[ipv6hackers] thc-ipv6 v2.3

Marc Heuse mh at mh-sec.de
Fri May 3 15:42:10 CEST 2013

Hi guys,

I just released v2.3 of the thc-ipv6 toolkit at

There is quite some new stuff in there, however my plan was to add way
more. But other things kept me busy, and I have to make this release now:
In the C't magazine 11/13 available on Monday there will be two articles
by me with the results of IPv6 assessment of Cisco ASA, Fortinet and
Juniper SRX. And an article on how to test firewall implementations
yourself by hand. For the latter article, some new features were
required, and hence I need to release now :-)

So enjoy the current version.
I think the next release with more interesting stuff might be at OHM
begin of August.

v2.3 - PUBLIC
 * Added new tool: thcsyn6 - a TCP flooding tool
 * Added new tool: redirsniff6 - redirects traffic (sniff variant
   to redir6)
 * Added new script: thc-ipv6-setup.sh - configuring Linux for thc-ipv6
 * Added new script: 6to4test.sh - check an ipv4 address for dynamic
   6to4 tunnel setup
 * flood_router26: added -s option for small lifetime which makes the
   attack even more devasting
 * trace6:
    - added -B option for sending echo reply packets (will not show the
    - added -E option for sending destination headers with invalid
 * thcping6:
    - -U/-S port options now also set the source port
    - -U/-S options now also send data if given
    - -f fragment option can now be used multiple times
 * implementation6:
    - fixed bug in test case
    - added icmp6 type/code printing for error replies
 * toobig6: added -u option to allow testing for unrelated ICMPv6
   packet firewall bypasses
 * firewall6: added more test cases
 * thc-ipv6-lib:
    - fixed address selection bug if global and ULA addresses are
    - change NDP to use ff02::1:ffxx:xxx limited multicast addresses
    - thc_resolve6 ignores now anything after a "/" or in before/after


Marc Heuse

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list