Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4.
Link local address is a special type of address intended for communications within the local network segment or a point-to-point connection. Routers do not forward packets with link local address.
If you would recall, if a host doesn't have any IP address assigned and also failed to receive a DHCP address, the host gets assigned an address within the 169.254.0.0/16 block. That is an IPv4 link local address. In IPv6, the equivalent link local address gets a FE80::/10 prefix.
Although this type of address are not routable, meaning it's not inteded to be routed on the public internet but instead to be routed within a site or organization. It is required for IPv6 sublayer operations of the Neighbor Discovery Protocol and used for stateless autoconfiguration; through which, the host can get additional IPv6 addresses assigned to its interfaces.
One can identify an IPv6 Link Local Address by examining its first 10 bits, it should match 1111111010 which when padded with 2 additional 0's to form 3 hexadecimal digits should yeild FE8 and finally form FE80::/10 in CIDR format.
Click on this link to examine Link Local address using the Advanced Online IPv6 Subnet Calculator: FE80:0000:0000:0000:0000:5AFE:00AA:20A2
The link-local unicast address can be used only on the local network link. Link-local addresses are not valid nor recognized outside the enterprise. The following example shows the format of the link-local address.
A link-local prefix has the following format:
fe80::interface-ID/10
The following is an example of a link-local address:
fe80::23a1:b152
IPv6 supports the use of multicast addresses. The multicast address identifies a multicast group, which is a group of interfaces, usually on different nodes. An interface can belong to any number of multicast groups. If the first 16 bits of an IPv6 address is ff00n, the address is a multicast address.
Multicast addresses are used for sending information or services to all interfaces that are defined as members of the multicast group. For example, one use of multicast addresses is to communicate with all IPv6 nodes on the local link.
When an interface's IPv6 unicast address is created, the kernel automatically makes the interface a member of certain multicast groups. For example, the kernel makes each node a member of the Solicited Node multicast group, which is used by the Neighbor Discovery protocol to detect reachability. The kernel also automatically makes a node a member of the All-Nodes or All Routers multicast groups.
For detailed information about multicast addresses, refer to IPv6 Multicast Addresses in Depth. For technical information, see RFC 3306, Unicast-Prefix-based IPv6 Multicast Addresses, which explains the multicast address format. For more information about the proper use of multicast addresses and groups, RFC 3307, Allocation Guidelines for IPv6 Multicast Addresses.
IP Multicast Address Ranges and Uses
Useful Multicast Addresses:
• FF02::1 – All nodes
• FF02::2 - All routers
IPv6 anycast addresses identify a group of interfaces on different IPv6 nodes. Each group of interfaces is known as an anycast group. When a packet is sent to the anycast address, the anycast group member that is physically closest to the sender receives the packet.
The number of subnets possible with x subnetting bits is 2x. So if we have 4 subnetting bits, then we can create 24=16 new subnets.
::1/128 is the loopback address.
::FFFF:0:0/96 are the IPv4-mapped addresses.
fe80::/10 are the link-local unicast.
2001:db8::/32 are the documentation addresses.
ff00::/8 are multicast addresses
Nmap scan IPv6
https://github.com/zbetcheckin/IPv6
https://subnettingpractice.com/cheatsheet.html
https://www.tutorialspoint.com/ipv6/index.htm
https://www.slideshare.net/camsec/ipv6-for-pentesters
https://www.sans.org/reading-room/whitepapers/detection/complete-guide-ipv6-attack-defense-33904
Link-Local Unicast Address
Link local address is a special type of address intended for communications within the local network segment or a point-to-point connection. Routers do not forward packets with link local address.
If you would recall, if a host doesn't have any IP address assigned and also failed to receive a DHCP address, the host gets assigned an address within the 169.254.0.0/16 block. That is an IPv4 link local address. In IPv6, the equivalent link local address gets a FE80::/10 prefix.
Although this type of address are not routable, meaning it's not inteded to be routed on the public internet but instead to be routed within a site or organization. It is required for IPv6 sublayer operations of the Neighbor Discovery Protocol and used for stateless autoconfiguration; through which, the host can get additional IPv6 addresses assigned to its interfaces.
One can identify an IPv6 Link Local Address by examining its first 10 bits, it should match 1111111010 which when padded with 2 additional 0's to form 3 hexadecimal digits should yeild FE8 and finally form FE80::/10 in CIDR format.
Click on this link to examine Link Local address using the Advanced Online IPv6 Subnet Calculator: FE80:0000:0000:0000:0000:5AFE:00AA:20A2
The link-local unicast address can be used only on the local network link. Link-local addresses are not valid nor recognized outside the enterprise. The following example shows the format of the link-local address.
