[ipv6hackers] IPv6 scanning (was Re: Help wanted: Nmap IPv6 OS Detection)

Fernando Gont fgont at si6networks.com
Tue Sep 27 21:49:57 CEST 2011

On 09/27/2011 04:34 PM, Joe Klein wrote:
> Brute force scanning of an IPv6 range is impractical, as it has always
> been.  

Brute force scanning is, as the name implies, brute. :-) For IPv4,
there's little "return of investment" in adding heuristics/intelligence
(*) to your scan approach, because the address space is small. In IPv6,
the address space is much larger, and then there *is* a high potential
return of investment if more brains are put into scanning techniques.

(*) I'm just referring to "how to select targets", rather than about the
details of a particular scanning technique (idle-scan, ACK scan, etc.)
-- i.e., nmap should make it obvious to everyone that there were/are
lots of cool things to do.

> Five or six years ago I had seen discussions about feeding
> lists of IPv6 addresses into nmap to perform a scan.  Even today, I
> got a call from customers telling me about ‘someone is trying to scan
> our IPv6 segments’, but after reviewing the logs, they are performing
> linear scans.  [Attacker 0 | Defender 1]

Well, this should just be taken as a script-kiddie doing network
reconnaissance, and/or as a hint that there's still lots of work to do
in the area of IPv6 reconnaissance. -- but never as a sign of IPv6
scanning being unfeasible!

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list