[ipv6hackers] Windows ping6-of-death

[Johannes Weber]

Hey guys,

hm, I am stuck for the moment.

- I tried frag6 (which has the --pod-attack option), but getting other errors:
jwe at ipv6-in-pc02:~/ipv6-toolkit-v1.3.4$ sudo frag6 -i eth0 -d ff02::1
--pod-attack -v
Couldn't find local router. Now trying Neighbor Discovery for the target node
Error while performing Neighbor Discovery for the Destination Address

jwe at ipv6-in-pc02:~/ipv6-toolkit-v1.3.4$ sudo frag6 -i eth0 -d ff02::1 -D
33:33:00:00:00:01 --pod-attack -v
Couldn't find local router. Now trying Neighbor Discovery for the target node
Error while performing Neighbor Discovery for the Destination Address

Any ideas?

- The fuzz(ICMPv6NDOptPrefixInfo()) method works but produces mainly malformed
IPv6 packets.
- I tried some other prefixlen values with scapy, but it accepts only values
between 0..255. So "-1" or "256" cannot be used. 255 does not produce an Win7
crash, either. Also the prefix cannot be set to an unrealistic value, because
scapy checks the integrity of the mentioned prefix, i.e.,
"2001:db8:3:4:5:6:7:8:9::" does not work.

Regards,

Johannes


> Pierre Emeriaud <petrus.lt at gmail.com> hat am 14. August 2013 um 13:58
> geschrieben:
>
>
> 2013/8/14 Johannes Weber <johannes at webernetz.net>:
> >
> > I just tried the scapy command from Pierre in my IPv6 laboratory but it has
> > not
> > crashed the Windows 7 machine (which is of course not yet patched).
>
> I also tried it a few minutes ago with a friend (also on a win7) and
> it didn't crashed. This test was maybe too basic.
>
> One could try with fuzz(ICMPv6NDOptPrefixInfo()) instead of specifying
> prefix & prefix length.
>
>
> ---
> Pierre
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>