[ipv6hackers] Neighbor advertisement router flag

Marc Heuse mh at mh-sec.de
Mon Apr 15 14:05:14 CEST 2013


On 15.04.2013 11:23, Fernando Gont wrote:> Hi, Marc,
>
> This one is described in Section 3.4 of
> <http://tools.ietf.org/html/draft-gont-opsec-ipv6-nd-security-01>:
>
> [...]
>
> Cheers,
> Fernando

good, so at least "one from the team" spotted this! :-)

but then again, as I havent seen it anywhere being talked about, so its
a good thing that it got mentioned once here, to increase awareness (and
document this inn the mailing-list archive).

Greets,
Marc

> On 04/15/2013 02:05 AM, Marc Heuse wrote:
>> I guys,
>>
>> in a training, one of the attendees spotted something special in the RFC
>> I had overseen so far - this is another easy way to remove the valid
>> default gateway. I do not want to take credit for this, so with his OK,
>> I forward his email. Enjoy!
>>
>> (some might know maybe, I did not :-) )
>>
>> Greets,
>> Marc
>>
>> -------- Original Message --------
>> Subject: 	Neighbor advertisement router flag
>> Date: 	Sun, 14 Apr 2013 14:54:46 +0200
>> From: 	Hendrik Schimmelpenninck <hendrik at svdo.nl>
>> To: 	mh at mh-sec.de
>>
>>
>> Hi Marc,
>>
>> Inspired after your training, I did some testing with the
>> neighbor advertisement router flag that we discussed earlier. I was able
>> to reproduce the behaviour that the RFC 4861 describes in 7.2.5 II.
>>
>> After sending a (unsolicited) neighbor advertisement for the current
>> default router with the router set to false, both Ubuntu 12.04 and
>> Windows 7 remove the router from the default router list.
>>
>> I thought this could make a good addition to kill_router6, for when the
>> RA lifetime 0 attack might not work. I would like to add it to your
>> code, but I am not familiar enough with C and your framework yet. I will
>> try and get into your code, but it will probably take a while. Also,
>> I'll have some other operating systems to test it on next week.
>>
>> Thanks again for the training, I had a blast!
>>
>> Regards,
>> Hendrik

--
Marc Heuse
www.mh-sec.de

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A



More information about the Ipv6hackers mailing list