[ipv6hackers] Scanning for IPv6 addresses embedding TCP/UDP service ports

Fernando Gont fgont at si6networks.com
Fri Feb 22 11:49:10 CET 2013

Hi, Marc,

On 02/22/2013 05:30 AM, Marc Heuse wrote:
>> Based on Tor's suggestion, I'm planning to enhance the scan6 tool to be
>> able to scan for IPv6 addresses embedding service ports (for example,
>> addresses such as fc00:1::25, fc00.1::80, etc.).
> ...
>> Has anyone seen these patterns? Does it make sense to add them as part
>> of "scan for IPv6 addresses embedding service ports"?
> well, thats what alive6 implements for two years now ;-)
> (OK, OK, public since October 2012, but still)

I now recall checking your slideware, but I think I didn't check this
feature when I downloaded the last public release of THC-IPv6.

> I do not work with the full services list though but the most common
> ones. (my assumption is that when such an addressing scheme is used,
> several service addresses will point to the same server).

Yeah.. Additionally, this scheme will most likely be used for servers,
with the address indicating the "main" service provided by such server.

So I guess we'd be fine by just using a list of, say, 20 ports or so...

> from my statistics (based on 350k addresses) you find one of the two
> algorithms (but still still is public since my 2011 presentations):
> ::1:port, ::2:port, ...
>   or
> ::port:1, ::port:2, ...

Really cool. I've committed this to my working copy of scan6 (please see
the repo).

FWIW, I think it would be really cool for someone to grab your THC-IPv6
and SI6-IPv6, and employ the two together to do some massive IPv6
scanning, and be able to get additional data about IPv6 addresses in the
wild... :-)

Cheers, (and thanks!),
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list