Nmap Development mailing list archives
Re: IPv6 ranges
From: "Luis MartinGarcia." <luis.mgarc () gmail com>
Date: Mon, 25 Jul 2011 10:42:30 +0200
On 07/22/2011 03:58 AM, David Fifield wrote:
On Wed, Jun 22, 2011 at 05:16:32PM -0700, David Fifield wrote:Weilin, I think that we must implement IPv6 ranges before doing multicast host discovery. The reason for this is that I think it only makes sense to use multicast when dealing with a whole network. Currently Nmap's model is to parse the command-line host specifications, return one host at a time (see TargetGroup::get_next_host), and then feed those (4096 at a time) into ping scan. We need to change that, so that we can feed an entire block like fe80::/64 into ping scan when appropriate, without enumerating 2^64 addresses. The addrset code does not yet support iteration over members. We need to make it do that, but it must be capable of returning entire blocks when asked. For example, given the address specifications ::1 fe80::/64 1:2:3::4:5:6 scanmev6.nmap.org/112 the iteration would return the single host ::1, the network fe80::/64, the single host 1:2:3::4:5:6, and the network 2600:3c01::f03c:91ff:fe93:cd19/112. The next higher level would see: * ::1 as a localhost address (and not ping it), * fe80::/64 as a local network (and do multicast ping on it), * 1:2:3::4:5:6 as a single IP address (and do unicast ping on it), and * 2600:3c01::f03c:91ff:fe93:cd19/112 as a remote network (which it would then further iterate into 256 unicast hosts).These are my recommendations for what Nmap should do when asked to scan large and small, local and remote networks, over unicast and multicast. multicast unicast default requested requested --------------------------------------- Small IPv6 local network multicast multicast unicast Large IPv6 local network multicast multicast error/warning Small IPv6 remote network unicast error unicast Large IPv6 remote network error/warning error error/warning Large IPv6 remote network error/warning error error/warning
Hi! Here are my two cents: I think we could define "large IPv6 remote network" as a net bigger than /96. A /96 is equivalent to the whole IPv4 address space so I guess scanning something as big as the current Internet, should be the limit. In my opinion, anything bigger than a /96 should make Nmap fatal. Of course, we could add something like a --force option, but I really don't think that Nmap should only warn users when they request some crazy stuff like a /64. Also, Weilin, if it is easy to do, It would be great if the code that handles IPv6 ranges was placed in libnetutil. That way other tools like Nping or Ncat could use it. Regards, Luis MartinGarcia. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: IPv6 ranges David Fifield (Jul 21)
- Re: IPv6 ranges Luis MartinGarcia. (Jul 25)
- Re: IPv6 ranges Xu Weilin (Jul 26)
- Re: IPv6 ranges Luis MartinGarcia. (Jul 25)