"It is a commonly held belief that IPv6 provides greater security against random-scanning worms by virtue of a very sparse address space. We show that an intelligent worm can exploit the directory and naming services necessary for the functioning of any network..."
Although they focus on low-level address-scanning worms, they do point out that email worms operate completely independently of the Internet address scheme. They describe models of hypothetical worms which would use pipelined random DNS name lookups and conclude that they could run almost as fast as raw IPv4 address scanning worms (so the worm would constantly guess names like www.somedomain.com)
They suggest employing traffic monitoring software near DNS servers to spot dodgy activity. I was wondering if we could usefully restrict access to the name system to slow down these attacks? Perhaps everyone has to authorise lookups via a smartcard/PDA and/or is rate-limited as well? It's a tricky one since obviously there is a tension between making good communication easy while making bad communication difficult...
It does beg the question of why so many computers have names as well as addresses. Since I never want to log into my laptop remotely, it doesn't need a name. However a lot of current applications seem to prefer all IP addresses to have associated names (to help prevent address spoofing?) and suffer large name lookup delays when they don't (like ssh - I had to add an entry to DNS for a laptop yesterday just because of that) }, bibtexurl = {http://www.recoil.org/~djs/bibtex/effect_of_dns_delays_on_worms.bib"} }