[ipv6hackers] flood_router6 oddity

Karl Auer kauer at biplane.com.au
Sun Oct 14 01:15:03 CEST 2012

On Sat, 2012-10-13 at 16:18 +0200, Fernando Gont wrote:
> 1) How did you run fake_router6?

Do you mean flood_router6?

   sudo ./flood_router6 wlan0

> 2) Could you share the packet trace (decoded (in the body of an email),
> or either post the URL of a pcap file)

Um - next time I try it, maybe.

>  -- This is to answer these questions:
>  a) is the tool advertising many prefixes in the same RA? Just sending
> multiple RAs? Something else?

The tool is sending out many RA's. Wireshark shows hundreds of packets.

>  b) What's the difference between the packets accepted by Linux, and the
> ones ignored by Linux?

A different prefix, but all the flooded ones are in the same /32, they
may even all be in the same /48. Working from memory now. Perhaps I
should check the source. It's not a big program!

I'll see if flood_router26 has the same effect. If it does, then perhaps
a simple configurable delay between the RA packets would be of use.

When I play again, I will follow up these questions. Interesting that
Marc has seen the same oddity.

Regards, K.

Karl Auer (kauer at biplane.com.au)

GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687

More information about the Ipv6hackers mailing list