Commit 96e87031 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 1.4.1

parents
SI6 Networks' IPv6 Toolkit v1.4.1
* frag6: Fixed bug that prevented Ethernet header from being filled
A bug in the code caused Ethernet frames to go on te wire without any of
their header fields completed.
* All: Use of library to avoid code replication
An "libipv6" library was created, such that common functions do not need
to be replicated for each tool. ni6, ns6, rs6, and tcp6 now employ such
library.
SI6 Networks' IPv6 Toolkit v1.4 release
* frag6: Fixed the flooding option
Fixed the fragment size used when employing the flooding option. It was
prevously sending fragment sizes that where not a multiple of eight, and
hence these fragments were dropped.
* scan6: Added support for 64-bit encoding of IPv4 addresses
Option "--tgt-ipv4" was augmented to support both encodings (32 bit
and 64 bit) of embedded IPv4 addresses.
* tcp6: Fixed response to Neighbor Solicitations
tcp6 was not responding to incomming Neighbor Solicitations. Hence, when
packets were sent from spoofed addresses, tcp6 would never receive the
response packets, because the NSs sent by the local router or target node
would never be responded.
* tcp6: Added support for TCP Window-based attacks
tcp6 can now close the window after sending an app-layer command, and
also "modulate" the TCP window to circumvent trivial mitigations for these
attacks ("--window-mode" and "--win-modulate" options).
* tcp6: Support for multiple connection-establishment types
tcp6 can now cause e.g. TCP simultaneous opens (see the "--open-mode"
option).
* tcp6: Support for multiple connection-termination types
tcp6 can now perform multiple connection-termination types (see the
"--close-mode" option).
* tcp6: Support for sending application layer requests
tcp6 can now send application-layer requests with the "--data" option.
* Many improvements to the manual pages.
Fixed the troff encoding of many manual pages. Added ipv6toolkit(7), that
describes a general description of the toolkit.
* All: Fixed bug in link-layer destination address selection
Tools now try to find a local router or perform Neighbor Discovery only
when necessary (i.e., underlying link-layer is *not* loopback or tunnel,
destination address is *not* link-local, and a link-layer destination
address has *not* been specified).
* All: Fixed bug in option handling
Incorrect data type was used for the return value of getopt_long(), thus
leading to problems in some architectures.
* All: Fixed a number of issues with pcap_next_ex()
The timeout parameter of pcap_next_ex() is now based on the platform (the
previous constant value had different semantics in different platforms).
Additionally, handle the case where pcap_next_ex() returns no packets.
* All: General improvements and clean-up
The development process now includes building the toolkit with the clang
compiler (in addition to gcc), which has lead to the identification of a
number of issues.
* All: Improved support for building the toolkit.
The toolkit now contains one makefile for pmake, and another for GNU make.
Added support for the DESTDIR variable. Appropriate paths are selected
based on the value of a number of variables. Configuration file is
dynamically generated, with the right path to the oui.txt file.
CONTRIBUTORS
------------
** Contributors **
The following people sent patches that were incorporated into this release
of the toolkit:
Octavio Alvarez <alvarezp@alvarezp.com>
Alistair Crooks <agc@pkgsrc.org>
** Package maintainers **
Availability of packages for different operating systems makes it easier for
users to install and update the toolkit, and for the toolkit to integrate
better with the operating systems.
These are the maintainers for each of the different packages:
+ Debian
Octavio Alvarez <alvarezp@alvarezp.com>, sponsored by Luciano Bello
<luciano@debian.org>
+ FreeBSD
Hiroki Sato <hrs@FreeBSD.org>
+ Gentoo Linux
Robin H. Johnson <robbat2@gentoo.org>
+ NetBSD (pkgsrc framework)
