IPv6 and port scanning

Recently, I've been seeing a lot of articles online claiming that IPv6 will make networks more secure because it makes port scanning harder. One example is this blog entry from a Microsoft employee who works on MS' DHCPv6 server team. He claims:

The addresses generated by the DHCPv6 server are sparsely distributed over the available address space for that subnet. By randomly distributing the address over the large address range made available by a 64-bit IPv6 prefix, the Windows DHCP server makes it much harder to guess IPv6 network addresses.

The idea is that the sheer amount of time it would take to scan a 64-bit subnet (18,446,744,073,709,551,616 addresses) is simply beyond the scope of an attacker, even one using a very large botnet (presumably containing many multi-core machines using asychronous code).

I think this notion is false. The larger IPv6 address space doesn't buy you much additional security.

Any compotent network admin will be running an IDS. That should detect the port scans (and optionally block them if you have an IPS). Also, you can use network breakage devices, err, firewalls, to block incoming connections to prohibited ports. Further, if your attacker has access to your physical network, he doesn't have to scan the entire space. He can exploit a feature of IPv6 to get all the nodes on the subnet to announce their presence.

All IPv6 nodes are required to join a link-local multicast group. It's used for various "housekeeping" functions on the subnet. But it can be (ab)used by an attacker. If an attacker pings FF02::1 (the link-local multicast group), every other node on the link will respond via their link-local address. From there, it's not too hard to guess their public, routable addresses, especially if stateless autoconfiguration is enabled.