IPv6 address predictability script

The following script fetches the root zone, looks at AAAA glue records in there, and does some analysis regarding predictability.

Enjoy, please do not abuse :

#!/bin/sh
#
# By Marc Lampo,
# http://www.lampo-netsec.eu
# marc@lampo-netsec.eu

root=root.`date +%Y%m`

if [ ! -r $root ]
then
  rm -f root.20???? glue.A* unique.glue.AAAA
  dig -4 @xfr.lax.dns.icann.org. . axfr >$root
fi

awk '$4 == "AAAA" { print; }' $root >glue.AAAA
awk '$4 == "A" { print $NF; }' $root >glue.A

awk '{print $NF;}' <glue.AAAA | sort | uniq -c | sort -rn >unique.glue.AAAA

echo -n "Number of unique AAAA glue records : "
  wc -l <unique.glue.AAAA
echo

echo -n "Number of AAAA records terminating in ::1  : "
  grep '::1$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::2  : "
  grep '::2$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::3  : "
  grep '::3$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::4  : "
  grep '::4$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::5  : "
  grep '::5$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::6  : "
  grep '::6$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::7  : "
  grep '::7$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::8  : "
  grep '::8$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::9  : "
  grep '::9$' unique.glue.AAAA | wc -l

echo -n "Number of AAAA records terminating in ::53 : "
  grep '::53$' unique.glue.AAAA | wc -l
echo

echo -n "Number of AAAA records have all but last host byte == 0 : "
awk '{ print $2; }' unique.glue.AAAA | \
  egrep '([0-9a-f]+:){2,4}:[0-9a-f]{1,2}$' | \
  wc -l
echo

echo -n "Number of AAAA records have last two network bytes == 0 : "
awk '{ print $2; }' unique.glue.AAAA | \
  egrep '([0-9a-f]+:){2,3}:' | \
  wc -l
echo

echo "Number of AAAA records with last network byte == 0 in same /120 : "
awk '{ print $2; }' unique.glue.AAAA | \
  egrep '([0-9a-f]+:){2,3}:' | \
  sed '/[0-9a-f]*[0-9a-f]$/s///' | \
  sort | uniq -c | sort -rn | \
  awk '$1 > 5 { printf ("%4d in %s/120\n", $1, $2); }'
echo

echo "AAAA records that terminate in IPv4 address (with . --> :) :"
for a in `cat glue.A | sort | uniq -c | awk '{print $2;}'`
do
   (
      echo ${a}
      grep "${a}$" glue.AAAA
   ) | awk '
NF == 1  { ipv4=$1; }
NF == 5  { printf ("%23s : %15s  & %32s\n", $1, ipv4, $5); }'
done

exit 0


This page has been viewed by 1187 readers.

Background: locked serverrack