Nmap Development mailing list archives
Resources for IPv6 version detection
From: David Fifield <david () bamsoftware com>
Date: Thu, 5 Aug 2010 13:50:32 -0600
I'm looking at the TODO item "Analyze what sort of work would likely be required for Nmap to support OS detection over IPv6 to a target." and have found some resources to share. You can reply to this thread with any other resources you know about or OS detection techniques you've thought of. Kris wrote an analysis of the difficulties involved in sending raw IPv6 packets. We don't have direct access to the packet buffer to interact with the header but can modify it through ancillary means. It is possible that we don't need such comprehensive access for OS detection only. It occurs to me we could work around this by manipulating a raw packet buffer as before, and having the sending functions peek inside it to set the necessary options. GSoC RFC: Raw IPv6 Scans http://seclists.org/nmap-dev/2008/q1/458 The only program I was able to find that does IPv6 OS detection is SinFP. It has a mostly unified IPv4/IPv6 detection engine. Its database contains IPv6 fingerprints, and it can also fall back to using an IPv4 fingerprint when an IPv6 match fails (-4 option). The following correlation is used between IPv4 and IPv6: IPv4 ID -> IPv6 flow label IPv4 TTL -> IPv6 hop limit IPv4 DF -> IPv6 traffic class http://www.gomor.org/sinfp http://www.gomor.org/files/sinfp-jcv.pdf I found this master's thesis useful. It evaluates Nmap's IPv4 detection probes (section IV. B.) against IPv6 stacks (section IV. D.). It also proposes new IPv6-only probes (section V. A.) and tests a small number of them (section V. B.). It appears that the richest source of new fingerprinting techniques, apart perhaps from new protocols like ICMPv6, are extension headers. IPv6 Host Fingerprint http://faculty.nps.edu/xie/theses/06Sep_Nerakis.pdf A potential new protocol for OS detection is NDR. IPv6 Neighbor Discovery Protocol based OS Fingerprinting http://hal.inria.fr/docs/00/16/99/90/PDF/technical_report_fingerprinting.pdf This is a list of RFCs I'e highlighted as relevant so far. Internet Protocol, Version 6 (IPv6) http://tools.ietf.org/html/rfc2460 Advanced Sockets Application Program Interface (API) for IPv6 http://tools.ietf.org/html/rfc3542 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) http://tools.ietf.org/html/rfc4443 Neighbor Discovery for IP version 6 (IPv6) http://tools.ietf.org/html/rfc4861 David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Resources for IPv6 version detection David Fifield (Aug 05)
- Re: Resources for IPv6 version detection David Fifield (Aug 08)
- Message not available
- Re: Nmap doesn't work on Windows 7 David Fifield (Aug 08)
- Message not available
- Re: Nmap doesn't work on Windows 7 David Fifield (Aug 09)
- Message not available
- Re: Nmap doesn't work on Windows 7 David Fifield (Aug 09)
- Re: Nmap doesn't work on Windows 7 David Fifield (Aug 08)