[ipv6hackers] IPv6 host scanning in IPv6
Christiaan Ottow
chris at 6core.net
Sat Apr 21 21:30:17 CEST 2012
Hi Fernando,
See inline.
On Apr 21, 2012, at 17:58 , Fernando Gont wrote:
> Hi, Chris,
>
> Thanks so much for your timely response! -- Please find my comments
> in-line...
>
> On 04/21/2012 11:46 AM, Christiaan Ottow wrote:
> [....]
>> vic0:
>> flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu
>> 1500 lladdr 00:0c:29:50:3c:79 priority: 0 groups: egress media:
>> Ethernet autoselect status: active inet6
>> fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1 inet
>> 10.0.32.104 netmask 0xffffff00 broadcast 10.0.32.255 inet6
>> 2000:1337::8cab:b106:43b0:68f0 prefixlen 64 autoconf autoconfprivacy
>> pltime 14398 vltime 86398
>
> This could be problematic, since these addresses are valid for just 24
> hours (vltime==86398). i.e., if you were used to e.g. days-long ssh
> sessions, this would break them.
Wouldn't vltime becoming zero break sockets on any platform, regardless of the presence of another global address?
>
> That said, did you check whether OpenBSD configures new addresses once
> pltime becomes 0? If it doesn't, then after pltime seconds you'd have no
> "preferred" addresses. (After 24 hs or so, the system should have about
> 6 global addresses per interface -- assuming the same settings as above).
<snip>
# ifconfig vic0
vic0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu 1500
lladdr 00:0c:29:50:3c:79
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1
inet 192.168.170.134 netmask 0xffffff00 broadcast 192.168.170.255
inet6 2000:1337::2c7d:ff20:4029:8590 prefixlen 64 autoconf autoconfprivacy pltime 14328 vltime 86328
# ifconfig vic0 inet6 2000:1337::2c7d:ff20:4029:8590 pltime 1800
# ifconfig vic0
vic0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu 1500
lladdr 00:0c:29:50:3c:79
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1
inet 192.168.170.134 netmask 0xffffff00 broadcast 192.168.170.255
inet6 2000:1337::2c7d:ff20:4029:8590 prefixlen 64 pltime 1712 vltime infty
# ifconfig vic0 inet6 2000:1337::2c7d:ff20:4029:8590 pltime 60
# ifconfig vic0
vic0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu 1500
lladdr 00:0c:29:50:3c:79
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1
inet 192.168.170.134 netmask 0xffffff00 broadcast 192.168.170.255
inet6 2000:1337::2c7d:ff20:4029:8590 prefixlen 64 deprecated pltime 0 vltime infty
</snip>
When a new router advertisement comes along, a new tempaddr is configured:
<snip>
# ifconfig vic0
vic0: flags=48843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_PRIVACY> mtu 1500
lladdr 00:0c:29:50:3c:79
priority: 0
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe50:3c79%vic0 prefixlen 64 scopeid 0x1
inet 192.168.170.134 netmask 0xffffff00 broadcast 192.168.170.255
inet6 2000:1337::2c7d:ff20:4029:8590 prefixlen 64 deprecated pltime 0 vltime infty
inet6 2000:1337::a8ed:ca9e:e408:3d08 prefixlen 64 autoconf autoconfprivacy pltime 14368 vltime 86368
</snip>
So, this setup would not break connections I suppose, but would leave garbage addresses. I've leave the system running for a while to see when vltime becomes infty, and how long deprecated addresses stay behind when new addresses have been acquired.
-- chris
>
> Thanks!
>
> Best regards,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
More information about the Ipv6hackers
mailing list