[ipv6hackers] flood_router6 oddity
Karl Auer
kauer at biplane.com.au
Sun Oct 14 01:15:03 CEST 2012
On Sat, 2012-10-13 at 16:18 +0200, Fernando Gont wrote:
> 1) How did you run fake_router6?
Do you mean flood_router6?
sudo ./flood_router6 wlan0
> 2) Could you share the packet trace (decoded (in the body of an email),
> or either post the URL of a pcap file)
Um - next time I try it, maybe.
> -- This is to answer these questions:
> a) is the tool advertising many prefixes in the same RA? Just sending
> multiple RAs? Something else?
The tool is sending out many RA's. Wireshark shows hundreds of packets.
> b) What's the difference between the packets accepted by Linux, and the
> ones ignored by Linux?
A different prefix, but all the flooded ones are in the same /32, they
may even all be in the same /48. Working from memory now. Perhaps I
should check the source. It's not a big program!
I'll see if flood_router26 has the same effect. If it does, then perhaps
a simple configurable delay between the RA packets would be of use.
When I play again, I will follow up these questions. Interesting that
Marc has seen the same oddity.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://www.biplane.com.au/blog
GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
More information about the Ipv6hackers
mailing list