[ipv6hackers] IPv6 scanning (was Re: Help wanted: Nmap IPv6 OS Detection)

Richard Barnes richard.barnes at gmail.com
Tue Sep 27 22:38:42 CEST 2011

My guess is that as we see more IPv6 deployment, we'll start to see
some statistical tendencies in IPv6 addresses.  There will be a
certain noise floor driven by things like privacy addresses, but there
will also be some structured things that emerge from things like
EUI-64 addresses and DHCPv6-based addressing plans.  Ultimately, there
will probably be some guided probabilistic scanning that produces
non-useless results.

It would be an interesting study to do to see if there are any
discernible patterns.  Anyone have a bucket of known-live addresses
they want to loan me? :)


On Tue, Sep 27, 2011 at 3:49 PM, Fernando Gont <fgont at si6networks.com> wrote:
> On 09/27/2011 04:34 PM, Joe Klein wrote:
>> Brute force scanning of an IPv6 range is impractical, as it has always
>> been.
> Brute force scanning is, as the name implies, brute. :-) For IPv4,
> there's little "return of investment" in adding heuristics/intelligence
> (*) to your scan approach, because the address space is small. In IPv6,
> the address space is much larger, and then there *is* a high potential
> return of investment if more brains are put into scanning techniques.
> (*) I'm just referring to "how to select targets", rather than about the
> details of a particular scanning technique (idle-scan, ACK scan, etc.)
> -- i.e., nmap should make it obvious to everyone that there were/are
> lots of cool things to do.
>> Five or six years ago I had seen discussions about feeding
>> lists of IPv6 addresses into nmap to perform a scan.  Even today, I
>> got a call from customers telling me about ‘someone is trying to scan
>> our IPv6 segments’, but after reviewing the logs, they are performing
>> linear scans.  [Attacker 0 | Defender 1]
> Well, this should just be taken as a script-kiddie doing network
> reconnaissance, and/or as a hint that there's still lots of work to do
> in the area of IPv6 reconnaissance. -- but never as a sign of IPv6
> scanning being unfeasible!
> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

More information about the Ipv6hackers mailing list