[ipv6hackers] IPv6 Security research

Marc Heuse mh at mh-sec.de
Wed Mar 21 06:11:57 CET 2012

Am 20.03.2012 22:11, schrieb Eric Vyncke (evyncke):
> Jumping in the middle of a thread...
> If you are local: ping ff02::1 is good enough
> Else IPfix (or variant such as flexible netflow) can be used to collect
> source IPv6 address (indirect way to detect which nodes are using
> routers)
> Else ND cache scanning on routers (an entry is inserted upon receipt of
> any RS)

a ping to ff02::1 will only give you the devices that are configured to
reply to multicast ping, some are out of the box (Linux) others are not.

but actually there is more, local discovery is easy

you can send a ping to a multicast ping which has special unkown options
in an extension header set, which will trigger a response even from
systems that have been configured to not reply to multicast pings.

and then there is MLD discovery. send a MLD general query packet on your
local LAN and all system will report to the all-router-multicast address.

and thats all available in my public toolkit.

ping + ping with error header:	alive6 <interface>
mld discovery:  fake_mld6 <interface> query

and you can just sniff the network. the upcoming thc-ipv6 package has
small tool for this which does passive node discovery.


Marc Heuse

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list