLM tools, quantitative metrics were not reported in the submission. In the revised manuscript, we will add a dedicated validation subsection reporting precision and recall against a manually labeled set of 500 cases, along with inter-rater agreement (Cohen's kappa) from two independent reviewers. This will provide evidence that the identified weaknesses are attributable to the framework's detections rather than prompt artifacts. revision: yes

standing simulated objections not resolved
  • A complete re-implementation of the 2021 scanning methodology on the current IPv6 address space or large-scale RIPE Atlas ground-truth validation cannot be performed within the revision timeline due to lack of access to the original 2021 infrastructure, address lists, and required additional measurement resources.

Circularity Check

0 steps flagged

No circularity: empirical measurement study with results grounded in direct observations

full rationale

The paper is a large-scale empirical measurement study that proposes the RGPS scanning strategy, performs global IPv6 probes across 73 countries, and reports observed counts (281.9M peripheries, 2.5% exposure rate, 4.5M loop-prone responses). These headline figures are direct outputs of the scanning process rather than outputs of any equation, fitted model, or derivation. No self-definitional steps, fitted-input-as-prediction patterns, or load-bearing self-citations appear in the provided text; the 2021 DSN reference is external prior work. The methodology is self-contained against external benchmarks (scan results) and does not reduce any claimed result to its own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claims rest on the assumption that active scanning can safely and accurately map IPv6 peripheries at global scale; no explicit free parameters or invented entities are stated in the abstract, but completeness of prefix selection and ethical scanning constraints are implicit domain assumptions.

axioms (2)
  • domain assumption Active network scanning produces representative samples of reachable IPv6 peripheries without significant bias from rate limiting or filtering.
    Invoked by the use of RGPS to select prefixes and the reporting of absolute counts such as 281.9M.
  • domain assumption Detected open services and routing-loop responses correspond to real, persistent security exposures rather than transient states.
    Underlies the 2.5% exposure and 4.5M loop claims.

pith-pipeline@v0.9.0 · 5613 in / 1467 out tokens · 59524 ms · 2026-05-10T01:50:27.154530+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

64 extracted references · 64 canonical work pages

  1. [1]

    The IPv6 Transition,

    APNIC Labs, “The IPv6 Transition,” accessed on 2025. [Online]. Available: https://labs.apnic.net/index.php/2024/10/ 19/the-ipv6-transition/

    work page 2025

  2. [2]

    AS131072 IPv6 BGP Table Data,

    BGP, “AS131072 IPv6 BGP Table Data,” accessed on 2026. [Online]. Available: https://bgp.potaroo.net/v6/as2.0/index.html

    work page 2026

  3. [3]

    IPv6 Adoption Statistics,

    Google, “IPv6 Adoption Statistics,” accessed on 2026. [Online]. Available: https://www.google.com/intl/en/ipv6/statistics

    work page 2026

  4. [4]

    Internet protocol, version 6 (IPv6) specification,

    S. Deering and R. Hinden, “Internet protocol, version 6 (IPv6) specification,” Tech. Rep., 2017

    work page 2017

  5. [5]

    Fast IPv6 network periphery discovery and security implications,

    X. Li, B. Liu, X. Zheng, H. Duan, Q. Li, and Y. Huang, “Fast IPv6 network periphery discovery and security implications,” in 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 2021, pp. 88–100

    work page 2021

  6. [6]

    Common Vulnerabilities and Exposures (CVE),

    CVE, “Common Vulnerabilities and Exposures (CVE),” accessed on 2025. [Online]. Available: https://www.cve.org

    work page 2025

  7. [7]

    BGP Toolkit,

    Hurricane Electric, “BGP Toolkit,” accessed on 2025. [Online]. Available: https://bgp.he.net/

    work page 2025

  8. [8]

    Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) speci- fication,

    A. Conta, S. Deering, and M. Gupta, “Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) speci- fication,” Tech. Rep., 2006

    work page 2006

  9. [9]

    [Online]

    XMap, “XMap,” accessed on 2025. [Online]. Available: https: //github.com/idealeer/xmap

    work page 2025

  10. [10]

