Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IPv6 Security Scanner

from [dgoodrum] Network Security [Permanent Link]
Subject: IPv6 Security Scanner
Date: 13 Feb 2006 20:40:23 -0000 
Hi list,

I'm looking for a scanning tool that is capable of scanning IPv6 addresses for 
vulnerabilities.  I briefly googled "IPv6 Security Scanner" and also checked 
out nessus.org to see if they had any documentation as to whether they 
supported vulnerability scanning for IPv6 devices, but didn't find anything 
other than a few IPv6 port scanners.  I don't want tools that are just port 
scanners.  I know nmap now supports IPv6, but I'm looking for something a 
little deeper than port scanning.

I probably need a tool that can be triggered from command line also.

Preferably the tool would run on Linux or Solaris... I could probably make 
windows work if I had to, but I'd rather not.

Here's why.... I'm implementing NFR's IDS product at a client where we'll use 
the product to passively detect new IPv6 rogues as soon as they come on the 
network and then automatically trigger an active vulnerability scan.  I will 
probably use nmap with it's "advanced version detection system", for 
proof-of-concept, but I'd like to know if there are other options available.

The jist of the project I'm working on started because there is a belief that 
when IPv6 rolls out, active scanning will become a thing of the past due to the 
large number of potential addresses on a given subnet.  i.e. the smallest IPv6 
subnet address range is millions of times larger than the entire IPv4 address 
range, implying that it will take a VERY VERY long time to scan the full 
address range.  So, rather than actively scan a range looking for hosts to 
check for vulnerabilities, we're hoping to solve the problem by passively 
finding IP addresses as soon as they talk on the network and then triggering 
the scan.  Comments on these assertions/ideas are very welcome.

thanks,

dave
--------
David W. Goodrum, CEH
http://www.nfr.com

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AW: pushing exploits through the Firewall, Julian Totzek
Next by Date:  local proxy udp 53, Julian Totzek
Previous by Thread:  AW: pushing exploits through the Firewall, Julian Totzek
Next by Thread:  Re: IPv6 Security Scanner, Nicob
Indexes:  [Date] [Thread] [Top] [All Lists]