[ipv6hackers] Help wanted: Nmap IPv6 OS Detection

Eric Vyncke (evyncke) evyncke at cisco.com
Tue Sep 27 20:13:36 CEST 2011


Fyordor

Good news: this will definitely remove the idea that 'IPv6 addressing space is so large that nobody can scan it' :-) (at least partially)

Do you also send mcast to ff02::1 ? (i.e. link-local mcast?)

-éric


> -----Original Message-----
> From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-
> bounces at lists.si6networks.com] On Behalf Of Fyodor
> Sent: mardi 27 septembre 2011 19:41
> To: IPv6 Hackers Mailing List
> Subject: [ipv6hackers] Help wanted: Nmap IPv6 OS Detection
> 
> Hi folks.  It has been great to see this list take off in the last
> week and discuss so many security issues.
> 
> At the Nmap Project, we've made IPv6 a high priority.  We've supported
> the basics (e.g. TCP port scanning and host discovery) since 2002, but
> we've lately expanded that to include raw packet scans (SYN scan, ACK
> scan, etc.), UDP, multicast host discovery, traceroute, etc.  Nmap.org
> has an AAAA record, and we also have scanme.nmap.org/scanmev6.nmap.org
> for people to test against.
> 
> Another thing we're working on (and the main point of this email) is
> IPv6 OS detection.  We've developed a system that we think has a lot
> of potential, but we need to collect an initial training set of IPv6
> fingerprints for the database.  I'm hoping some of you can help.
> We've tried to make the process as easy as possible.
> 
> You can generate fingerprints using the latest SVN version of Nmap, or
> by grabbing 5.61TEST1 from http://nmap.org/download.html.  We have
> Windows, Mac, and Linux binary packages available.
> 
> STEP 1, Finding the IPv6 machines on your network (if you don't
> already know their addresses):
> 
> Once you have Nmap compiled or installed, you can start with a command
> like this to find IPv6 addresses on your network:
> 
> nmap -6 -sP -v -e eth0 --script targets-ipv6-multicast-echo,targets-ipv6-
> multicast-slaac --script-args newtargets
> 
> In the command above, you might need to specify a different interface
> than eth0.  Try 'nmap --iflist' for a list of candidates.
> 
> You should be able to see the MAC addresses and vendor, which should
> give a clue as to which devices they are.  You might be surprised at
> what you find.  For example, I had no idea that my printer was
> listening on IPv6.
> 
> Another way to get addresses is to log into machines and use ifconfig
> (UNIX) or ipconfig (Win) to learn about any configured IPv6 addresses.
> Even if the user hasn't configured one themselves or used IPv6, they
> often at least have link local addresses that you can scan from
> another machine on the same network segment.
> 
> STEP 2, Collecting and submitting fingerprints:
> 
> Once you've decided what device(s) to scan, you can do so like:
> 
> nmap -6 -A -v [IPv6 hostname(s) or address(es) here]
> 
> Note that it will go faster with just -O instead of -A, but I like to
> use the latter as a sort of sanity check to ensure (from the version
> banners, etc.) that I'm scanning the machine I think I am.  Bad
> submissions can corrupt the DB, which would be a huge shame when it is
> just getting started like this.
> 
> Nmap will print a fingerprint (it's labeled so you'll recognize it)
> for each machine.  Then you just need to cut & paste it into our
> simple web form, along with information about the remote system's OS.
> Here is the form:
> 
> http://insecure.org/cgi-bin/submit.cgi?new-os
> 
> We're hoping to formally release this new OS detection system as soon
> as we receive and integrate enough fingerprints to make it reliable.
> So the sooner you can get fingerprints in to us, the sooner we can
> release.  Submissions today and tomorrow would be particularly useful
> :).
> 
> Also, the raw packet IPv6 code and the IPv6 OS detection code is very
> new.  So please tell us if you encounter any problems.  We have bug
> reporting instructions at http://nmap.org/book/man-bugs.html.
> 
> I hope that improving IPv6 support in networking tools (Nmap in this
> case) will encourage greater adoption of IPv6 in general.
> 
> Thanks,
> Fyodor
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers



More information about the Ipv6hackers mailing list