    ZGrab 2.0,

    ZGrab2, “ZGrab 2.0,” accessed on 2025. [Online]. Available: https://github.com/zmap/zgrab2

    work page 2025

  11. [11]

    {ZMap}: Fast internet-wide scanning and its security applications,

    Z. Durumeric, E. Wustrow, and J. A. Halderman, “{ZMap}: Fast internet-wide scanning and its security applications,” in22nd USENIX Security Symposium (USENIX Security 13), 2013, pp. 605– 620

    work page 2013

  12. [12]

    IPv6 Toolkit,

    F. Gont, “IPv6 Toolkit,” accessed on 2025. [Online]. Available: https://www.si6networks.com/research/tools/ipv6toolkit

    work page 2025

  13. [13]

    MASSCAN: Mass IP port scanner,

    masscan, “MASSCAN: Mass IP port scanner,” accessed on 2025. [Online]. Available: https://github.com/robertdavidgraham/ masscan

    work page 2025

  14. [14]

    The GNU MP Bignum Library,

    GNU MP, “The GNU MP Bignum Library,” accessed on 2025. [Online]. Available: https://gmplib.org

    work page 2025

  15. [15]

    XMap: Fast Internet-wide IPv4 and IPv6 Network Scanner,

    X. Li, Z. Xie, L. Sun, Y. Qiu, Z. Xu, and Z. Liu, “XMap: Fast Internet-wide IPv4 and IPv6 Network Scanner,”arXiv preprint arXiv:2602.09333, 2026

    work page arXiv 2026

  16. [16]

    Considerations on the IPv6 Host Density Metric,

    G. Huston, “Considerations on the IPv6 Host Density Metric,” Tech. Rep., 2006

    work page 2006

  17. [17]

    IPv6 transition/co- existence security considerations,

    E. Davies, S. Krishnan, and P . Savola, “IPv6 transition/co- existence security considerations,” Tech. Rep., 2007. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, UNDER REVIEW 15

    work page 2007

  18. [18]

    IPv6 Best Practices, Benefits, Transition Challenges and the Way Forward,

    ETSI, “IPv6 Best Practices, Benefits, Transition Challenges and the Way Forward,” accessed on 2025. [Online]. Available: https://www.etsi.org/images/files/ETSIWhitePapers/etsi WP35 IPv6 Best Practices Benefits Transition Challenges and the Way Forward.pdf

    work page 2025

  19. [19]

    IPv6 stateless address autoconfiguration,

    S. Thomson, T. Narten, and T. Jinmei, “IPv6 stateless address autoconfiguration,” Tech. Rep., 2007

    work page 2007

  20. [20]

    Security architecture for the internet proto- col,

    S. Kent and K. Seo, “Security architecture for the internet proto- col,” Tech. Rep., 2005

    work page 2005

  21. [21]

    Guidelines for the secure deployment of IPv6,

    S. Frankel, R. Graveman, J. Pearce, and M. Rooks, “Guidelines for the secure deployment of IPv6,”NIST Special Publication, vol. 800, p. 119, 2010

    work page 2010

  22. [22]

    IPv6 Security Guidance,

    National Security Agency, “IPv6 Security Guidance,” accessed on

    work page

  23. [23]

    Available: https://media.defense.gov/2023/Jan/ 18/2003145994/-1/-1/0/CSI IPV6 SECURITY GUIDANCE.PDF

    [Online]. Available: https://media.defense.gov/2023/Jan/ 18/2003145994/-1/-1/0/CSI IPV6 SECURITY GUIDANCE.PDF

    work page 2023

  24. [24]

    6sense:{Internet-Wide}{IPv6}scanning and its secu- rity applications,

    G. Williams, M. Erdemir, A. Hsu, S. Bhat, A. Bhaskar, F. Li, and P . Pearce, “6sense:{Internet-Wide}{IPv6}scanning and its secu- rity applications,” in33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 2281–2298

    work page 2024

  25. [25]

    Illuminating large-scale ipv6 scanning in the internet,

    P . Richter, O. Gasser, and A. Berger, “Illuminating large-scale ipv6 scanning in the internet,” inProceedings of the 22nd ACM Internet Measurement Conference, 2022, pp. 410–418

    work page 2022

  26. [26]

