Nmap Development mailing list archives
Re: GSoC 2011 - IPv6 idea
From: Linh Vu Hong <ling.vh4 () gmail com>
Date: Fri, 8 Apr 2011 02:00:13 +0200
Dear David, Thank you for your comments on my proposal. Do you think that my proposal is adequate in details or I should add some more details on the tasks and timeline? Because I think we can have more detailed information about that while we are doing the actual tests and researching more. About the issue of different OSes, it is just my opinion about the phenomenon. But you are right, we cannot confirm that until we finish the actual measurements. Best regards, Linh Apr 8, 2011 kl. 1:09 AM skrev David Fifield:
On Wed, Apr 06, 2011 at 10:46:58PM +0200, Linh Vu Hong wrote:Currently I was busy with my study at my school so I did not follow up with the conversation. I attached my proposal for the project of adding IPv6 OS detection feature. Please take a look and give me some comments. Thanks! Best regards, LinhI would like to work on the project of adding IPv6 features to Nmap, especially in the OS detection feature. Based on researching the related literatures and suggestion from David Fifield, the OS detection or OS fingerprinting mainly based on the difference in the implementation of the IP/TCP stack of the vendors. This action of fingerprinting can be active or passive. According to the report of Frederic Beck[1], the passive fingerprinting is not effective.I wouldn't assume that passive IPv6 fingerprinting is not effective. I haven't seen convincing research either way. But for Nmap, yes, we are thinking of an active scanner.Therefore, in this project, we will focus on the active fingerprinting. The expected timeline for the project is following: - Continue to research literatures including the related RFC standards, implementing and checking if existing IPv4 tests can be used in IPv6. Furthermore, check the effectiveness of various tests for IPv6 proposed in [1][2] and the mapping approach of SinFP[3] (3 weeks)Yes, that's a good question to answer: Do operating systems in fact treat IPv4 and IPv6 the same with respect to header fields, or to they differ in common configurations?- Based on the results of stage 1, propose and implement a sample test suit for both one-hop and over-internet IPv6 OS fingerprinting. Checking the effectiveness of those test suit. (2 weeks) - From the results of stage 2 and literatures, build a new tests for IPv6 probably based on the extension headers and analyze the tests. (3 weeks) - In parallel, build new test suit and collect the fingerprint database. Implement matching algorithm. (2 weeks) - Implement and integrate the feature into Nmap. Testing and reviewing (2 weeks) For detect different version of one OS, it should be noticed that some vendor may implement the IPv6 stack once and port it to all of their OSes, make this task become more complex.This is a problem we already deal with in IPv4. Just try counting the number of Windows XP fingerprints in nmap-os-db to see what kind of variety is possible within one operating system. I think that we'll be able to make an IPv6 system even more sensitive than the IPv4 system, so I don't think distinguishing similar OSes will be a problem. But that's the point--we don't know until we do the measurements. David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: GSoC 2011 - IPv6 idea David Fifield (Apr 01)
- Re: GSoC 2011 - IPv6 idea Linh Vu Hong (Apr 01)
- Re: GSoC 2011 - IPv6 idea Linh Vu Hong (Apr 06)
- Re: GSoC 2011 - IPv6 idea David Fifield (Apr 07)
- Re: GSoC 2011 - IPv6 idea Linh Vu Hong (Apr 07)
- Re: GSoC 2011 - IPv6 idea David Fifield (Apr 08)
- Re: GSoC 2011 - IPv6 idea David Fifield (Apr 07)