Re: OS X Lion and IPv6

[Patrik Karlsson <patrik () cqure net>]

On Sun, Mar 11, 2012 at 11:33 AM, Patrik Karlsson <patrik () cqure net> wrote:

> Hi list,
>
> It appears that I have two problems when scanning IPv6 addresses from Mac
> OS X Lion.
> The first has to do with link-local addresses where I always have to add
> the zone index. This isn't a big problem when adding an IP or two, but when
> scripts add IPv6 targets or when running against some sort of list, it does
> become a problem. This occurs even though I specify the interface using -e.
>
> The second problem occurs when scanning "external" IPv6 addresses. What
> happens is that I can't scan these addresses as root (this works for
> link-local addresses though).
> The error message I'm seeing is (nexthost: failed to determine route to
> <ipv6 addr>). It's possible to scan the same IPv6 address as a non
> privileged user but as root it always fails. I've tried adding a zone index
> or specifying the interface with -e or forcing a TCP scan rather than a SYN
> scan, but the scan always fails with the same message.
>
> Anyone else seeing this on OS X Lion?
>
> Cheers,
> Patrik
> --
> Patrik Karlsson
> http://www.cqure.net
> http://twitter.com/nevdull77
I noticed that my router (a Apple Time Capsule) is advertising it's
link-local address as default gateway. Changing this manually on my OS X
host to the global address fixes the problem with scanning global addresses
as root. As far as I can tell from a few Google searches it seems as if
Apple Airport and Time Capsule advertise their link-local address as the
default gateway. To the best of my understanding this should be a valid
configuration, as it seems to work for other applications ie. browsing the
web etc ...

Cheers,
Patrik

-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/