    IPv6 Routing Protocol for Low-Power and Lossy Networks Security Vulnerabilities and Mit- igation Techniques: A Survey,

    A. Zilberman, A. Dvir, and A. Stulman, “IPv6 Routing Protocol for Low-Power and Lossy Networks Security Vulnerabilities and Mit- igation Techniques: A Survey,”ACM Computing Surveys, vol. 57, no. 11, pp. 1–77, 2025

    work page 2025

  27. [27]

    Security Advisories,

    Jetty, “Security Advisories,” accessed on 2025. [Online]. Available: https://github.com/eclipse/jetty.project/security/advisories

    work page 2025

  28. [28]

    Survey: Large Language Model Adoption Reaches Tipping Point,

    Arize AI, “Survey: Large Language Model Adoption Reaches Tipping Point,” accessed on 2025. [Online]. Available: https: //arize.com/blog/llm-survey/

    work page 2025

  29. [29]

    [Online]

    Ollama Endpoint, “API,” accessed on 2025. [Online]. Available: https://github.com/ollama/ollama/blob/main/docs/api.md

    work page 2025

  30. [30]

    OpenAI Compatibility Endpoints,

    LM Studio Endpoint, “OpenAI Compatibility Endpoints,” accessed on 2025. [Online]. Available: https://lmstudio.ai/docs/ app/api/endpoints/openai

    work page 2025

  31. [31]

    OpenAI-Compatible Server,

    vLLM, “OpenAI-Compatible Server,” accessed on 2025. [Online]. Available: https://docs.vllm.ai/en/latest/serving/ openai compatible server.html

    work page 2025

  32. [32]

    Local API Server,

    Jan, “Local API Server,” accessed on 2025. [Online]. Available: https://jan.ai/docs/api-server#server-settings

    work page 2025

  33. [33]

    GPT4All API Server,

    GPT4All, “GPT4All API Server,” accessed on 2025. [Online]. Available: https://docs.gpt4all.io/gpt4all api server/ home.html#activating-the-api-server

    work page 2025

  34. [34]

    The internals of Xinference,

    Xinference, “The internals of Xinference,” accessed on 2025. [Online]. Available: https://inference.readthedocs.io/en/latest/ development/xinference internals.html#restful-api

    work page 2025

  35. [35]

    CNVD-2025-04094 Detail,

    CNVD, “CNVD-2025-04094 Detail,” accessed on 2025. [Online]. Available: https://www.cnvd.org.cn/flaw/show/ CNVD-2025-04094

    work page 2025

  36. [36]

    In the IP of the beholder: Strategies for active IPv6 topology discovery,

    R. Beverly, R. Durairajan, D. Plonka, and J. P . Rohrer, “In the IP of the beholder: Strategies for active IPv6 topology discovery,” in Proceedings of the Internet Measurement Conference 2018, 2018, pp. 308–321

    work page 2018

  37. [37]

    Junos OS Transport and Internet Protocols User Guide,

    Juniper Networks, “Junos OS Transport and Internet Protocols User Guide,” accessed on 2025. [Online]. Avail- able: https://www.juniper.net/documentation/us/en/software/ junos/transport-ip/transport-ip.pdf

    work page 2025

  38. [38]

    Configuring RIP,

    Cisco, “Configuring RIP,” accessed on 2025. [Online]. Available: https://www.cisco.com/c/en/us/td/docs/switches/ datacenter/nexus3548/sw/unicast/6x/b Cisco Nexus 3548 Unicast Routing Configuration Guide Release 6 x/b Cisco Nexus 3548 Unicast Routing Configuration Guide Release 6 x chapter 01000.pdf

    work page 2025

  39. [39]

    RIP Commands on Cisco IOS XR Software,

    ——, “RIP Commands on Cisco IOS XR Software,” accessed on

    work page

  40. [40]

    Available: https://www.cisco.com/c/en/us/td/ docs/routers/xr12000/software/xr12k r4-0/routing/command/ reference/rr40xr12kbook chapter7.html

    [Online]. Available: https://www.cisco.com/c/en/us/td/ docs/routers/xr12000/software/xr12k r4-0/routing/command/ reference/rr40xr12kbook chapter7.html

    work page

  41. [41]

