[ipv6hackers] flood_router6 oddity
Marc Heuse
mh at mh-sec.de
Sat Oct 13 18:24:28 CEST 2012
Hi,
I have seen this oddity too. All other systems configuring addresses,
and the safer ones until the limited (e.g. 255 for Solaris) but Linux
not setting a single one when flooding.
that being said, I recommend flood_router26 (new in 2.0) instead of
flood_router6. Its way more effective and also affects *BSD with a new
attack vector.
Greets,
Marc
Am 13.10.2012 03:04, schrieb Karl Auer:
> I've been playing about with Marc Heuse's stuff today.
>
> When I use flood_router6, a Windows VM fills up with SLAAC addresses
> (about 3400 at last count - it didn't seem to go much over that, but it
> may have slowed too far to process more). That's temp, random and LL
> addresses together. A Linux box on the same link ignored the advertised
> prefixes altogether. Why? When I used fake_router6 to fake a single
> prefix, the Linux box picked it up fine.
--
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers
mailing list