nmap scanning of IPv6 local link addresses

["Jan Monsch" <jan.monsch () csnc ch>]

Hi

I would like to scan an IPv6 host with a local link address
fe80::2xx:xxff:fexx:xxxx%eth0. Since the current version of nmap does
not support the scope id, I hade to apply the patch which is described
in http://seclists.org/nmap-dev/2005/q3/0192.html

The patch works as long as the host is really up and responding to
"ICMPv6 Neighbor Solicitation" with a "ICMPv6 Advertisement". But if the
target host is not responding to the solicitation, nmap will not send
TCP SYN requests. But as a result nmap will tell you:

bt nmap-4.50 # ./nmap -P0 -6 fe80::2xx:xxff:fexx:xxxx%eth0
Starting Nmap 4.50 ( http://insecure.org ) at 2007-12-20 17:21 GMT
...
All 1697 scanned ports on fe80::2xx:xxff:fexx:xxxx are filtered
Nmap done: 1 IP address (1 host up) scanned in 351.879 seconds

nmap shows results although it has not really scanned the host.

Does any body have an idee how to get nmap TCP scanning although the
target host does not respond to solicitation requests.

Kind regards
Jan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org