Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r26641 - nmap
From: David Fifield <david () bamsoftware com>
Date: Thu, 6 Oct 2011 10:03:48 -0700

On Thu, Oct 06, 2011 at 01:05:15PM +0300, Toni Ruottu wrote:
Some other tools I have seen use heuristic, with -4 and -6 for forcing
the use of IPv4 or IPv6. Would that make sense?

I tdon't think other tools are using that heuristic. Rather they just
use whatever getaddrinfo returns to them, which will be IPv4 for IPv4
addresses, IPv6 for IPv6 addresses, and something system-dependent for
host names. A difference between Nmap and some other tools is that some
other tools only handle one target at a time, so -4 or -6, while
nominally global options, only apply to a single address.

RFC 3484 has an algorithm for deciding to use an IPv4 address or IPv6
address when both are available. You can configure getaddrinfo manually
by editing /etc/gai.conf. My Debian system seems to prefer global IPv6
addresses, for example when I SSH to one of my dual-stack servers it
uses IPv6 unless I also use the -4 option.

For what it's worth I think Nmap should be able to handle IPv4 and IPv6
in a single invocation. I think programs like ping6 and traceroute6 are
kluges that shouldn't exist. They aren't separate programs on every
platform: on Windows and Solaris the ping program handles both families,
and you don't even need -6 to allow an IPv6 address. (In case of
ambiguity it probably does something similar to /etc/gai.conf.) A good
use case for mixed—address family scanning is targets-sniffer.nse:
listen to the network and then scan everything.

The only question is what to do in this case:
        nmap 192.0.43.10 scanme.nmap.org 2001:500:88:200::10
Should scanme.nmap.org be resolved as IPv4 or IPv6? Some options are
        1) Always preferentially use IPv4.
        2) Always preferentially use IPv6.
        3) Use the getaddrinfo policy.
Also, what then should -4 or -6 mean? They could either simply prefer a
certain address family, or forbid all other address families. What would
you do if you wanted to scan both the IPv4 and IPv6 addresses of
scanme.nmap.org?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault