[ipv6hackers] IPv6 host scanning in IPv6
Christiaan Ottow
chris at 6core.net
Sat Apr 21 16:46:13 CEST 2012
Hi Fernando,
Below is the output from an OpenBSD -current snapshot I installed today:
<snip>
# ifconfig vic0 autoconfprivacy
# ifconfig vic0
vic0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu 1500
lladdr 00:0c:29:50:3c:79
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1
inet 10.0.32.104 netmask 0xffffff00 broadcast 10.0.32.255
# rtsold vic0
# ifconfig vic0
vic0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu 1500
lladdr 00:0c:29:50:3c:79
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1
inet 10.0.32.104 netmask 0xffffff00 broadcast 10.0.32.255
inet6 2000:1337::8cab:b106:43b0:68f0 prefixlen 64 autoconf autoconfprivacy pltime 14398 vltime 86398
# ping6 2000:1337::8cab:b106:43b0:68f0
PING6(56=40+8+8 bytes) 2000:1337::8cab:b106:43b0:68f0 --> 2000:1337::8cab:b106:43b0:68f0
16 bytes from 2000:1337::8cab:b106:43b0:68f0, icmp_seq=0 hlim=64 time=0.029 ms
^C
--- 2000:1337::8cab:b106:43b0:68f0 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.029/0.029/0.029/0.000 ms
# ping6 2000:1337::20c:29ff:fe50:3c79
PING6(56=40+8+8 bytes) 2000:1337::8cab:b106:43b0:68f0 --> 2000:1337::20c:29ff:fe50:3c79
^C
--- 2000:1337::20c:29ff:fe50:3c79 ping6 statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
</snip>
The second ping is to the address the host would have configured through EUI-64 SLAAC. This output seems to indicate that only the privacy address is configured.
Here's the output at next boot:
<snip>
# ifconfig vic0 autoconfprivacy
# ifconfig vic0
vic0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu 1500
lladdr 00:0c:29:50:3c:79
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1
inet 10.0.32.104 netmask 0xffffff00 broadcast 10.0.32.255
# rtsold vic0
# ifconfig vic0
vic0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu 1500
lladdr 00:0c:29:50:3c:79
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1
inet 10.0.32.104 netmask 0xffffff00 broadcast 10.0.32.255
inet6 2000:1337::e826:cc2c:279f:df7b prefixlen 64 autoconf autoconfprivacy pltime 14364 vltime 86364
</snip>
-- chris
On Apr 21, 2012, at 15:31 , Fernando Gont wrote:
> Hi, Chris!
>
> Thanks so much for your feedback! -- Please find my comments in-line...
>
> On 04/20/2012 08:01 AM, Christiaan Ottow wrote:
>> Section 3.1.2 of the draft states:
>>
>> It is important to note that "privacy addresses" are generated in
>> addition to traditional SLAAC addresses (i.e., based on IEEE
>> identifiers): traditional SLAAC addresses are employed for incoming
> [....]
>> According to my best knowledge, this isn't completely true. I haven't
>> tested this myself, but it seems that OpenBSD (in the -current and
>> the upcoming 5.1)
>
> Last time I checked (not long ago), OpenBSD did not implement RFC 4941
> (privacy addresses) at all. Could you please double-check this?
>
>
>> drops the EUI-64 address when a privacy address has
>> been generated, thus having only the privacy address as global scope
>> address.
>
> This would be somewhat weird, since you usually want a stable address in
> addition of privacy/temporary addresses.
>
> Thanks!
>
> Best regards,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
More information about the Ipv6hackers
mailing list