Nmap Development mailing list archives

Re: IPv6 OS Detection: Call for fingerprinters!!

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 5 Jul 2011 13:51:13 +0200


On Jul 4, 2011, at 6:28 PM, Luis MartinGarcia. wrote:

NOTE: It's Monday. Today many of you should have access to IPv6 boxes,
so I resend this call for fingerprinters.


Hi!

As you may know, David and I are working on a new OS detection
engine for IPv6 hosts. At the moment we are in a research phase
and we need your help to collect a few preliminary fingerprints
that we can analyze and use to refine our algorithms.

Basically we need people to run a python script against
some IPv6 box. The script stores the results in a file with a name
like nmap6fp62102933.6fp. We'd like you to send that file
to this address: david+luis () nmap org

Below you can find some simple instructions on how to run the script.

WARNING: Please do NOT run the script against any critical box,
as it performs tests that involve sending some weird IPv6 packets
that might crash some sloppy implementations.

Thank you very much for your help!

Best regards,

Luis MartinGarcia.



== GENERAL STEPS ==

1. Download the script from:
  http://nmap.org/svn/nping/nping-dev/ipv6fp.py

2. Make sure you have Python and Scapy installed in your system
  (See below for details on how to install them)

3. Collect the following information:
   - Target's IPv6 address
   - Target's IPv4 address
   - An open port in the target

4. Run the script (See instructions below).

5. Send the results file that it produces to david+luis () nmap org



== RUNNING THE SCRIPT ==

A. The easy way: let the script request all details interactively
   [Run as root]: ./ipv6fp.py --interactive

B. If the above does not work or you think interactive prompts are for
   cowards, run it with real command line parameters:

B.1 If the IPv6 host is on the local link:

  B.1.1 Target has a link local address like fe80::20c:29ff:fe7d:c25b

     [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --addr4 \
     TARGET_IPV4_ADDRESS --ot OPEN_PORT_IN_TARGET --interface \
     IFACE_NAME

  B.1.2 Target is on-link but its address is of global scope like
     2600:3c01::f03c:91ff:fe93:cd19.

    Try the first command, and then the second if it does not work:

     [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --ot 80 --addr4 \
       TARGET_IPV4_ADDRESS --interface IFACE_NAME --send-eth

     [Run as root]: ./ipv6fp.py TARGET_IPV6_ADDRESS --ot 80 --addr4 \
       TARGET_IPV4_ADDRESS --send-ip

B.2 If the IPv6 host is more than one hop away.

   [Run as root]: ./ipv6fp.py 2600:3c01::f03c:91ff:fe93:cd19 --addr4 \
     TARGET_IPV4_ADDRESS --ot 80


!!! Note that you have to replace TARGET_IPV6_ADDRESS with an actual
IPv6 address, OPEN_PORT_IN_TARGET with the number of an open port
in the box, and IFACE_NAME  with the name of the appropriate network
interface.  Parameter --addr4 is optional,  so if the target host does
not have an IPv4 address, it can be omitted. However,  if it does have
an IPv4 address, please provide it, as this will improve our results.



==HOW TO INSTALL PYTHON AND SCAPY==

 + You need to have Python and Scapy to run the script. To
   install scapy, follow these steps:

   # 1. Download latest version from:
       wget secdev.org/projects/scapy/files/scapy-latest.tar.gz

   # 2. Uncompress the file,
       tar xvf scapy-latest.tar.gz

   # 3. CD into the new directory
       cd scapy-2.1.0

   # 4. Build and install
       python setup.py build --force
       [AS ROOT] python setup.py install --force

  Alternatively, you may install scapy in Debian/Ubuntu running
  "sudo apt-get install scapy" or in RedHat/Fedora running "yum install
  scapy".


 + To install Python 2.X, follow these instructions:
   http://docs.python.org/using/unix.html

== Troubleshooting ==

 + Command "./ipv6fp.py --help" displays usage information.

 + The script can send packets at the Ethernet level or at the IP
   level. Although it tries to guess the appropriate level
   automatically, you can pass --send-eth or --send-ip to force
   any of them. If you use --send-eth and the script complains
   about not being able to resolve a MAC address, you can pass the
   default gateway mac address explicitly using:
   --gwmac 11:22:33:44:55:66

 + Before sending the OS detection probes, the script runs a little
   connectivity test to ensure you can successfully reach the target.
   If the connectivity test fails but you still want to run the
   script,just pass --force

 + Do not hesitate to contact me for any additional information:
   {luis.mgarc () gmail com}




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



I fail to run the script from Ubuntu 11.04, this is what I get:

Traceback (most recent call last):
  File "ipv6fp.py", line 4095, in <module>
    main()
  File "ipv6fp.py", line 4058, in main
    set_up_ipv6_tests(target_host6_g)
  File "ipv6fp.py", line 2317, in set_up_ipv6_tests
    finals=fragment6(final_packet, fragSize=1480)
  File "/usr/lib/pymodules/python2.7/scapy/layers/inet6.py", line 954, in fragment6
    s = str(pkt) # for instantiation to get upper layer checksum right
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 256, in __str__
    return self.build()
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 307, in build
    pay = self.build_payload()
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 299, in build_payload
    return self.payload.build(internal=1)
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 307, in build
    pay = self.build_payload()
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 299, in build_payload
    return self.payload.build(internal=1)
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 308, in build
    p = self.post_build(pkt,pay)
  File "/usr/lib/pymodules/python2.7/scapy/layers/inet6.py", line 1148, in post_build
    chksum = in6_chksum(58, self.underlayer, p)
  File "/usr/lib/pymodules/python2.7/scapy/layers/inet6.py", line 608, in in6_chksum
    ph6s = str(ph6)
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 256, in __str__
    return self.build()
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 304, in build
    pkt = self.do_build()
  File "/usr/lib/pymodules/python2.7/scapy/packet.py", line 291, in do_build
    p = f.addfield(self, p, val)
  File "/usr/lib/pymodules/python2.7/scapy/fields.py", line 66, in addfield
    return s+struct.pack(self.fmt, self.i2m(pkt,val))
struct.error: 'H' format requires 0 <= number <= 65535

Any ideas?

//Patrik

--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 04)
- Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
  - Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
    - Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
    - Re: IPv6 OS Detection: Call for fingerprinters!! Luis Martín García (Jul 05)
    - Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
    - Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
    - Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 05)
    - Re: IPv6 OS Detection: Call for fingerprinters!! Patrik Karlsson (Jul 05)
    - Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 06)
- RE: IPv6 OS Detection: Call for fingerprinters!! Dario Ciccarone (dciccaro) (Jul 06)
  - Re: IPv6 OS Detection: Call for fingerprinters!! Luis MartinGarcia. (Jul 07)

(Thread continues...)