IPv6 OS Detection: Call for fingerprinters!

["Luis MartinGarcia." <luis.mgarc () gmail com>]

Hi!

As you may know, David and I are working on a new OS detection
engine for IPv6 hosts. At the moment we are in a research phase
and we need your help to collect a few preliminary fingerprints
that we can analyze and use to refine our algorithms.

Basically we need people to run a python script against
some IPv6 box. The script stores the results in a file with a name
like nmap6fp62102933.6fp. We'd like you to send that file
to this address: david+luis () nmap org

Below you can find some simple instructions on how to run the script.

WARNING: Please do NOT run the script against any critical box,
as it performs tests that involve sending some weird IPv6 packets
that might crash some sloppy implementations.

Thank you very much for your help!

Best regards,

Luis MartinGarcia.



== GENERAL STEPS ==

1. Download the script from:
   http://nmap.org/svn/nping/nping-dev/ipv6fp.py

2. Make sure you have Python and Scapy installed in your system
   (See below for details on how to install them)

3. Collect the following information:
    - Target's IPv6 address
    - Target's IPv4 address
    - An open port in the target

4. Run the script (See instructions below).

5. Send the results file that it produces to david+luis () nmap org



== RUNNING THE SCRIPT ==

A. The easy way: let the script request all details interactively
    [Run as root]: ./ipv6fp.py --interactive

B. If the above does not work or you think interactive prompts are for
    cowards, run it with real command line parameters:

 B.1 If the IPv6 host is on the local link:

   B.1.1 Target has a link local address like fe80::20c:29ff:fe7d:c25b
      [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --addr4 
TARGET_IPV4_ADDRESS --ot OPEN_PORT_IN_TARGET --interface IFACE_NAME

   B.1.2 Target is on-link but its address is of global scope like
           2600:3c01::f03c:91ff:fe93:cd19
     
Try the first command, and then the second if it does not work:
      [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --ot 80 --addr4
TARGET_IPV4_ADDRESS --interface IFACE_NAME --send-eth
      [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --ot 80 --addr4
TARGET_IPV4_ADDRESS --send-ip

 B.2 If the IPv6 host is more than one hop away.
    [Run as root]: ./ipv6fp.py 2600:3c01::f03c:91ff:fe93:cd19 --addr4
TARGET_IPV4_ADDRESS --ot 80


 !!! Note that you have to replace TARGET_IPV6_ADDRESS with an actual
IPv6 address, OPEN_PORT_IN_TARGET with the number of an open port
in the box, and IFACE_NAME  with the name of the appropriate network
interface.  Parameter --addr4 is optional,  so if the target host does not
have an IPv4 address, it can be omitted. However,  if it does have an
IPv4 address, please provide it, as this will improve our results.



==HOW TO INSTALL PYTHON AND SCAPY==

  + You need to have Python and Scapy to run the script. To install scapy,
    follow these steps:

    # 1. Download latest version from:
        wget http://www.secdev.org/projects/scapy/files/scapy-latest.tar.gz

    # 2. Uncompress the file,
        tar xvf scapy-latest.tar.gz

    # 3. CD into the new directory
        cd scapy-2.1.0

    # 4. Build and install
        python setup.py build --force
        [AS ROOT] python setup.py install --force

    Alternatively, you may install scapy in Debian/Ubuntu running
   "sudo apt-get install scapy" or in RedHat/Fedora running "yum install
   scapy".


  + To install Python 2.X, follow these instructions:
    http://docs.python.org/using/unix.html
        

== Troubleshooting ==

  + Command "./ipv6fp.py --help" displays usage information.

  + The script can send packets at the Ethernet level or at the IP level.
    Although it tries to guess the appropriate level automatically,
    you can pass --send-eth or --send-ip to force any of them. If you
    use --send-eth and the script complains about not being able to
    resolve a MAC address, you can pass the default gateway mac
    address explicitly using:  --gwmac 11:22:33:44:55:66

  + Before sending the OS detection probes, the script runs a little
    connectivity test to ensure you can successfully reach the target. If
    the connectivity test fails but you still want to run the script,
    just pass --force

  + Do not hesitate to contact me for any additional information:
    {luis.mgarc () gmail com}




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/