[ipv6hackers] Finding v6 hosts by efficiently mapping ip6.arpa
Simon Perreault
simon.perreault at viagenie.ca
Thu Mar 29 16:33:45 CEST 2012
On 03/28/12 22:23, Peter van Dijk wrote:
> in a discussion with a friend recently the thought occurred to me
> that due to how NOERROR and NXDOMAIN in DNS work, finding all
> existing reverses in an ip6.arpa reverse zone could be done very
> quickly.
We show this trick in our IPv6 security course.
We developed fairly efficient proof-of-concept code that is able to
enumerate the whole reverse zone in a very reasonable time.
(Autogenerated subnets need to be skipped.)
> I was unable to find any existing references to this trick; if you do
> have any, please let me know!
We couldn't find any reference either, but we've been told that it's
been known for a long time, even before IPv6 existed. The same trick can
be applied to IPv4, it's just less useful/efficient there.
Simon
--
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca
STUN/TURN server --> http://numb.viagenie.ca
More information about the Ipv6hackers
mailing list