Nmap Development mailing list archives
Re: Draft RFC on IPv6 Host Scanning
From: John Bond <john.r.bond () gmail com>
Date: Mon, 23 Apr 2012 22:29:14 +0200
Yes i noticed this too, i started thinking about how best to script this. there is a bit of cross over with the address-info script and im trying to think of the best way to combine them. Or if they should be combined at all. My current thinking is that we should have a script which + takes a V6 prefix as an argument, then adda newtargets for; - [user supplied v6 prefix]:[user supplied oui]::/16 (using eui format) - [user supplied v6 prefix]:[user supplied oui (By vendor name)]::/16 (using eui format) -- prefefind common defaults for the above e.g. vmware/virtualbox/hyperV/Xen - [user supplied v6 prefix]:[user supplied ipv4 prefix]/[user supplied bit mask] - something equivalent with toredo and 6to4 + The same as above but using the prefix of the IPv6 host.ip either using; - a default bit mask - bit mask (and possibly ipv4 prefixes) fetched with targets-asn - usersupplied bitmask + Using similar methods to address-info to look at the host.ip and work out what type of format is used*. i.e. - [v6 prefix of host.ip]:[oui of host.ip]::/16 (using eui format) - [v6 prefix of host.ip]:[ipv4 prefix of host.ip]/[user supplied bit mask] - something equivalent with toredo and 6to4 I hope all this makes sense, if anyone else has comments or was also thinking about working on this let me know cheers john *the EUI and ipv4 tests used in address-info would need to be updated to something like the attached script. however this would cause false positives. (a lot of the functions used here are copy and pasted from address-info, it might be worth splitting some of them out into a library) On 23 April 2012 21:40, Fyodor <fyodor () insecure org> wrote:
Hi Folks. Fernando Gont wrote a short draft RFC on IPv6 host scanning: http://www.ietf.org/id/draft-gont-opsec-ipv6-host-scanning-00.txt The focus is on predicting IPv6 addresses using patterns in the way they are constructed/allocated, not other IPv6 discovery techniques. Nmap is mentioned and cited. The ideas aren't new, but he does a good job summarizing and citing relevant research. I learned some interesting tidbits, such as the way VMWare ESX can include 16 bits of IPv4 address in its generates MAC address, which then can get included in autoconfigured IPv6 addresses. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Attachment:
ipv6-scan.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Draft RFC on IPv6 Host Scanning Fyodor (Apr 23)
- Re: Draft RFC on IPv6 Host Scanning John Bond (Apr 23)