Magic Banana suggested a useful script to provide IPv6 addresses with :000x,
:00xx, and :0xxx fields:
$ prefix=0123:4567; sample_size=10; od -A n -N $(expr $sample_size \* 48)
-dw8 /dev/urandom | awk -Mv prefix=$prefix -v PREC=64 'NR % 6 == 1 { printf
prefix } { n = 0; for (p = 0; p != 4; ++p) n += $(p + 1) * 65536^p; n *=
6.3250068069543573221e-19; cdf = 1; for (i = 2; n > cdf; ++i) cdf += 1 / i;
printf ":%04x", i - 2 } NR % 6 == 0 { print "" }'
As a test, I applied the Magic Banana script to a specific CIDR block's
prefix:
prefix=2a02:2788 ; sample_size=4096; od -A n -N 196608 -dw8 /dev/urandom |
awk -Mv prefix=$prefix -v PREC=64 'NR % 6 == 1 { printf prefix } { n = 0; for
(p = 0; p != 4; ++p) n += $(p + 1) * 65536^p; n *= 6.3250068069543573221e-19;
cdf = 1; for (i = 2; n > cdf; ++i) cdf += 1 / i; printf ":%04x", i - 2 } NR %
6 == 0 { print "" }' > IPv6-SS.IPv6-NLU-2a02.2788.MB4420-4096.txt
That script generates a 164KB file with 4096 entries in about five minutes
real time.
Let's count the :0xxx, :00xx and :000x occurrences.
See: https://www.tecmint.com/count-word-occurrences-in-linux-text-file/
Where it's said: grep -o -i mauris example.txt | wc -l
grep -c -o -i :0 IPv6-SS.IPv6-NLU-2a02.2788.MB4420-4096.txt ==> 4095
grep -c -o -i :00 IPv6-SS.IPv6-NLU-2a02.2788.MB4420-4096.txt ==> 4053
grep -c -o -i :000 IPv6-SS.IPv6-NLU-2a02.2788.MB4420-4096.txt ==> 3599
Extending Magic Banana's reasoning about the relative frequency of
occurrences of :0001, :0002 and :0003, the
relative frequencies of the occurrences of :0xxx, :00xx, and :000x in a
4096-row list of IPv6 addresses ought
to be 256/4096, 16/4096, and 1/4096, respectively. In a 65,536-address list,
prefix::0/128 may happen just once.
Then I used nmap to evaluate those addresses:
nmap -6 -sn -T4 -sL -iL IPv6-SS.IPv6-NLU-2a02.2788.MB4420-4096.txt | grep
"Nmap scan report for " - | tr -d '()' | sort -k5 | awk 'NR >= 1 { print $5,
$6 }' | awk 'NR >= 1 { print $2, $1 }' | uniq -Df 1 | sed '/^\s\s*/d' | awk
'{ print $2 "\t" $1 }' >> Multi-IPv6-SS.IPv6-NLU-2a02.2788.MB4420-4096.txt
This script resolves 4064 of the 4096 addresses as host.dynamic.voo.be in
fifteen seconds real time.
Enumerating the output file from the nmap script:
awk '{print $2,$1}' 'Multi-IPv6-SS.IPv6-NLU-2a02.2788.MB4420-4096.txt' |
sort -k 2 | uniq -cdf 1 | awk '{print $3"\t"$1}' '-' >
Multi-IPv6-SS.IPv6-NLU-2a02.2788.MB4420-4096.Tally.txt
The output file reads: "host.dynamic.voo.be 4064"
That's because the first 32 of the 4096 addresses return NXDOMAIN.
CIDR blocks with less intensely multi-addressed PTR's will reveal lists of
all the different multi-addressed PTR's with
these scripts. However, the more addresses that are included in the
randomized search, the more (and different !)
multi-addressed PTR's will be found.
It would appear that one needs to concatenate the variously randomized lists
of addresses, eliminate duplicates, and
then apply the last pair of scripts to achieve a relatively accurate
evaluation of the target CIDR block. Could it be
that the 79,228,162,514,264,337,593,543,950,336 addresses in 2a02:2788::/32
are dynamically generated on demand ?
George Langford
