IPv6 Security Scanner

From: dgoodrum@nfr.com
Date: Mon Feb 13 2006 - 15:40:23 EST

• Next message: Julian Totzek: "local proxy udp 53"
• Previous message: Julian Totzek: "AW: pushing exploits through the Firewall"
• Next in thread: Nicob: "Re: IPv6 Security Scanner"
• Reply: Nicob: "Re: IPv6 Security Scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm looking for a scanning tool that is capable of scanning IPv6 addresses for vulnerabilities. I briefly googled "IPv6 Security Scanner" and also checked out nessus.org to see if they had any documentation as to whether they supported vulnerability scanning for IPv6 devices, but didn't find anything other than a few IPv6 port scanners. I don't want tools that are just port scanners. I know nmap now supports IPv6, but I'm looking for something a little deeper than port scanning.

I probably need a tool that can be triggered from command line also.

Preferably the tool would run on Linux or Solaris... I could probably make windows work if I had to, but I'd rather not.

Here's why.... I'm implementing NFR's IDS product at a client where we'll use the product to passively detect new IPv6 rogues as soon as they come on the network and then automatically trigger an active vulnerability scan. I will probably use nmap with it's "advanced version detection system", for proof-of-concept, but I'd like to know if there are other options available.

The jist of the project I'm working on started because there is a belief that when IPv6 rolls out, active scanning will become a thing of the past due to the large number of potential addresses on a given subnet. i.e. the smallest IPv6 subnet address range is millions of times larger than the entire IPv4 address range, implying that it will take a VERY VERY long time to scan the full address range. So, rather than actively scan a range looking for hosts to check for vulnerabilities, we're hoping to solve the problem by passively finding IP addresses as soon as they talk on the network and then triggering the scan. Comments on these assertions/ideas are very welcome.

thanks,

dave
--------
David W. Goodrum, CEH
http://www.nfr.com

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Julian Totzek: "local proxy udp 53"
• Previous message: Julian Totzek: "AW: pushing exploits through the Firewall"
• Next in thread: Nicob: "Re: IPv6 Security Scanner"
• Reply: Nicob: "Re: IPv6 Security Scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:31 EDT