Alistair Crooks <agc@pkgsrc.org>
+ OpenBSD
Alexander Bluhm <bluhm@openbsd.org>
#
# SI6 Networks' IPv6 toolkit Makefile (for GNU make)
#
# Notes to package developers:
#
# By default, binaries will be installed in /usr/local/bin, manual pages in
# /usr/local/man, data files in /usr/local/share/ipv6toolkit, and configuration
# files in /etc
#
# The path of the binaries and data files can be overriden by setting "PREFIX"
# variable accordingly. The path of the manual pages can be overriden by setting
# the MANPREFIX variable. Typically, packages will set these variables as follows:
#
# PREFIX=usr/
# MANPREFIX=usr/share
#
# Finally, please note that this makefile supports the DESTDIR variable, as
# typically employed by package developers.
CC= gcc
CFLAGS+= -Wall
LDFLAGS+= -lpcap -lm
ifndef PREFIX
PREFIX=/usr/local
ifndef MANPREFIX
MANPREFIX=/usr/local
endif
else
ifndef MANPREFIX
MANPREFIX=/usr/share
endif
endif
ETCPATH= $(DESTDIR)/etc
MANPATH= $(DESTDIR)$(MANPREFIX)/man
DATAPATH= $(DESTDIR)$(PREFIX)/share/ipv6toolkit
BINPATH= $(DESTDIR)$(PREFIX)/bin
SBINPATH= $(DESTDIR)$(PREFIX)/sbin
SRCPATH= tools
SBINTOOLS= flow6 frag6 icmp6 jumbo6 na6 ni6 ns6 ra6 rd6 rs6 scan6 tcp6
BINTOOLS= addr6
TOOLS= $(BINTOOLS) $(SBINTOOLS)
LIBS= libipv6.o
all: $(TOOLS) $(LIBS) ipv6toolkit.conf
addr6: $(SRCPATH)/addr6.c $(SRCPATH)/addr6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o addr6 $(SRCPATH)/addr6.c $(LDFLAGS)
flow6: $(SRCPATH)/flow6.c $(SRCPATH)/flow6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o flow6 $(SRCPATH)/flow6.c $(LDFLAGS)
frag6: $(SRCPATH)/frag6.c $(SRCPATH)/frag6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o frag6 $(SRCPATH)/frag6.c $(LDFLAGS)
icmp6: $(SRCPATH)/icmp6.c $(SRCPATH)/icmp6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o icmp6 $(SRCPATH)/icmp6.c $(LDFLAGS)
jumbo6: $(SRCPATH)/jumbo6.c $(SRCPATH)/jumbo6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o jumbo6 $(SRCPATH)/jumbo6.c $(LDFLAGS)
na6: $(SRCPATH)/na6.c $(SRCPATH)/na6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o na6 $(SRCPATH)/na6.c $(LDFLAGS)
ni6: $(SRCPATH)/ni6.c $(SRCPATH)/ni6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ni6 $(SRCPATH)/ni6.c $(LIBS) $(LDFLAGS)
ns6: $(SRCPATH)/ns6.c $(SRCPATH)/ns6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ns6 $(SRCPATH)/ns6.c $(LIBS) $(LDFLAGS)
ra6: $(SRCPATH)/ra6.c $(SRCPATH)/ra6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ra6 $(SRCPATH)/ra6.c $(LDFLAGS)