    OSPF for IPv6,

    R. Coltun, D. Ferguson, J. Moy, and A. Lindem, “OSPF for IPv6,” Tech. Rep., 2008

    work page 2008

  42. [42]

    loops (BGP Address Family),

    Juniper Networks, “loops (BGP Address Family),” accessed on 2025. [Online]. Available: https://www.juniper.net/ documentation/us/en/software/junos/cli-reference/topics/ref/ statement/loops-edit-protocols-bgp-family.html

    work page 2025

  43. [43]

    The menlo report,

    M. Bailey, D. Dittrich, E. Kenneally, and D. Maughan, “The menlo report,”IEEE Security & Privacy, vol. 10, no. 2, pp. 71–75, 2012

    work page 2012

  44. [44]

    6sense: Internet-wide ipv6 scanning and its security applications

    G. W. M. E. A. Hsu, S. Bhat, and A. B. F. L. P . Pearce, “6sense: Internet-wide ipv6 scanning and its security applications.”

    work page

  45. [45]

    Addrprobe: An internet-wide active ipv6 address probing system with limited seeds,

    D. Cheng, L. He, Q. Yin, G. Han, Y. Zhang, B. Jin, Y. Liu, G. Song, T. Yang, J. Yanget al., “Addrprobe: An internet-wide active ipv6 address probing system with limited seeds,”IEEE Transactions on Networking, vol. 34, pp. 2498–2513, 2025

    work page 2025

  46. [46]

    Hmap: Efficient internet-wide ipv6 scanning with dynamic search,

    B. Hou, Z. Yang, X. Meng, X. Wang, Y. Yang, L. Hu, X. Li, and Z. Cai, “Hmap: Efficient internet-wide ipv6 scanning with dynamic search,”IEEE Transactions on Network and Service Manage- ment, 2026

    work page 2026

  47. [47]

    Tnet: Efficient ipv6 active network discovery,

    J. Zhao, F. Shi, C. Xu, J. Peng, M. Ge, P . Xue, and M. Zhang, “Tnet: Efficient ipv6 active network discovery,”Computer Networks, p. 112170, 2026

    work page 2026

  48. [48]

    6seeks: A global ipv6 network periphery scanning system,

    T. Yang, B. Hou, Y. Yang, Z. Yang, and Z. Cai, “6seeks: A global ipv6 network periphery scanning system,”IEEE Transactions on Networking, 2025

    work page 2025

  49. [49]

    Efficient ipv6 router interface discovery,

    T. Yang and Z. Cai, “Efficient ipv6 router interface discovery,” inIEEE INFOCOM 2024-IEEE Conference on Computer Communi- cations. IEEE, 2024, pp. 1641–1650

    work page 2024

  50. [50]

    6pstree: Efficient large-scale ipv6 topology discovery based on prefix space tree,

    K. Wen, L. Ju, and T. Chen, “6pstree: Efficient large-scale ipv6 topology discovery based on prefix space tree,”Available at SSRN 5320433

    work page

  51. [51]

    Tar- get acquired? evaluating target generation algorithms for ipv6,

    L. Steger, L. Kuang, J. Zirngibl, G. Carle, and O. Gasser, “Tar- get acquired? evaluating target generation algorithms for ipv6,” in2023 7th Network Traffic Measurement and Analysis Conference (TMA). IEEE, 2023, pp. 1–10

    work page 2023

  52. [52]

    6former: Transformer-based ipv6 address gener- ation,

    Q. Liu and X. Li, “6former: Transformer-based ipv6 address gener- ation,” in2023 IEEE Symposium on Computers and Communications (ISCC). IEEE, 2023, pp. 1142–1148

    work page 2023

  53. [53]

    6vision: Image-encoding-based ipv6 target generation in few-seed scenarios,

    W. Zhang, G. Song, L. He, J. Lin, S. Wu, Z. Wang, C. Li, and J. Yang, “6vision: Image-encoding-based ipv6 target generation in few-seed scenarios,” in2024 IEEE 32nd International Conference on Network Protocols (ICNP). IEEE, 2024, pp. 1–12

    work page 2024

  54. [54]

