[ipv6hackers] Scanning for IPv6 addresses embedding TCP/UDP service ports
fgont at si6networks.com
Fri Feb 22 03:15:17 CET 2013
Based on Tor's suggestion, I'm planning to enhance the scan6 tool to be
able to scan for IPv6 addresses embedding service ports (for example,
addresses such as fc00:1::25, fc00.1::80, etc.).
Lookig at /etc/services, these are the service port numbers that, at
first sight, looked worthwhile to include:
---- cut here ----
ssh 22/tcp # SSH Remote Login Protocol
smtp 25/tcp mail
tacacs 49/tcp # Login Host Protocol (TACACS)
domain 53/tcp # Domain Name Server
http 80/tcp www # WorldWideWeb HTTP
pop3 110/tcp pop-3 # POP version 3
bgp 179/tcp # Border Gateway Protocol
imap3 220/tcp # Interactive Mail Access
ldap 389/tcp # Lightweight Directory Access Protocol
https 443/tcp # http protocol over TLS/SSL
imaps 993/tcp # IMAP over SSL
pop3s 995/tcp # POP-3 over SSL
sip 5060/tcp # Session Initiation Protocol
postgresql 5432/tcp postgres # PostgreSQL Database
mysql-proxy 6446/tcp # MySQL Proxy
http-alt 8080/tcp webcache # WWW caching service
---- cut here ----
For obvious reasons, the transport-protocol above (i.e., TCP vs. UDP) is
meaningless, since we're not scanning *ports* but rather IPv6 addresses
that embed service ports.
Two related questions are.
* Have I missed any interesting ports?
* Have I included any ports that are not really worthwhile? (and hence
should probably remove them from the list).
* I was considering that, for every service port, scan6 should probably
This would mean that when scanning for an IPv6 address from the prefix
fc00:1::/64 embedding port 80, we'd probe these addresses:
The idea is, of course, to also target addresses that embed the service
port, but also change the second lowest-order word.
Has anyone seen these patterns? Does it make sense to add them as part
of "scan for IPv6 addresses embedding service ports"?
Should we just scan for fc00:1::port? Or maybe expand the range a bit as in:
Thoughts and/or comments welcome :-)
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers