Re: Call for IPv6 OS fingerprints

[Fyodor <fyodor () insecure org>]

On Wed, Sep 21, 2011 at 07:14:48PM -0700, David Fifield wrote:
> >
>
> So far we've had 26 submissions!

That's a good start, but it'd be great to get a lot more so that we
can finally release IPv6 OS detection as an official feature!  I did
about 10 more today.  You might think it won't work if you aren't
using IPv6 yet, but it's very commonly set up by default these days.
For example, I had no idea my printer had an IPv6 address until I ran
the Nmap multicast scripts.  And my Linux and Windows 7 machines both
had 6to4 IPv6 address that I guess my wireless router gave to them.

You can generate fingerprints using the latest SVN version of Nmap, or
by grabbing 5.61TEST1 from http://nmap.org/download.html.

Once you have Nmap compiled or installed, you can start with a command
like this to find IPv6 addresses on your network:

nmap -6 -sP -v -e eth0 --script targets-ipv6-multicast-echo,targets-ipv6-multicast-slaac --script-args newtargets

In the command above, you might need to specify a different interface
than eth0.  Try 'nmap --iflist' for a list of candidates.  You should
be able to see the MAC addresses and vendor, which should give a clue
as to which devices they are.

Another way to get addresses is to log into machines and use ifconfig
(UNIX) or ipconfig (Win) to learn about any configured IPv6 addresses.
Even if the user hasn't configured one themselves or used IPv6, they
often at least have link local addresses that you can scan from
another machine on the same network segment.

Once you've decided what device(s) to scan, you can do so like:

nmap -6 -A -v [IPv6 hostname(s) or address(es) here]

Note that it will go faster with just -O instead of -A, but I like to
use the latter as a sort of sanity check to ensure (from the version
banners, etc.) that I'm scanning the machine I think I am.  Bad
submissions can corrupt the DB, which would be a huge shame when it is
just getting started like this.

After you get the fingerprint(s) from Nmap, just head over to our
simple form at:

http://insecure.org/cgi-bin/submit.cgi?new-os

So I hope some people will take a little bit of time to do some
scanning of their devices this weekend and early next week!  We'd love
to release this feature next week, but we can't do so until we have
enough fingerprints to train the databases.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/