[ipv6hackers] nmap's and msf's spoofed-ra scan technique?
markus.hofer1 at gmail.com
Wed Apr 25 17:17:48 CEST 2012
> * Packets with an unrecognized option of type 10xxxxxx
> * Packets with an unrecognized header
> ... both of which elicit ICMPv6 error messages.
> Has anyone found a real world device that cannot be discovered with
> these two vectors (in addition to the traditional multicasted ping6)?
Windows 7 with enabled Windows Firewall (default) and and the default
ruleset does not respond with ICMPv6 error messages to invalid
multicast echo request packets.
(tested with invalid hop-by-hop, alive6 -s 4).
If the Windows Firewall is disabled, the system responds to these messages.
I tried to configure the Firewall to allow all inbound and outbound
connections -- but it still does not respond, i am not sure what the
real difference between 'disabled firewall' and 'enabled firewall with
allow all' is.
The SLAAC technique finds this target either way.
More information about the Ipv6hackers