Nmap Development mailing list archives
Gsoc 2011 idea about IPv6
From: 许伟林 <mzweilin () gmail com>
Date: Sun, 20 Mar 2011 11:26:49 +0800
Hi all, I'm a college student from Beijing, China. This is my 3rd year of computer science. I'm very interested in nmap so I would like to apply for the Gsoc 2011 program. Actually, I have been researching IPv6 in part time for half a year and got some experiences. Last November, I helped Simon Kelley improve a feature of Dnsmasq about IPv6 DNS. (Mail-subject named 'Modification to the feature of config-static DNS record in dual-stack network.' in http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2010q4/subject.html). In addition, my team has created a open-source project 'stateful IPv6-to-IPv6 Network Address Translation (NAPT66)' last month in http://code.google.com/p/napt66/. NAPT66 has been deployed in several types of middle-box routers and Chinese people can use it to reduce the expensive cost of accessing Internet. I have read the 6 required items of IPv6 support carefully, and got some ideas. For the first 5 items, are the basic theories the same to IPv4's ways? For the 6th item about IPv6 host discovery, I think we have more than two ways to handle this problem. First, we can used a public BGP information to narrow down the IPv6 address space so that 2^128 times of scanning are not necessary. Second, we can use the worm's technique to discover all active hosts in a subnet. I recently read a paper about worm exploiting IPv6 network. (A new worm exploiting IPv6 and IPv4-IPv6 dual-stack networks: experiment, modeling, simulation, and defense<http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5274918>) It involves a host discovery technique based on the Duplicate Address Detection (DAD) mechanism of the stateless address autoconfiguration method. By sending a spurious Router Advertisement packet and listening all Neighbor Solicitation packets, we could collect all active hosts in the same subnet within 0.5s. The theory is simple but we must find a way to avoid disturbing the network accessing since the wrong router information may cause the hosts offline. I'm looking forward to seeing more discussions about IPv6 support. -- The 6 lacking features of IPv6 support: 1. OS Detection is not supported 2. TCP connect scan is supported, but the raw packet scans (TCP SYN scan, UDP scan, etc.) are not 3. The raw packet host discovery types are not supported (even the ICMPv6 echo request ("ping") packet is not supported) 4. Traceroute is not supported 5. Many NSE scripts have not been tested against IPv6 applications, and some surely don't work properly in that case. 6. While brute force ping scanning of IPv4 address space is extremely common, it is generally not feasible for IPv6 because even end users are usually assigned 18 quintillion addresses. Therefore we need to research and develop more effective host discovery techniques for IPv6. -- Regards Xu Weilin Beijing University of Posts & Telecommunications _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Gsoc 2011 idea about IPv6 许伟林 (Mar 19)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 21)
- Re: Gsoc 2011 idea about IPv6 Xu Weilin (Mar 24)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 24)
- Re: Gsoc 2011 idea about IPv6 Rob Nicholls (Mar 24)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 24)
- Re: Gsoc 2011 idea about IPv6 Xu Weilin (Mar 29)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 31)
- Re: Gsoc 2011 idea about IPv6 Xu Weilin (Mar 24)
- Re: Gsoc 2011 idea about IPv6 David Fifield (Mar 21)