[ipv6hackers] Finding v6 hosts by efficiently mapping ip6.arpa

Marc Heuse mh at mh-sec.de
Thu Mar 29 17:24:22 CEST 2012

This is very interesting.

I have never read about this before, so I'd guess you are the first,

there seems to be a bug in your tool - I played a bit, it has done >
70kb requests and has not found a reverse entry I know exists - and I
confirmed that your technique work on that DNS server.

I decided to add this functionality to the dnsdict6 tool in my thc-ipv6
package :-)


Am 28.03.2012 22:23, schrieb Peter van Dijk:
> Hi folks,
> in a discussion with a friend recently the thought occurred to me that due to how NOERROR and NXDOMAIN in DNS work, finding all existing reverses in an ip6.arpa reverse zone could be done very quickly.
> I have written a blog post at http://7bits.nl/blog/2012/03/26/finding-v6-hosts-by-efficiently-mapping-ip6-arpa that explains the workings. Code at https://github.com/habbie/ip6-arpa-scan/
> I was unable to find any existing references to this trick; if you do have any, please let me know!
> Kind regards,
> Peter van Dijk
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

Marc Heuse

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list