1

Usually with IPv4 and NAT you can only access a device behind a router if the router is port-forwarded correctly or is the router's DMZ. When behind the router you can easily scan for the IPs behind the router, usually in the 192.168.0.1/24 or 10.0.0.1/24 subnets.

I was just wondering if it is possible to find the IPv6 addresses associated with these devices behind the router.

I know you can access the router and view these IPv6 addresses, but is there another way to scan for and discover the IPv6 addresses of all the devices behind the router?

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Sam
  • 11
  • 2

1 Answers1

3

You can't, as there are too many addresses to scan for. Typically a residential ISP will assign a /64 subnet per customer, which means there are 18446744073709551616 possible addresses behind that router. That is a lot of IPs to scan.

Also, the fact that IPv6 addresses are publicly routable doesn't mean the router can't get in the way and firewall off your scanning attempts. While most consumer-grade routers are crap and don't support that, it is quite easy to configure with any decent Linux distribution. I assume business-grade routers such as Cisco also support it.

André Borie
  • 12,706
  • 3
  • 39
  • 76
  • One small note: a residential that only assigns one /64 per customer is insane and ignoring all the best practices. A residential user should be given at least a /56 or a /48. Anything less is ruining the whole concept of IPv6. – Sander Steffann May 19 '16 at 09:34