rd6: $(SRCPATH)/rd6.c $(SRCPATH)/rd6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o rd6 $(SRCPATH)/rd6.c $(LDFLAGS)
rs6: $(SRCPATH)/rs6.c $(SRCPATH)/rs6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o rs6 $(SRCPATH)/rs6.c $(LIBS) $(LDFLAGS)
scan6: $(SRCPATH)/scan6.c $(SRCPATH)/scan6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o scan6 $(SRCPATH)/scan6.c $(LDFLAGS)
tcp6: $(SRCPATH)/tcp6.c $(SRCPATH)/tcp6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o tcp6 $(SRCPATH)/tcp6.c $(LIBS) $(LDFLAGS)
libipv6.o: $(SRCPATH)/libipv6.c $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -c -o libipv6.o $(SRCPATH)/libipv6.c
ipv6toolkit.conf:
echo "# SI6 Networks' IPv6 Toolkit Configuration File" > \
data/ipv6toolkit.conf
echo OUI-Database=$(PREFIX)/share/ipv6toolkit/oui.txt >> \
data/ipv6toolkit.conf
clean:
rm -f $(TOOLS) $(LIBS)
rm -f data/ipv6toolkit.conf
install: all
# Install the binaries
install -m0755 -d $(BINPATH)
install -m0755 -d $(SBINPATH)
install -m0755 $(BINTOOLS) $(BINPATH)
install -m0755 $(SBINTOOLS) $(SBINPATH)
# Install the configuration file
install -m0644 data/ipv6toolkit.conf $(ETCPATH)
# Install the IEEE OUI database
install -m0755 -d $(DATAPATH)
install -m0644 data/oui.txt $(DATAPATH)
# Install the manual pages
install -m0755 -d $(MANPATH)/man1
install -m0644 manuals/*.1 $(MANPATH)/man1
install -m0755 -d $(MANPATH)/man5
install -m0644 manuals/*.5 $(MANPATH)/man5
install -m0755 -d $(MANPATH)/man7
install -m0644 manuals/*.7 $(MANPATH)/man7
uninstall:
# Remove the binaries
rm -f $(BINPATH)/addr6
rm -f $(SBINPATH)/flow6
rm -f $(SBINPATH)/frag6
rm -f $(SBINPATH)/icmp6
rm -f $(SBINPATH)/jumbo6
rm -f $(SBINPATH)/na6
rm -f $(SBINPATH)/ni6
rm -f $(SBINPATH)/ns6
rm -f $(SBINPATH)/ra6
rm -f $(SBINPATH)/rd6
rm -f $(SBINPATH)/rs6
rm -f $(SBINPATH)/scan6
rm -f $(SBINPATH)/tcp6
# Remove the configuration file
rm -f $(ETCPATH)/ipv6toolkit.conf
# Remove the IEEE OUI database
rm -rf $(DATAPATH)
# Remove the manual pages
rm -f $(MANPATH)/man1/addr6.1
rm -f $(MANPATH)/man1/flow6.1
rm -f $(MANPATH)/man1/frag6.1
rm -f $(MANPATH)/man1/icmp6.1
rm -f $(MANPATH)/man1/jumbo6.1
rm -f $(MANPATH)/man1/na6.1
rm -f $(MANPATH)/man1/ni6.1
rm -f $(MANPATH)/man1/ns6.1
rm -f $(MANPATH)/man1/ra6.1
rm -f $(MANPATH)/man1/rd6.1
rm -f $(MANPATH)/man1/rs6.1
rm -f $(MANPATH)/man1/scan6.1
rm -f $(MANPATH)/man1/tcp6.1
rm -f $(MANPATH)/man5/ipv6toolkit.conf.5
rm -f $(MANPATH)/man7/ipv6toolkit.7
This diff is collapsed.
