Nmap Development mailing list archives

nmap scanning of IPv6 hosts

From: Craig Miller <cvmiller () gmail com>
Date: Wed, 30 Dec 2015 08:55:59 -0800

Hello nmap devs,

I have been experimenting with nmap 7.01 and scanning IPv6 hosts on mynetwork. I have found the following:


1. Although scanning uses the solicited node multicast  address, which
   reduces a /64 network from 2^64 addresses to 2^24, it still takes
   about a week to scan a single /64 network
2. IPv6 uses temporary addresses (RFC 4941) which typically only last
   24 hours. Which means by the time nmap scanner finds an address, it
   will more than likely have changed.
3. Using the all nodes multicast address ff02::1 is much more efficient
   at node discovery in IPv6. I see that a nmap script
   targets-ipv6-multicast-mld.nse has already been written to take
   advantage of this.
4. I have also taken advantage of the all_nodes method and written a
   shell script to drive nmap https://github.com/cvmiller/v6disc

Of course the ff02::1 is not without draw backs. The nmap scanning hostmust be on the same /64 network as the targets.

It would be nice if nmap supported the MLD/ff02::1 approach natively, asthe brute force method is not really practical for IPv6. I am hoping tostart a discussion in order to further improve nmap.


TIA

Craig...

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

nmap scanning of IPv6 hosts Craig Miller (Dec 30)
- Re: nmap scanning of IPv6 hosts David Fifield (Dec 30)
  - Re: nmap scanning of IPv6 hosts Craig Miller (Dec 31)
    - Re: nmap scanning of IPv6 hosts David Fifield (Dec 31)
    - Re: nmap scanning of IPv6 hosts Craig Miller (Dec 31)
    - Re: nmap scanning of IPv6 hosts Daniel Miller (Dec 31)