[ipv6hackers] IPv6 Security research

Dominik Elsbroek dominik.elsbroek at gmail.com
Wed Mar 28 09:58:46 CEST 2012

Hi Mark,

> in the hope of learning something new here:
> what does this help? of course you could scan for ff02::1:ffXX:YY:ZZ
> (which is like scanning a IPv4 A class network) but I do not see how
> this helps. It is still a multicast address, so you can simply use
> ff02::1 as well. You can't TCP portscan a multicast address, NDP to a
> multicast address gets (of course) no result, and the same ping-reply
> restrictions apply to the solicitated node multicast address as for the
> all nodes multicast address. So I'm clueless how this would work.

You might not want to scan the ff02::1ffXX:YY:ZZ addresses but to scan
fe80::XXXX:XXff:feXX:XXXX which has the same count of bits to iterate
over. To mitigate or even eliminate that problem Fernando has written
the a draft (see


More information about the Ipv6hackers mailing list