Abstract Due to the bucket effect, dual-stack hosts face more severe security risks than single-stack hosts, making the discovery and identification of dual-stack hosts particularly important. Traditional studies employ methods such as domain name association and service fingerprinting for dual-stack identification; however, these methods suffer from incomplete identification and limited dual-stack scale. To solve this issue, we introduce the Trilink algorithm, which performs dual-stack host discovery and identification, as well as conducts security analysis, by verifying whether IPv6 addresses conform to the potential dual-stack address format standards, comparing the consistency of port fingerprints between IPv4 and IPv6, and utilizing IP geolocation and IP address ASN matching. The results show that we have discovered a total of 204,825 dual-stack devices across 118 countries and 269 autonomous systems. Meanwhile, our research reveals that dual-stack devices have 27% higher asset exposure across common service types than single-stack devices.
Shi et al. (Wed,) studied this question.