[ipv6hackers] Neighbor advertisement router flag

George K. kargig.lists at gmail.com
Mon Apr 15 19:27:09 CEST 2013 

Hello all,

also here, slide 19:
https://void.gr/kargig/presentations/rss_2013_kargig.pdf

Cheers!


On Mon, Apr 15, 2013 at 3:05 PM, Marc Heuse <mh at mh-sec.de> wrote:

> On 15.04.2013 11:23, Fernando Gont wrote:> Hi, Marc,
> >
> > This one is described in Section 3.4 of
> > <http://tools.ietf.org/html/draft-gont-opsec-ipv6-nd-security-01>:
> >
> > [...]
> >
> > Cheers,
> > Fernando
>
> good, so at least "one from the team" spotted this! :-)
>
> but then again, as I havent seen it anywhere being talked about, so its
> a good thing that it got mentioned once here, to increase awareness (and
> document this inn the mailing-list archive).
>
> Greets,
> Marc
>
> > On 04/15/2013 02:05 AM, Marc Heuse wrote:
> >> I guys,
> >>
> >> in a training, one of the attendees spotted something special in the RFC
> >> I had overseen so far - this is another easy way to remove the valid
> >> default gateway. I do not want to take credit for this, so with his OK,
> >> I forward his email. Enjoy!
> >>
> >> (some might know maybe, I did not :-) )
> >>
> >> Greets,
> >> Marc
> >>
> >> -------- Original Message --------
> >> Subject:     Neighbor advertisement router flag
> >> Date:        Sun, 14 Apr 2013 14:54:46 +0200
> >> From:        Hendrik Schimmelpenninck <hendrik at svdo.nl>
> >> To:  mh at mh-sec.de
> >>
> >>
> >> Hi Marc,
> >>
> >> Inspired after your training, I did some testing with the
> >> neighbor advertisement router flag that we discussed earlier. I was able
> >> to reproduce the behaviour that the RFC 4861 describes in 7.2.5 II.
> >>
> >> After sending a (unsolicited) neighbor advertisement for the current
> >> default router with the router set to false, both Ubuntu 12.04 and
> >> Windows 7 remove the router from the default router list.
> >>
> >> I thought this could make a good addition to kill_router6, for when the
> >> RA lifetime 0 attack might not work. I would like to add it to your
> >> code, but I am not familiar enough with C and your framework yet. I will
> >> try and get into your code, but it will probably take a while. Also,
> >> I'll have some other operating systems to test it on next week.
> >>
> >> Thanks again for the training, I had a blast!
> >>
> >> Regards,
> >> Hendrik
>
> --
> Marc Heuse
> www.mh-sec.de
>
> PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>



-- 
Καργιωτάκης Γιώργος

More information about the Ipv6hackers mailing list