[ipv6hackers] IPv6 Security research

Marc Heuse mh at mh-sec.de
Wed Mar 28 18:50:53 CEST 2012

Hi Dominik,

> You might not want to scan the ff02::1ffXX:YY:ZZ addresses but to scan
> fe80::XXXX:XXff:feXX:XXXX which has the same count of bits to iterate
> over. To mitigate or even eliminate that problem Fernando has written
> the a draft (see
> https://tools.ietf.org/html/draft-gont-6man-stable-privacy-addresses-00).

this is sadly unfeasible ... that would be 48 bits, 65536 times the
whole IPv4 Internet.

you can reduce the search space to common vendor ID identifiers, but
then its still larger then scanning the IPv4 Internet ...

so the other techniques (MLD query, RA+DAD watching, etc. etc.) are way
faster and more likely to find all targets.
(the above approach would only work with the link local address is based
on the mac address too)


Marc Heuse

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list