    Gungnir: Autore- gressive model for unified generation of ipv6 fully responsive prefixes,

    C. Wei, Y. Liu, L. He, D. Cheng, and J. Zhou, “Gungnir: Autore- gressive model for unified generation of ipv6 fully responsive prefixes,” in2025 IEEE 33rd International Conference on Network Protocols (ICNP). IEEE, 2025, pp. 1–12

    work page 2025

  55. [55]

    Scanning the ipv6 internet using subnet-router anycast probing,

    M. Koch, R. Hiesgen, M. Nawrocki, T. C. Schmidt, and M. W ¨ahlisch, “Scanning the ipv6 internet using subnet-router anycast probing,”Proceedings of the ACM on Networking, vol. 3, no. CoNEXT4, pp. 1–15, 2025

    work page 2025

  56. [56]

    Time to scan: Digging into ntp-based ipv6 scanning,

    M. Klopsch, C. Sander, K. Wehrle, and M. Dahlmanns, “Time to scan: Digging into ntp-based ipv6 scanning,” inProceedings of the 2025 ACM Internet Measurement Conference, 2025, pp. 970–982

    work page 2025

  57. [57]

    Subrecon: Efficient internet-wide ipv6 subnet discovery and its applications,

    J. Zhou, Y. Liu, L. He, Y. Yang, X. Shi, D. Cheng, C. Wei, Y. Fan, and G. Song, “Subrecon: Efficient internet-wide ipv6 subnet discovery and its applications,” in2025 IEEE 33rd International Conference on Network Protocols (ICNP). IEEE, 2025, pp. 1–12

    work page 2025

  58. [58]

    Grey rhino warning: Ipv6 is becoming fertile ground for reflection amplifica- tion attacks,

    L. Hu, T. Yang, Y. Pang, B. Hou, Z. Cai, and B. Yu, “Grey rhino warning: Ipv6 is becoming fertile ground for reflection amplifica- tion attacks,” in2025 IEEE/ACM 33rd International Symposium on Quality of Service (IWQoS). IEEE, 2025, pp. 1–6

    work page 2025

  59. [59]

    Doomed to repeat with ipv6? characterization of nat-centric security in soho routers,

    K. Olson, J. Wampler, and E. Keller, “Doomed to repeat with ipv6? characterization of nat-centric security in soho routers,”ACM Computing Surveys, vol. 55, no. 14s, pp. 1–37, 2023

    work page 2023

  60. [60]

    One bad apple can spoil your ipv6 privacy,

    S. J. Saidi, O. Gasser, and G. Smaragdakis, “One bad apple can spoil your ipv6 privacy,”ACM SIGCOMM Computer Communica- tion Review, vol. 52, no. 2, pp. 10–19, 2022

    work page 2022

  61. [61]

    In the loop: A measurement study of persistent routing loops on the ipv4/ipv6 internet,

    M. Maier and J. Ullrich, “In the loop: A measurement study of persistent routing loops on the ipv4/ipv6 internet,”Computer Networks, vol. 221, p. 109500, 2023

    work page 2023

  62. [62]

    Your router is my prober: Measuring ipv6 networks via icmp rate limiting side channels,

    L. Pan, J. Yang, L. He, Z. Wang, L. Nie, G. Song, and Y. Liu, “Your router is my prober: Measuring ipv6 networks via icmp rate limiting side channels,”arXiv preprint arXiv:2210.13088, 2022

    work page arXiv 2022

  63. [63]

    Destination reachable: what icmpv6 error messages reveal about their sources,

    F. Holzbauer, M. Maier, and J. Ullrich, “Destination reachable: what icmpv6 error messages reveal about their sources,” inPro- ceedings of the 2024 ACM on Internet Measurement Conference, 2024, pp. 280–294

    work page 2024

  64. [64]

    A detailed measurement view on ipv6 scanners and their adaption to bgp signals,

    I. Egloff, R. Hiesgen, M. Koch, T. C. Schmidt, and M. W ¨ahlisch, “A detailed measurement view on ipv6 scanners and their adaption to bgp signals,”Proceedings of the ACM on Networking, vol. 3, no. CoNEXT3, pp. 1–23, 2025

    work page 2025