[ipv6hackers] Scanning for IPv6 addresses embedding TCP/UDP service ports

[Will Urbanski]

If you aren't including them already, take a look at the default ranges
used by several of the DHCPv6 implementations that are now available.
Jagornet and WIDE-DHCP both have default range configurations that would be
a nice addition if you don't already have coverage!

The Dragon Research Group did some work on enumerating common IPv6 address
usage patterns a while back. We ended up developing a script to quickly
generate lists of common addresses that might exist under a given prefix.
You can find that work here: https://github.com/dragonresearchgroup/pfuzz

Cheers,

Will

On Tue, Feb 26, 2013 at 5:19 PM, Fernando Gont <fgont at si6networks.com>wrote:

> On 02/26/2013 02:18 PM, James Cloos wrote:
> >
> > FG> Have you found the latter in the wild? i.e. do people actually
> convert
> > FG> say (port) 80 to 0x50 , and embed *that* into the IPv6 address?
> >
> > I have seen NSs with ::35 and MXs with ::19.  I cannot remember any
> others,
> > but may have.
> >
> > There was a discussion someplace (nanog?) about it a few months (years?)
> > ago, including some jovial chiding directed at those of us who tend to
> > use the decimal port notation in the v6 addresses.
> >
> > I've been tempted to use both (they're cheap; take a few), just for fun.
> >
> > But I wouldn't have written "and others [embed] the hex notation" if I
> > hadn't witnessed it.
>
> Great ;-) -- Thanks for the data!
>
> I will update the toolkit, such that it not only probes the addresses
> embedding the ports in decimal notation, but also probes the addresses
> embedding the ports in hex notation.
>
> Thanks!
>
> Best regards,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>