[ipv6hackers] nmap's and msf's spoofed-ra scan technique?

Markus Hofer markus.hofer1 at gmail.com
Wed Apr 25 17:17:48 CEST 2012

Hi Fernando,

> * Packets with an unrecognized option of type 10xxxxxx
> * Packets with an unrecognized header
> ... both of which elicit ICMPv6 error messages.
> Has anyone found a real world device that cannot be discovered with
> these two vectors (in addition to the traditional multicasted ping6)?

Windows 7 with enabled Windows Firewall (default) and and the default
ruleset does not respond with ICMPv6 error messages to invalid
multicast echo request packets.
(tested with invalid hop-by-hop, alive6 -s 4).
If the Windows Firewall is disabled, the system responds to these messages.

I tried to configure the Firewall to allow all inbound and outbound
connections -- but it still does not respond, i am not sure what the
real difference between 'disabled firewall' and 'enabled firewall with
allow all' is.

The SLAAC technique finds this target either way.

More information about the Ipv6hackers mailing list