[ipv6hackers] IPv6 Security research

Fyodor fyodor at insecure.org
Fri Mar 23 20:30:23 CET 2012

On Tue, Mar 20, 2012 at 07:02:21PM +0000, Mark Lane wrote:
> Apart from Marc's top secret ;) tool, is there anything out there that
> gives any sort of scanning capability in IPv6 networks?

Yes!  Perhaps we haven't done a very good job of "advertising" the
capability, but Nmap offers extensive IPv6 scanning support.  We
implemented IPv6 TCP port scanning and host discovery back almost a
decade ago (August 2002) and we have continued to improve the support.
Three Nmap developers spent last summer working mostly full time on
IPv6 (David Fifield, Luis MartinGarcia, and Xu Weilin).

You can download the latest version of Nmap for free (including
binaries for Linux, Windows, and Mac) at
http://nmap.org/download.html.  Of course that web site is dual
stacked, so you can do the download over IPv6 too.

Here is a quick summary of our IPv6 support:

o If you want your scan to use IPv6, specify the -6 argument (and of
  course specify IPv6 target IP addresses or DNS records).

o OS detection, and port scanning, and host discovery options are
  basically the same as IPv4.  You just specify -sS (SYN scan), -sU (UDP
  scan), -O (OS detection), etc.  Our OS detection was a huge amount
  of work with a completely separate engine and database, but from a
  user perspective it is trivial to use.

o All of our web sites are IPv6 enabled, including scanme.nmap.org
  that you can perform test scans against (or use scanmev6.nmap.org
  which has _only_ IPv6 records).

o We have nearly 350 Nmap Scripting Engine (NSE) scripts, many of
  which perform target discovery using techniques such as DNS zone
  transfers, brute force DNS enumeration, various broadcast probes,
  etc.  They are all described at http://nmap.org/nsedoc/ and we try
  to support IPv6 whenever possible.  If you manage to find a script
  which doesn't support IPv6 but could, we'd love it if you send a
  patch (or even just a bug report) to nmap-dev

o Advanced multicast host discovery is our newest IPv6 feature, and is
  one I'm quite excited about.  In fact, I'll send a separate email
  describing it shortly :).

In conclusion, IPv6 is an important priority for us and I think we
support it well.  If anyone has ideas for new IPv6 features or
improving our IPv6 support, we're all ears.  But all of the features
described above are available in Nmap version 5.61TEST5.  I'd like to
thank Marc Heuse and other IPv6 researchers for some of the ideas that
we ended up implementing in Nmap.


More information about the Ipv6hackers mailing list