#
# SI6 Networks' IPv6 toolkit Makefile
#
# Notes to package developers:
#
# By default, binaries will be installed in /usr/local/bin, manual pages in
# /usr/local/man, data files in /usr/local/share/ipv6toolkit, and configuration
# files in /etc
#
# The path of the binaries and data files can be overriden by setting "PREFIX"
# variable accordingly. The path of the manual pages can be overriden by setting
# the MANPREFIX variable. Typically, packages will set these variables as follows:
#
# PREFIX=usr/
# MANPREFIX=usr/share
#
# Finally, please note that this makefile supports the DESTDIR variable, as
# typically employed by package developers.
CC= gcc
CFLAGS+= -Wall
LDFLAGS+= -lpcap -lm
.ifndef(PREFIX)
PREFIX=/usr/local
.ifndef(MANPREFIX)
MANPREFIX=/usr/local
.endif
.else
.ifndef(MANPREFIX)
MANPREFIX=/usr/share
.endif
.endif
ETCPATH= $(DESTDIR)/etc
MANPATH= $(DESTDIR)$(MANPREFIX)/man
DATAPATH= $(DESTDIR)$(PREFIX)/share/ipv6toolkit
BINPATH= $(DESTDIR)$(PREFIX)/bin
SBINPATH= $(DESTDIR)$(PREFIX)/sbin
SRCPATH= tools
SBINTOOLS= flow6 frag6 icmp6 jumbo6 na6 ni6 ns6 ra6 rd6 rs6 scan6 tcp6
BINTOOLS= addr6
TOOLS= $(BINTOOLS) $(SBINTOOLS)
LIBS= libipv6.o
all: $(TOOLS) ipv6toolkit.conf
addr6: $(SRCPATH)/addr6.c $(SRCPATH)/addr6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o addr6 $(SRCPATH)/addr6.c $(LDFLAGS)
flow6: $(SRCPATH)/flow6.c $(SRCPATH)/flow6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o flow6 $(SRCPATH)/flow6.c $(LDFLAGS)
frag6: $(SRCPATH)/frag6.c $(SRCPATH)/frag6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o frag6 $(SRCPATH)/frag6.c $(LDFLAGS)
icmp6: $(SRCPATH)/icmp6.c $(SRCPATH)/icmp6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o icmp6 $(SRCPATH)/icmp6.c $(LDFLAGS)
jumbo6: $(SRCPATH)/jumbo6.c $(SRCPATH)/jumbo6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o jumbo6 $(SRCPATH)/jumbo6.c $(LDFLAGS)
na6: $(SRCPATH)/na6.c $(SRCPATH)/na6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o na6 $(SRCPATH)/na6.c $(LDFLAGS)
ni6: $(SRCPATH)/ni6.c $(SRCPATH)/ni6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ni6 $(SRCPATH)/ni6.c $(LIBS) $(LDFLAGS)
ns6: $(SRCPATH)/ns6.c $(SRCPATH)/ns6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ns6 $(SRCPATH)/ns6.c $(LIBS) $(LDFLAGS)
ra6: $(SRCPATH)/ra6.c $(SRCPATH)/ra6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o ra6 $(SRCPATH)/ra6.c $(LDFLAGS)
rd6: $(SRCPATH)/rd6.c $(SRCPATH)/rd6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o rd6 $(SRCPATH)/rd6.c $(LDFLAGS)
rs6: $(SRCPATH)/rs6.c $(SRCPATH)/rs6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o rs6 $(SRCPATH)/rs6.c $(LDFLAGS)
scan6: $(SRCPATH)/scan6.c $(SRCPATH)/scan6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o scan6 $(SRCPATH)/scan6.c $(LDFLAGS)
tcp6: $(SRCPATH)/tcp6.c $(SRCPATH)/tcp6.h $(SRCPATH)/ipv6toolkit.h
$(CC) $(CPPFLAGS) $(CFLAGS) -o tcp6 $(SRCPATH)/tcp6.c $(LDFLAGS)
libipv6.o: $(SRCPATH)/libipv6.c $(SRCPATH)/libipv6.h
$(CC) $(CPPFLAGS) $(CFLAGS) -c -o libipv6.o $(SRCPATH)/libipv6.c
ipv6toolkit.conf:
echo "# SI6 Networks' IPv6 Toolkit Configuration File" > \
data/ipv6toolkit.conf
echo OUI-Database=$(PREFIX)/share/ipv6toolkit/oui.txt >> \
data/ipv6toolkit.conf
clean:
rm -f $(TOOLS) $(LIBS)
rm -f data/ipv6toolkit.conf
install: all
# Install the binaries
install -m0755 -d $(BINPATH)
