RE: Network Scanning
"Manfredi, Albert E" <albert.e.manfredi@boeing.com> Mon, 07 April 2008 22:12 UTC
Return-Path: <ipv6-bounces@ietf.org>
X-Original-To: ipv6-archive@megatron.ietf.org
Delivered-To: ietfarch-ipv6-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E93E3A68EA; Mon, 7 Apr 2008 15:12:09 -0700 (PDT)
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 50E9C3A68EA for <ipv6@core3.amsl.com>; Mon, 7 Apr 2008 15:12:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MA9g4chREWzx for <ipv6@core3.amsl.com>; Mon, 7 Apr 2008 15:12:06 -0700 (PDT)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id 77FF23A683D for <ipv6@ietf.org>; Mon, 7 Apr 2008 15:12:06 -0700 (PDT)
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id m37MCEPS001854 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 7 Apr 2008 17:12:15 -0500 (CDT)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id m37MCE1f014487; Mon, 7 Apr 2008 15:12:14 -0700 (PDT)
Received: from XCH-NEBH-11.ne.nos.boeing.com (xch-nebh-11.ne.nos.boeing.com [128.225.80.27]) by slb-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id m37MCENU014479; Mon, 7 Apr 2008 15:12:14 -0700 (PDT)
Received: from XCH-NE-1V2.ne.nos.boeing.com ([128.225.80.43]) by XCH-NEBH-11.ne.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 7 Apr 2008 18:12:13 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: Network Scanning
Date: Mon, 07 Apr 2008 18:12:13 -0400
Message-ID: <CA7D9B4A761066448304A6AFC09ABDA90331C034@XCH-NE-1V2.ne.nos.boeing.com>
In-Reply-To: <47FA94AF.50905@spaghetti.zurich.ibm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Network Scanning
Thread-Index: AciY9/dF1HNcah05QfO0WlX397AciwAA5buQ
References: <47F6A2D0.3040602@spaghetti.zurich.ibm.com> <200804042201.m34M1Jec007787@omr12.networksolutionsemail.com> <004301c896a6$e5ff23e0$b1fd6ba0$@com><F9296A6B5FA8B342A16483B956B26BB10670BB6522@NA-EXMSG-C114.redmond.corp.microsoft.com> <47FA94AF.50905@spaghetti.zurich.ibm.com>
From: "Manfredi, Albert E" <albert.e.manfredi@boeing.com>
To: Jeroen Massar <jeroen@unfix.org>
X-OriginalArrivalTime: 07 Apr 2008 22:12:13.0906 (UTC) FILETIME=[6EDA9B20:01C898FC]
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org
> -----Original Message----- > From: Jeroen Massar [mailto:jeroen@unfix.org] > Sean Siler wrote: > > Microsoft based Operating Systems join the All Nodes On > > Link Multicast Group as specified by RFC 4291, but that > > RFC does not mandate that nodes must reply to ICMP echo > > requests. So while we do not reply to pings to ff02::1, > > we are also in compliance with the RFC. And RFC 4443 (ICMPv6) also does not mandate a response to a multicast query. > Thus, as such, to identify this OS, one would just have to > send an MLD > Query on the link, receive the responses, and tada, you have, per the > RFC, all the hosts that at least comply to the RFC, then > substract the > ones you receive an ICMP echo from et voila you know what is > doing this > trick, which currently means that it is most likely > Windows-based To which on link multicast address would the MLD query be transmitted, for this idea to work? RFC 2710 does not mandate a reply to these multicast addresses: "When a node receives a General Query, it sets a delay timer for each multicast address to which it is listening on the interface from which it received the Query, EXCLUDING the link-scope all-nodes address and any multicast addresses of scope 0 (reserved) or 1 (node-local)." Hmmm. No way to do a network discovery? Bert -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- RE: Network Scanning Brian McGehee
- Re: Network Scanning Jeroen Massar
- Network Scanning Prasanna Ram Venkatachalam
- Re: Network Scanning Jeroen Massar
- RE: Network Scanning TJ
- Re: Network Scanning David Malone
- RE: Network Scanning Sean Siler
- Re: Network Scanning Jeroen Massar
- RE: Network Scanning Manfredi, Albert E