Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: EXPERT IPv6 network scaning
From: niteesh kumar <niteesh3 () gmail com>
Date: Mon, 16 Apr 2012 18:28:28 +0530

On Thu, Apr 12, 2012 at 1:47 PM, niteesh kumar <niteesh3 () gmail com> wrote:



On Thu, Apr 12, 2012 at 12:19 PM, David Fifield <david () bamsoftware com>wrote:

On Thu, Apr 12, 2012 at 10:58:39AM +0530, niteesh kumar wrote:
On Wed, Apr 11, 2012 at 7:46 AM, David Fifield <david () bamsoftware com
wrote:

On Wed, Apr 11, 2012 at 01:19:08AM +0530, niteesh kumar wrote:
I observed one more thing, target-ipv6-multicast-slaac.nse do scan
a lot
of
ips which MLD script doesnot but those ip which are not scanned my
MLD
are
also not responding to Ping msgs <ECHO>. this may be attributed to
machines
who actually take part in address configuration but do not
communicate in
IPv6 network or may be due to some firewall not responding to ICMP
packets.
May be a possibility that the slaac script is not checking the
reachability  of scanned nodes.

This is common to all targets scripts. I have seen phantom addresses
come from the slaac script on Windows too. Scripts should not verify
addresses themselves. Nmap will do its own more reliable ND
verification
of the added addresses. ICMPv6 echo is less reliable than ND.

IN case of dual stack <ipv4 and ipv6 togather> nmap can be used to scan
ipv4 addresses in the network, and henceforth use icmpv6 node Info
messages<type 139> to get their respective ipv6 addresses.

The ipv6-node-info script does this. (Actually it gives you IPv4
addresses when you know the IPv4 address; is it possible to go the other
way?)

David Fifield



what i was thinking is to send a NI query of code 2<data ipv4 address> to
all-node multicast address <ff02::1> putting ipv4 scanned addresses. This
may result in nodes responding with required information.
 also it would be interesting to see what happens if a noop query is sent
to all node multicast.

-Niteesh



Another scheme in dual stack implementation can be to scan the IPv4 network
get their MAC addresses and then preform inverse neighbor discovery to get
their IPv6 address.

-Niteesh
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault