Nmap Development mailing list archives
Re: Nmap IPv6 Bug Report
From: David Fifield <david () bamsoftware com>
Date: Fri, 18 Jun 2010 18:23:12 -0600
On Tue, Jun 08, 2010 at 11:57:49PM -0700, Fyodor wrote:
Hi Folks. I don't have IPv6 set up at the moment, so I'm forwarding a bug report along in the hope that someone can test and/or fix it. You can read the Debian bug threat here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584301 The key message is the last one on that page. Mats Erik Andersson (the reporter) says that Nmap fails when you do this bash shell command: RES_OPTIONS=inet6 nmap -v -p 22 ipv6.google.com The failure is that you get the wrong IPv4 address because Nmap is apparently failing to properly deal with the returned hostent structure. See the URL above for full details. If anyone can try to reproduce and/or fix this and report back to nmap-dev, that would be great!
I could reproduce this on Debian. The problem was that the resolver for hostname/CIDR addresses used gethostbyname, and always assumed that the only addresses returned were IPv4 addresses. When an IPv6 address was returned, it would use the first four bytes of the IPv6 address. # RES_OPTIONS=inet6 ./nmap -sn ipv6.google.com -d Nmap scan report for ipv6.google.com (32.1.72.96) [host down, received no-response] Other addresses for ipv6.google.com (not scanned): 32.1.72.96 32.1.72.96 32.1.72.96 With -6, Nmap gets the right IPv6 address. # ./nmap -6 -sn ipv6.google.com -d Nmap scan report for 2001:4860:800f::67 [host down, received net-unreach] You can see the correspondence between 2001:4860 and 32.1.72.96. I solved this by adding a new function to tcpip.cc, resolve_all, which is like the existing resolve function but it returns all addresses. It uses getaddrinfo so we can ask for a specific address family, and it generally easier to work with. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap IPv6 Bug Report Fyodor (Jun 08)
- Re: Nmap IPv6 Bug Report Arturo 'Buanzo' Busleiman (Jun 09)
- Re: Nmap IPv6 Bug Report Arturo 'Buanzo' Busleiman (Jun 09)
- Re: Nmap IPv6 Bug Report David Fifield (Jun 18)
- Re: Nmap IPv6 Bug Report Arturo 'Buanzo' Busleiman (Jun 09)