Nmap Development mailing list archives
Re: -sO for IPv6
From: David Fifield <david () bamsoftware com>
Date: Thu, 16 Jun 2011 22:51:56 -0700
On Wed, Jun 15, 2011 at 07:08:18PM -0700, David Fifield wrote:
On Wed, Jun 15, 2011 at 05:40:27PM -0500, Dario Ciccarone (dciccaro) wrote:2) Because of (1), 0, 43, 44 and 60 are erroneously reported as "open|filtered", with reason "no-response". Actually, the thing is that for the other ones being reported as "closed", the OS is indeed sending back an ICMPv6(4,1) - but for those four I mention before, it's sending back an ICMPv6(4,0) - which we aren't checking for as a return value.Oops, you're right. In fact we are testing for ICMPv6(4, 0) (and marking "open" in that case), but there is another bug that prevents that test from happening.3) On top - if a device between the nmap scanning host & the target is filtering traffic for those protocols, the filtered protocols are being reported as (again) "open|filtered", "no-response" - even when the filtering device *does send back* an ICMPv6(1,1) - which again, looks like we're not checking for.We are checking for ICMPv6(1, 1) (dest unreachable, admin prohibited), but it might not be taking effect due to the same bug I mentinoed above.
I think this bug is fixed in recent commits. I get "open" now in response to protocol 44, ipv6-frag. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- -sO for IPv6 David Fifield (Jun 14)
- Re: -sO for IPv6 Daniel Miller (Jun 14)
- RE: -sO for IPv6 Dario Ciccarone (dciccaro) (Jun 15)
- Re: -sO for IPv6 David Fifield (Jun 15)
- RE: -sO for IPv6 Dario Ciccarone (dciccaro) (Jun 15)
- Re: -sO for IPv6 David Fifield (Jun 16)
- Re: -sO for IPv6 David Fifield (Jun 15)