[ipv6hackers] Neighbor advertisement router flag

Antonios Atlasis antonios.atlasis at gmail.com
Mon Apr 15 09:30:45 CEST 2013


The devil is in the details. Congrats!

I haven't spotted it before either.

Antonios


2013/4/15 Marc Heuse <mh at mh-sec.de>

> I guys,
>
> in a training, one of the attendees spotted something special in the RFC
> I had overseen so far - this is another easy way to remove the valid
> default gateway. I do not want to take credit for this, so with his OK,
> I forward his email. Enjoy!
>
> (some might know maybe, I did not :-) )
>
> Greets,
> Marc
>
> -------- Original Message --------
> Subject:        Neighbor advertisement router flag
> Date:   Sun, 14 Apr 2013 14:54:46 +0200
> From:   Hendrik Schimmelpenninck <hendrik at svdo.nl>
> To:     mh at mh-sec.de
>
>
> Hi Marc,
>
> Inspired after your training, I did some testing with the
> neighbor advertisement router flag that we discussed earlier. I was able
> to reproduce the behaviour that the RFC 4861 describes in 7.2.5 II.
>
> After sending a (unsolicited) neighbor advertisement for the current
> default router with the router set to false, both Ubuntu 12.04 and
> Windows 7 remove the router from the default router list.
>
> I thought this could make a good addition to kill_router6, for when the
> RA lifetime 0 attack might not work. I would like to add it to your
> code, but I am not familiar enough with C and your framework yet. I will
> try and get into your code, but it will probably take a while. Also,
> I'll have some other operating systems to test it on next week.
>
> Thanks again for the training, I had a blast!
>
> Regards,
> Hendrik
>
>
> --
> Marc Heuse
> www.mh-sec.de
>
> PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A
>
>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>



-- 
=====================
Antonios Atlasis, PhD, MPhil
GXPN, GREM, GPEN, GWAPT, CCIH, GCIA



More information about the Ipv6hackers mailing list