
Scanning firewalls for differences in IPv4 and IPv6 rules - internetwache
https://0day.work/finding-differences-in-ipv4-and-ipv6-firewalls/
======
NetStrikeForce
Very interesting article!

I'm guessing the "anti-portscan technique" is probably just a security device
establishing the TCP connection before sending any packets to the real server,
although in my opinion you shouldn't be doing this for ports with no service
actually listening on them. This is usually known as SYN-proxy.

I was thinking also that for IPv6 addresses not returning the same results as
their IPv4 counterparts, it would be interesting to measure latency and run
traceroutes to try to guess if they're actually pointing to the same machine
in the same datacenter.

Finally, you might have a service listening on one of your IP addresses and
not on the others, so that would also make a difference without being a
firewall misconfiguration.

The possibilities are many, so it would be great to see if the author extends
his research in the near future. I hope he does! :)

