[ipv6hackers] ipv6 network scanning (was: Help wanted: Nmap IPv6 OS Detection)

Marc Heuse mh at mh-sec.de
Wed Sep 28 10:38:20 CEST 2011

> Brute force scanning of an IPv6 range is impractical, as it has always
> been.  Five or six years ago I had seen discussions about feeding
> lists of IPv6 addresses into nmap to perform a scan.  Even today, I
> got a call from customers telling me about ‘someone is trying to scan
> our IPv6 segmentsÂ’, but after reviewing the logs, they are performing
> linear scans.  [Attacker 0 | Defender 1]
> Today, enumerating an IPv6 segment, network or infrastructure requires
> more finesse then did IPv4. Soon that will change.

if people configure the host address part by random (rolling dices,
privacy extensions, etc.) then yes, its impossible.
in all other cases it is possible. see my presentation from last year:
that is based on real-life tests where I scanned most of the ipv6 internet.

(note that it is about scanning server networks over the internet, local
networks are way easier, but access networks e.g. DSL very hard)


Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726

Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin

Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list