A link-local prefix has the following format:
fe80::interface-ID/10
The following is an example of a link-local address:
fe80::23a1:b152
- fe80
- Hexadecimal representation of the 10-bit binary prefix 1111111010. This prefix identifies the type of IPv6 address as link local.
- interface-ID
- Hexadecimal address of the interface, which is usually derived from the 48-bit MAC address.
Multicast Addresses
IPv6 supports the use of multicast addresses. The multicast address identifies a multicast group, which is a group of interfaces, usually on different nodes. An interface can belong to any number of multicast groups. If the first 16 bits of an IPv6 address is ff00n, the address is a multicast address.
Multicast addresses are used for sending information or services to all interfaces that are defined as members of the multicast group. For example, one use of multicast addresses is to communicate with all IPv6 nodes on the local link.
When an interface's IPv6 unicast address is created, the kernel automatically makes the interface a member of certain multicast groups. For example, the kernel makes each node a member of the Solicited Node multicast group, which is used by the Neighbor Discovery protocol to detect reachability. The kernel also automatically makes a node a member of the All-Nodes or All Routers multicast groups.
For detailed information about multicast addresses, refer to IPv6 Multicast Addresses in Depth. For technical information, see RFC 3306, Unicast-Prefix-based IPv6 Multicast Addresses, which explains the multicast address format. For more information about the proper use of multicast addresses and groups, RFC 3307, Allocation Guidelines for IPv6 Multicast Addresses.
IP Multicast Address Ranges and Uses
Range
Start Address
|
Range
End Address
|
Description
|
224.0.0.0
|
224.0.0.255
|
Reserved for
special “well-known” multicast addresses.
|
224.0.1.0
|
238.255.255.255
|
Globally-scoped
(Internet-wide) multicast addresses.
|
239.0.0.0
|
239.255.255.255
|
Administratively-scoped
(local) multicast addresses.
|
Useful Multicast Addresses:
• FF02::1 – All nodes
• FF02::2 - All routers
Anycast Addresses and Groups
IPv6 anycast addresses identify a group of interfaces on different IPv6 nodes. Each group of interfaces is known as an anycast group. When a packet is sent to the anycast address, the anycast group member that is physically closest to the sender receives the packet.
IPv6 Specifications
Address type | Binary prefix | IPv6 notation |
---|---|---|
Unspecified | 00...0 (128 bits) | ::/128 |
Loopback | 00...1 (128 bits) | ::1/128 |
Multicast | 11111111 | ff00::/8 |
Link-local unicast | 1111111010 | fe80::/64 |
Site-local unicast | 1111111011 | fec0::/10 |
Global unicast | everything else | everything else |
Unique local address (ULA) | 1111 110L | FC00::7 |
Subnet IPv6
The number of subnetting bits is the new prefix length minus the original prefix length. So there are 4 subnetting bits when a /48 is broken into /52s (52-48=4).The number of subnets possible with x subnetting bits is 2x. So if we have 4 subnetting bits, then we can create 24=16 new subnets.
::1/128 is the loopback address.
::FFFF:0:0/96 are the IPv4-mapped addresses.
fe80::/10 are the link-local unicast.
2001:db8::/32 are the documentation addresses.
ff00::/8 are multicast addresses
IPv6 network discovery
A dirty one liner to determine the IPv4, IPv6 Link-Local & Global addresses of a target(s):
atk6-alive6 eth0 -l > /dev/null; atk6-alive6 eth0 > /dev/null; arp-scan -l | head -n -
2 | tail -n +3 > arp && ip -6 neigh > neigh && for line in $(cat neigh | cut -d" " -f5
|sort -u); do grep $line arp && grep $line neigh && echo -e 'n'; done; rm arp neigh
ping6 -c 3 -I eth0 ff02::1 >/dev/null 2>&1
ip neigh | grep ^fe80
Nmap scan IPv6
nmap -e eth0 -6 -nvvvv -sV fe80::20c:29ff:fef3:3ce2
https://github.com/zbetcheckin/IPv6
https://subnettingpractice.com/cheatsheet.html
https://www.tutorialspoint.com/ipv6/index.htm
https://www.slideshare.net/camsec/ipv6-for-pentesters
https://www.sans.org/reading-room/whitepapers/detection/complete-guide-ipv6-attack-defense-33904
Pen Test Diary: Ipv6 For Pentesters >>>>> Download Now
BalasHapus>>>>> Download Full
Pen Test Diary: Ipv6 For Pentesters >>>>> Download LINK
>>>>> Download Now
Pen Test Diary: Ipv6 For Pentesters >>>>> Download Full
>>>>> Download LINK Gi