Changes

A full IPv6 address is composed of a network address part (perhaps 64 bits) and a host address part (often 64 bits).

A full IPv6 address is composed of a network address part (perhaps 64 bits) and a host address part (often 64 bits).

Dependant upon the scheme that your host uses you '''may''' be able to freely select the host address part - e.g. when using static address allocation. Despite what you may find written elsewhere you are only safe from IPv6 port scans if the address of your machine is not easily discoverable within its IPv6 subnet. On this basis I suggest that you fight the urge to allocate easy to type/remember addresses (e.g. <network-address-part>::1 and any that use a mix of frequently used hexadecimal addresses that spell words - i.e. 0xdead, 0xbeef, 0xface). Many machines appear to use such allocations in their host address part and if you were writing an IPv6 port scanner then surely addresses using such choices would be the place that you would start scanning? A DNS with suitable Quad-A entries is your friend in this situation.

* [http://www.h-online.com/nettools/rfc/drafts/draft-gont-opsec-ipv6-host-scanning-02.shtml draft-gont-opsec-ipv6-host-scanning-02: Network Reconnaissance in IPv6 Networks]

* [http://www.h-online.com/nettools/rfc/drafts/draft-vyncke-opsec-v6-01.shtml draft-vyncke-opsec-v6-01:

Operational Security Considerations for IPv6 Networks]