NTP-based IPv6 Address Sourcing and Scanning

This research article investigates the efficacy of sourcing IPv6 addresses using Network Time Protocol (NTP) servers, addressing a significant gap in current Internet measurement methodologies. The study replicates prior work by Rye and Levin, collecting over three billion IPv6 addresses through NTP Pool servers. It analyzes the security configurations of these addresses, revealing that only 28.4% of the NTP-sourced hosts are securely configured, in contrast to 43.5% of hosts identified through traditional hitlist methods. The findings indicate that the NTP approach uncovers a substantial number of consumer deployments that are often overlooked in existing analyses. Additionally, the research identifies two actors utilizing this NTP-based address sourcing technique, highlighting its emerging relevance in the field of Internet security. The paper emphasizes the need for updated methodologies that include end-user devices to provide a more comprehensive understanding of IPv6 deployment security.