XMap 是一款兼含 IPv6 与 IPv4 网络空间探测功能的快速扫描器,并且也是第一款学术界+工业界中专门用于 IPv6 资产快速扫描的工具。其参考 ZMap 的原理进行开发,从底层完全改写了 ZMap 的核心代码,将 ZMap 在 IPv4 网络空间的多种扫描优势移植到 IPv6 空间,并且结合我们自身最新的研究发现,增添了 IPv6 设备快速发现技术以及多端口扫描功能,且完全兼容 ZMap,具备“5分钟”扫描32位网络空间的能力。
XMap 适用于 GNU/Linux,Mac OS 和 BSD 操作系统,已经支持 ICMP Echo,TCP SYN 和 UDP 扫描。
结合应用层扫描工具 ZGrab2, XMap 可以发挥更多的扫描功能。
安装
XMap 最新版本为 v1.0.0,目前仅支持编译安装。
安装步骤详见 INSTALL 文件。
使用
XMap GitHub。
详细使用步骤见 GitHub Wiki。
简易实用命令见 USAGE。
论文
Fast IPv6 Network Periphery Discovery and Security Implications.
Abstract. Numerous measurement researches have been performed to discover the IPv4 network security issues by leveraging the fast Internet-wide scanning techniques. However, IPv6 brings the 128-bits address space and renders brute-force network scanning impractical. Although significant efforts have been dedicated to enumerating active IPv6 hosts, limited by technique efficiency and probing accuracy, large-scale empirical measurement studies under the increasing IPv6 networks are infeasible now.
To fill this research gap, by leveraging the extensively adopted IPv6 address allocation strategy, we propose a novel IPv6 network periphery discovery approach. Specifically, XMap, a fast network scanner, is developed to find the periphery, such as a home router. We evaluate it on twelve prominent Internet service providers and harvest 52M active peripheries. Grounded on these found devices, we explore IPv6 network risks of the unintended exposed security services and the flawed traffic routing strategies. First, we demonstrate the unintended exposed security services in IPv6 networks, such as DNS, and HTTP, have become emerging security risks by analyzing 4.7M peripheries. Second, by inspecting the periphery’s packet routing strategies, we present the flawed implementations of IPv6 routing protocol affecting 5.8M router devices. Attackers can exploit this common vulnerability to conduct effective routing loop attacks, inducing DoS to the ISP’s and home routers with an amplification factor of >200. We responsibly disclose those issues to all involved vendors and ASes and discuss mitigation solutions. Our research results indicate that the security community should revisit IPv6 network strategies immediately.
Authors. Xiang Li, Baojun Liu, Xiaofeng Zheng, Haixin Duan, Qi Li, Youjun Huang.
Conference. Proceedings of the 2021 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ‘21)
Paper. [PDF], [Slides] and [Video].
CNVD/CNNVD/CVE. (109/2/22)
CNVD-2021-03270 CNVD-2021-03271 CNVD-2021-03291 CNVD-2021-03312
CNVD-2021-03318 CNVD-2021-03320 CNVD-2021-03326 CNVD-2021-03327
CNVD-2021-03328 CNVD-2021-03331 CNVD-2021-03375 CNVD-2021-03376
CNVD-2021-03380 CNVD-2021-03399 CNVD-2021-03423 CNVD-2021-03424
CNVD-2021-03425 CNVD-2021-03473 CNVD-2021-03495 CNVD-2021-03503
CNVD-2021-03505 CNVD-2021-03507 CNVD-2021-03508 CNVD-2021-03511
CNVD-2021-04817 CNVD-2021-04818 CNVD-2021-04829 CNVD-2021-04830
CNVD-2021-05370 CNVD-2021-05371 CNVD-2021-05372 CNVD-2021-05373
CNVD-2021-05374 CNVD-2021-05375 CNVD-2021-05380 CNVD-2021-05435
CNVD-2021-05470 CNVD-2021-05472 CNVD-2021-05492 CNVD-2021-05493
CNVD-2021-06623 CNVD-2021-06624 CNVD-2021-06625 CNVD-2021-06626
CNVD-2021-06627 CNVD-2021-06628 CNVD-2021-06629 CNVD-2021-08384
CNVD-2021-08385 CNVD-2021-08386 CNVD-2021-08387 CNVD-2021-08388
CNVD-2021-08389 CNVD-2021-08390 CNVD-2021-08391 CNVD-2021-08394
CNVD-2021-08395 CNVD-2021-10397 CNVD-2021-10398 CNVD-2021-10399
CNVD-2021-10400 CNVD-2021-10401 CNVD-2021-10402 CNVD-2021-10403
CNVD-2021-10404 CNVD-2021-10405 CNVD-2021-10406 CNVD-2021-10407
CNVD-2021-10408 CNVD-2021-10409 CNVD-2021-10410 CNVD-2021-10411
CNVD-2021-10412 CNVD-2021-10413 CNVD-2021-10414 CNVD-2021-10415
CNVD-2021-10416 CNVD-2021-10417 CNVD-2021-10418 CNVD-2021-10419
CNVD-2021-10420 CNVD-2021-10421 CNVD-2021-10422 CNVD-2021-10423
CNVD-2021-10424 CNVD-2021-10425 CNVD-2021-12861 CNVD-2021-12883
CNVD-2021-12886 CNVD-2021-12887 CNVD-2021-12890 CNVD-2021-13250
CNVD-2021-13251 CNVD-2021-13252 CNVD-2021-13253 CNVD-2021-13254
CNVD-2021-13255 CNVD-2021-13256 CNVD-2021-13257 CNVD-2021-13259
CNVD-2021-13260 CNVD-2021-13261 CNVD-2021-13469 CNVD-2021-16327
CNVD-2021-16400 CNVD-2021-29189 CNVD-2021-29190 CNVD-2021-29191
CNNVD-202102-570 CNNVD-202103-1624 CNNVD-202104-652
CNNVD-202104-659 CNNVD-202104-697
CVE-2021-3107 CVE-2021-3108 CVE-2021-3112
CVE-2021-3125 CVE-2021-3128 CVE-2021-3173 CVE-2021-3379
CVE-2021-21727 CVE-2021-22161 CVE-2021-22162 CVE-2021-22163
CVE-2021-22164 CVE-2021-22165 CVE-2021-23238 CVE-2021-23268
李想
清华大学博士研究生(网络空间安全)
李想,清华大学网络科学与网络空间研究院五年级博士研究生,导师为李琦副教授和段海新教授。研究方向为网络与协议安全,已发表论文17篇(含一作6篇:在网络安全四大顶会均有发表、通讯1篇、二作3篇),授权专利1项,在Black Hat多次分享,获得190+CVE等漏洞编号,306+GitHub stars。研究获得多个政府及大学CERT安全公告、60+媒体报道,并被纳入RFC标准文档。其也获得了多项奖项荣誉,如IPv6创新大赛一等奖、GeekCon国际安全极客大赛亚军、王大中奖学金、博士研究生国家奖学金、清华优秀奖学金等。
