[ipv6hackers] flood_router26 video
mh at mh-sec.de
Sun Nov 11 17:40:23 CET 2012
Am 10.11.2012 20:00, schrieb Sam Bowne:
> I made a video yesterday testing flood_router26,
> and it is indeed very powerful, much more than
> I now want to understand why it works. Is there something written
> up about how it works, and exactly what it is sending?
> Perhaps a paper or conference presentation?
I presented it here:
The videos are not available yet, I guess that will take a few more weeks.
how it works is pretty simple. Each route entry in an RA packet makes
the linked list longer and takes more time, adds a neighbor entry etc.
hence using up RAM and CPU.
So if you flood the network, it is basically a similar mechanism like
the RA autoconfig flooding.
All OS with the exception of Linux (and I have not tested Solaris or
OpenBSD but everything else) is vulnerable against this one to very
different degrees, Windows gets lockedup or reboots (server 2012) other
get a high load and loose IPv6 connectivity (*BSD, OSX), etc.
How I make the attack more effective is that I put not one route entry
per RA but lots of them.
And basically the same is possible for autoconfig, if you put 16
prefix+autoconfig options in a RA packet, systems configure themselves
16 addresses ...
So thats why there are ~16 route and autoconfig option in each packet
flood_router26 generates. You can also have command line options to only
use route entries or autoconfig entries.
> I'll try figuring it out myself, but I'd like to refer to an
> authoritative source of information if possible.
well, you could just have emailed me ;-)
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers