On Mon, May 12, 2008 at 12:27:26AM +0000 or thereabouts, Brandon Enright wrote:
> v6 is awesome but makes our job as Nmap developers quite a bit harder.
Heh yes a lot harder. This is a great feature of IPv6: creating worms that
randomly scan for victims is mostly infeasible. However, there are still
some possible heuristics:
* Only check allocated blocks (duh)
* Obvious addresses like 2001:ABCD::1, 2001:ABCD::2, etc
* IPv4 mapped addrs will probably be popular for quite a while:
http://en.wikipedia.org/wiki/IPv4_mapped_address
* IPv6 addrs use DNS for reverse lookups in the ip6.arpa domain and
DNS servers can of course be misconfigured to transfer entire zones
to anyone who asks.
* People love vanity addresses like 2001:ABCD::1337:DEAD:BEEF:CAFE :)
Doug
PS. If you're parsing IPv6 targets that can include a port number, remember
that such strings can contain [ and ]. For instance, the IPv6 equivalent of
127.0.0.1:8080 is [::1]:8080 . Also remember that IPv6 addresses can contain
dots ("." characters). See the wiki link above.
PPS. Here is a badass regexp from PCRE's test suite:
/-- This tests for an IPv6 address in the form where it can have up to --/
/-- eight components, one and only one of which is empty. This must be --/
/-- an internal component. --/
/^(?!:) # colon disallowed at start
(?: # start of item
(?: [0-9a-f]{1,4} | # 1-4 hex digits or
(?(1)0 | () ) ) # if null previously matched, fail; else null
: # followed by colon
){1,7} # end item; 1-7 of them required
[0-9a-f]{1,4} $ # final hex number at end of string
(?(1)|.) # check that there was an empty component
/xi
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on May 11 2008
Intro
