![]() ![]() Notably:Īnd many others, including the GRC Shields Up! port scanner mentioned in other comments in this thread:Īs such, unless you're going to use Shodan services, or want to know what information they have about you, it seems like there are other, better tools out there. There are rafts of online tools to check for vulnerabilities in specific services. I'll go further and say that while the information provided is absolutely useful, depending on the services you're exposing to the Internet, there are other tools that will give you much more useful, actionable information. ![]() I guess this can be useful if you don't know what's going on with your internet connection.Īlthough the fact that the "results" are cached arguably makes this less useful than GRC and other sites that will actively scan your IP (range).Īnd even though they provide a timestamp for the reported information (different for different ports by 24 hours or so, at least for me), I'd personally prefer an active scan over a database lookup if I want to know what's going on. If your "promising methods of host discovery" extend radially beyond that, I'd be super interested if you're prepared to share them? I'm guessing there are people popping log files and monitoring major traffic interchanges, and creating their own haveibeenpwned-style lists of IPv6 addresses that're actually in use, then selectively scanning them and probably the closely related subnets of them. Any IPv6 address that's doing anything on the internet leaves traces of it's existence/activity somewhere. This mostly just moves the problem from brute forcing into dictionary attacks though, similar to how passwords get mostly attacked these days. It's possible you've got a technique to find "a reasonable percentage" of all devices listening/responding on IPv6 addresses, but unless 10^-22% is "a reasonable percentage" - then no, you can't randomly portscan IPv6 and ever even realistically expect to connect to anything at all, never mind come up with some Shonan-Like map of almost the entire address space. If you can scan all of 2^32 addresses in IPv4 in ~5mins (as suggested elsewhere in this thread), then it'd take something like 75,000,000,000,000,000,000,000 years to do the same for all 2^128 addresses in IPv6. > You obviously can't guarantee 100% coverage, but you can get a reasonable percentage without having to do an exhaustive incremental scan.ĭepends on what you mean by "a reasonable percentage" there. Nmap done: 1 IP address (0 hosts up) scanned in 3.07 seconds If it is really up, but blocking our ping probes, try -PN Here's a if you are getting forbidden and just want to see what a result looks like ![]()
0 Comments
Leave a Reply. |