Do you know how to access an IPv6 address in the browser? We do.

We’ve been around since days of 6-to-4 NAT redirection tunneling. Years before the IPv6 launch day (June 8, 2011), we were tinkering with it, discovering buggy behaviour and implementing workarounds.

Yet, unsurprisingly, it’s not gained widespread adoption. Yet it’s one of the most important parts of network security, since techncially all IPv6 addresses are globally addressable. While making FTP and web functionality seamless, bypassing NAT can present tricky issues; and for most people, just reading an IPv6 address can cause your eyes to go cross-eyed.

Fear not. We’re IPv6 fans and can help.

We use useful tools like this:

…to help create IPv6 native networks, and ensure your users and network admins can easily administer and manage these networks, while providing increased performance.

Some additional notes:

= IPv6 notes =

= Questions =

  • How to limit to LAN? How to make global? can I access my servers globally?
  • How can I manually define ipv6? (dead:beef and cafe:babe)
  • % – what’s the % sign?
  • IPv6 localhost stuff – what’ each of these:

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

= Overview =

  • “Route aggregation” of sub routes.
  • Globally addressable…. ugh… firewalls UP
  • SLAAC – stateless autoconfig
    ** IPv6 hosts configure themselves automatically. Every interface has a self-generated link-local address and, when connected to a network, conflict resolution is performed and routers provide network prefixes via router advertisements.[18] Stateless configuration of routers can be achieved with a special router renumbering protocol.[19] When necessary, hosts may configure additional stateful addresses via Dynamic Host Configuration Protocol version 6 (DHCPv6) or static addresses manually.
    */128, /64 default spaces
  • /64 is SMALLEST subnet size – half and half. 8×8 = 64
  • ::1 == loopback
  • FE80::/10 = These are comparable to the address block in IPv4, the stateless address auto-configuration blocks. The IPv6 protocol requires link-local addresses, even if you are using other assigned addresses. ?? – why need? “link-local”
  • How to access in browser – use [bracket]
  • Multicasting

= nmap =

  • ?? Howto: Nmap scan ipv6 lan?
  • Scan localhost:
    ** nmap -6 ::1 – scan loopback (ip6-localhost)
  • nmap can also fingerprint a system, checking feature avail, hex dump.
  • nmap example of attacks on 6:
  • Scan lan:
I would assume that the range you are trying to scan is fe80:0000:0000:0000:0000:0000:0000:0000/112 which is the last 16 bits (the last section) of the address. That range includes 65,536 IPv6 addresses, probably all of which are going to time out when scanned. It will probably take most of a day (86,400 seconds - close enough to 65,536 at one second per timeout on average) just to ping that range to determine whether the machines are up or not. 

But such small ranges are rarely seen. ISPs are often handing customers a /64 range each, (and it seems this is what you have) meaning that the customer has 18,446,744,073,709,551,616 individual IPv6 addresses. Scanning a single customer like this would take years.

There are discovery protocols ( that exist to allow you to find the exact IP address you need rather than scanning the entire range and these might be a better place to start.
  • another answer: Scanning your local subnet for all IPv6-enabled systems in one shot:
    ** nmap -6 –script=targets-ipv6-multicast-*
  • Port scanning the top 10000 ports on these assets:
    ** nmap -6 –script=targets-ipv6-multicast-* –script-args=newtargets -PS –top-ports=10000