[ipv6hackers] scan6: Some notes on IPv6 address scanning

[Fernando Gont]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folks,

As noted in my previous announcement of the beta release of the SI6
IPv6 toolkit v1.3, this upcoming release includes an expanded version
of scan6, which tries to leverage patterns in IPv6 addresses.

Among the input I'd appreciate from the community is:

* Are there any patterns that have been left out of the tools? (other
than "wordy" addresses)

* What about the OUIs employed by virtualization technologies other
than vmware and VirtualBox? Can anyone provide data about them?

* If you happen to use the scan6 tool in the public Internet, and are
able to report your findings (e.g., which options you found most
effective, etc.), that would be useful.

* If you used the --tgt-vendor, or --tgt-ieee-oui... do the *MAC*
addresses follow any patterns? -- e.g., are they consecutive?

I plan to start working on a new release as soon as I post v1.3... so
any feedback will help improve the toolkit (whether on-list, or
off-list if you prefer not to go public with it).

That aside: I'll include a note in the relevant manpage, but... You
*really* need to read draft-ietf-opsec-ipv6-host-scanning (referenced
in the scan6 manual page) to know what you're doing (and to avoid
DoS'ing the target networks as a "side effect"), *and* you *really*
should be using the "-r" option as appropriate (or else the scan will
not be "reliable").

P.S.: If you haven't downloaded the toolkit (yet), here's where you
can find it: <http://www.si6networks.com/tools/ipv6toolkit>

Thanks!

Best regards,
- -- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJRGayrAAoJEK4lDVUdTnSSPewP/ii01bp1ediZ/7SHLZkQ810W
kYz6wgG/Lp9BKqja0mz/FLf/NZD5WFvW05tZzhrYUY+SehiZBT91zh3nfI6wmoOm
0EQ5K/yoGZXtW5vJx3iwU56x7sLO6EWXpkoH/Zi1+pM0ph388R8Myw+RyyJaAmiR
cO41E21yJwkqH2GRBy1dwa76xhx/GhEZ0o2AANZp/0ZCWhYTHxeLchDawLlz44iW
cu0Naazsset1hwM1r0zpOf7n8ra8qQIid7BVq4GASRtih0ZcA/ykF47bko+eq2IH
uEN+yk+EqiXALyabggagX4HCwaoDf0zf8lZyvX5Gq8zFWu2yKrC7XgtafiULK2Vl
+AsmMZdoIn/hcBp+ApWcxmJMlC0JQRMSm9oiHW1D6iS8ihwVn3Dypjb3YZdPIC7l
1V671IA5b/CeQFMU+VH0OYHtv9fAQH4kmRVF9rL4IUrubyohImrAnebslnUzXsRC
Za/Q3/LMdlVJXf5bUMn70sehLqsgh8Jy92sFVqNxzUa/cIvbXnRPrCaYmn2mv9rw
MBrCg0Gf0VkJn4YVbrLO+tPnuh9ueW8ZfUuvI0DueFdbwxDmIm13M2O++ZXSewBK
bceiez5YW6QZPs/d7xl9GwmXEatvKRtc/SGiAvDmqSyHtK9nWNKM9xjEh97l9XD4
VepbQi0esbdRxDuR52Ti
=K/za
-----END PGP SIGNATURE-----