RE: Network Scanning

To: "Jeroen Massar" <jeroen at unfix.org>
Subject: RE: Network Scanning
From: "Manfredi, Albert E" <albert.e.manfredi at boeing.com>
Date: Mon, 7 Apr 2008 18:12:13 -0400
Cc: ipv6 at ietf.org
Delivered-to: ietfarch-ipv6-web-archive at core3.amsl.com
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <47FA94AF.50905 at spaghetti.zurich.ibm.com>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group $6man$" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <47F6A2D0.3040602 at spaghetti.zurich.ibm.com> <200804042201.m34M1Jec007787 at omr12.networksolutionsemail.com> <004301c896a6$e5ff23e0$b1fd6ba0$ at com><F9296A6B5FA8B342A16483B956B26BB10670BB6522 at NA-EXMSG-C114.redmond.corp.microsoft.com> <47FA94AF.50905 at spaghetti.zurich.ibm.com>
Sender: ipv6-bounces at ietf.org
Thread-index: AciY9/dF1HNcah05QfO0WlX397AciwAA5buQ
Thread-topic: Network Scanning

> -----Original Message-----
> From: Jeroen Massar [mailto:jeroen at unfix.org] 

> Sean Siler wrote:
> > Microsoft based Operating Systems join the All Nodes On 
> > Link Multicast Group as specified by RFC 4291, but that
> > RFC does not mandate that nodes must reply to ICMP echo
> > requests.  So while we do not reply to pings to ff02::1,
> > we are also in compliance with the RFC.

And RFC 4443 (ICMPv6) also does not mandate a response to a multicast
query.

> Thus, as such, to identify this OS, one would just have to 
> send an MLD 
> Query on the link, receive the responses, and tada, you have, per the 
> RFC, all the hosts that at least comply to the RFC, then 
> substract the 
> ones you receive an ICMP echo from et voila you know what is 
> doing this 
> trick, which currently means that it is most likely 
> Windows-based

To which on link multicast address would the MLD query be transmitted,
for this idea to work? RFC 2710 does not mandate a reply to these
multicast addresses:

"When a node receives a General Query, it sets a delay timer for each
multicast address to which it is listening on the interface from which
it received the Query, EXCLUDING the link-scope all-nodes address and
any multicast addresses of scope 0 (reserved) or 1 (node-local)."

Hmmm. No way to do a network discovery?

Bert
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

References:
- Re: Network Scanning
  - From: Jeroen Massar
- RE: Network Scanning
  - From: Brian McGehee
- RE: Network Scanning
  - From: TJ
- RE: Network Scanning
  - From: Sean Siler
- Re: Network Scanning
  - From: Jeroen Massar

Prev by Date: Re: Network Scanning
Next by Date: HOW To BLOCK IPv6 ADDRESSES in Windows XP
Previous by thread: Re: Network Scanning
Next by thread: Re: Network Scanning
Index(es):
- Date
- Thread

RE: Network Scanning

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.