[ipv6hackers] IPv6 Security research
Fernando Gont
fgont at si6networks.com
Sun Mar 25 21:55:18 CEST 2012
Hi, Fyodor,
On 03/23/2012 05:07 PM, Fyodor wrote:
> 3. Send an ICMPv6 router acknowledgement packet with a random address
> prefix, causing hosts to begin stateless address auto-configuration
> (SLAAC) and send a solicitation for their newly configured
> address. We can then guess the remote addresses by combining the
> link-local prefix of the interface with the interface identifier in
> each of the received solicitations.
Maybe there's a writeo in the documentation?
> An ordinary ICMPv6 neighbor
> discovery probe can then be used to verify that the guessed
> addresses are correct. This is implemented within our
> targets-ipv6-multicast-slaac script
> (http://nmap.org/nsedoc/scripts/targets-ipv6-multicast-slaac.html).
I don't quite understand this vector. i.e., this seems more of a DoS,
rather than a host scanning "attack". i.e., you're causing nodes to
*configure* addresses rather than discovering which addresses they are
already using.
Am I missing something?
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list