Nmap Development mailing list archives
Re: [NSE] whois.nse
From: jah <jah () zadkiel plus com>
Date: Thu, 07 Aug 2008 03:00:08 +0100
On 06/08/2008 07:54, Brandon Enright wrote:
Sorry for the poor reply quality, I only have my phone right now. Regarding the IPv6 /32 cache, you should probably cache at /48 as that is the size being assinged to organizations. /32s are going to RiRs -- and being chopped into 65536 /48s. Seems like a more logical cache boundary to me. Brandon Sent from my phone
Thanks for the info Brandon. You nudged me into looking at the ripe and apnic database files in which I've found that combined, there are 8580 /48 assignments and 9875 at /64 or smaller. It does look like there's a good case for reducing the size of cached ranges for IPv6 and possibly as far as /64. I also found that Ripe has allocated 5 single host assignments: 2A01:2F0F:FFFF:FFFF:0100:1000::1/128 2A01:2F0F:FFFF:FFFF:0100:2000::1/128 2A01:2F0F:FFFF:FFFF:0300:1000::1/128 2A01:2F0F:FFFF:FFFF:0300:2000::1/128 2A01:2F0F:FFFF:FFFF:0300:3000::1/128 These belong to an LIR which has been assigned 2A01:2000::/20. We'd never find these records unless we scanned the targets individually - since the records for hosts either side are in the /20. Bad for the whois script, but great if you want to find IPv6 hosts to scan - just grep through the database files! Perhaps we should enforce /128 for IPv6. What's the chances of people scanning ranges of IPv6 hosts anyway? It's not as if anyone would be crazy enough to do a Worldscan, would they? Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] whois.nse jah (Aug 05)
- Re: [NSE] whois.nse Brandon Enright (Aug 05)
- Re: [NSE] whois.nse jah (Aug 06)
- Re: [NSE] whois.nse doug (Aug 11)
- Re: [NSE] whois.nse Brandon Enright (Aug 05)