[ipv6hackers] Finding v6 hosts by efficiently mapping ip6.arpa
Peter van Dijk
peter at 7bits.nl
Thu Mar 29 16:36:19 CEST 2012
Hello Simon,
On Mar 29, 2012, at 16:33 , Simon Perreault wrote:
> On 03/28/12 22:23, Peter van Dijk wrote:
>> in a discussion with a friend recently the thought occurred to me
>> that due to how NOERROR and NXDOMAIN in DNS work, finding all
>> existing reverses in an ip6.arpa reverse zone could be done very
>> quickly.
>
> We show this trick in our IPv6 security course.
Oh! Well, good to hear people already know about it. Do you have any slides or such I could see?
> We developed fairly efficient proof-of-concept code that is able to enumerate the whole reverse zone in a very reasonable time. (Autogenerated subnets need to be skipped.)
>
>> I was unable to find any existing references to this trick; if you do
>> have any, please let me know!
>
> We couldn't find any reference either, but we've been told that it's been known for a long time, even before IPv6 existed. The same trick can be applied to IPv4, it's just less useful/efficient there.
I have used the trick in the past on forward zones that had many second-level delegations but no first-level delegations. Worked wonders there too.
Kind regards,
Peter van Dijk
More information about the Ipv6hackers
mailing list