[ipv6hackers] Neighbor advertisement router flag
Marc Heuse
mh at mh-sec.de
Mon Apr 15 09:05:32 CEST 2013
I guys,
in a training, one of the attendees spotted something special in the RFC
I had overseen so far - this is another easy way to remove the valid
default gateway. I do not want to take credit for this, so with his OK,
I forward his email. Enjoy!
(some might know maybe, I did not :-) )
Greets,
Marc
-------- Original Message --------
Subject: Neighbor advertisement router flag
Date: Sun, 14 Apr 2013 14:54:46 +0200
From: Hendrik Schimmelpenninck <hendrik at svdo.nl>
To: mh at mh-sec.de
Hi Marc,
Inspired after your training, I did some testing with the
neighbor advertisement router flag that we discussed earlier. I was able
to reproduce the behaviour that the RFC 4861 describes in 7.2.5 II.
After sending a (unsolicited) neighbor advertisement for the current
default router with the router set to false, both Ubuntu 12.04 and
Windows 7 remove the router from the default router list.
I thought this could make a good addition to kill_router6, for when the
RA lifetime 0 attack might not work. I would like to add it to your
code, but I am not familiar enough with C and your framework yet. I will
try and get into your code, but it will probably take a while. Also,
I'll have some other operating systems to test it on next week.
Thanks again for the training, I had a blast!
Regards,
Hendrik
--
Marc Heuse
www.mh-sec.de
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers
mailing list