install -m0755 -d $(SBINPATH)
install -m0755 $(BINTOOLS) $(BINPATH)
install -m0755 $(SBINTOOLS) $(SBINPATH)
# Install the configuration file
install -m0644 data/ipv6toolkit.conf $(ETCPATH)
# Install the IEEE OUI database
install -m0755 -d $(DATAPATH)
install -m0644 data/oui.txt $(DATAPATH)
# Install the manual pages
install -m0755 -d $(MANPATH)/man1
install -m0644 manuals/*.1 $(MANPATH)/man1
install -m0755 -d $(MANPATH)/man5
install -m0644 manuals/*.5 $(MANPATH)/man5
install -m0755 -d $(MANPATH)/man7
install -m0644 manuals/*.7 $(MANPATH)/man7
uninstall:
# Remove the binaries
rm -f $(BINPATH)/addr6
rm -f $(SBINPATH)/flow6
rm -f $(SBINPATH)/frag6
rm -f $(SBINPATH)/icmp6
rm -f $(SBINPATH)/jumbo6
rm -f $(SBINPATH)/na6
rm -f $(SBINPATH)/ni6
rm -f $(SBINPATH)/ns6
rm -f $(SBINPATH)/ra6
rm -f $(SBINPATH)/rd6
rm -f $(SBINPATH)/rs6
rm -f $(SBINPATH)/scan6
rm -f $(SBINPATH)/tcp6
# Remove the configuration file
rm -f $(ETCPATH)/ipv6toolkit.conf
# Remove the IEEE OUI database
rm -rf $(DATAPATH)
# Remove the manual pages
rm -f $(MANPATH)/man1/addr6.1
rm -f $(MANPATH)/man1/flow6.1
rm -f $(MANPATH)/man1/frag6.1
rm -f $(MANPATH)/man1/icmp6.1
rm -f $(MANPATH)/man1/jumbo6.1
rm -f $(MANPATH)/man1/na6.1
rm -f $(MANPATH)/man1/ni6.1
rm -f $(MANPATH)/man1/ns6.1
rm -f $(MANPATH)/man1/ra6.1
rm -f $(MANPATH)/man1/rd6.1
rm -f $(MANPATH)/man1/rs6.1
rm -f $(MANPATH)/man1/scan6.1
rm -f $(MANPATH)/man1/tcp6.1
rm -f $(MANPATH)/man5/ipv6toolkit.conf.5
rm -f $(MANPATH)/man7/ipv6toolkit.7
*******************************************************************************
* SI6 Networks IPv6 Toolkit v1.4.1 *
*******************************************************************************
Description of each of the files and directories:
-------------------------------------------------
manuals: Contains the manual pages for the security assessment tools.
tools: Contains the source code for the security assessment tools.
CHANGES.TXT: Contains the changelog of the toolkit
CONTRIB.TXT: Contains the list of people that have contributed to this
project.
LICENSE.TXT: Contains the license for this software (GPLv3)
README.TXT: This file.
Building the tools
------------------
You can build the tools by running the following command:
make all
You can install the tools, configuration file, database, and existing manual
pages by running the following command:
make install
Note: The libpcap library must be previously installed on the system.
All the tools have been tested to compile and run on Debian GNU/Linux 6.0,
FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Ubuntu 11.10, and Mac 0S 10.8.0.
Bug reports
-----------
Please send any bug reports to Fernando Gont <fgont@si6networks.com>
File added
# SI6 Networks' IPv6 Toolkit Configuration File
OUI-Database=/usr/local/share/ipv6toolkit/oui.txt
This diff is collapsed.
# SI6 Networks' IPv6 Toolkit Configuration File
OUI-Database=/usr/local/share/ipv6toolkit/oui.txt
This diff is collapsed.
.TH FLOW6 1
.SH NAME
flow6 \- A security assessment tool for the IPv6 Flow Label field
.SH SYNOPSIS
.B flow6
.BI \-i \|\ INTERFACE
.BI \-d \|\ DST_ADDR
.RB [\| \-S
.IR LINK_SRC_ADDR\| ]
.RB [\| \-D
.IR LINK_DST_ADDR\| ]
.RB [\| \-s
.IR SRC_ADDR \|[/\| LEN \|]]
.RB [\| \-A
.IR HOP_LIMIT \|]
.RB [\| \-P
.IR PROTOCOL \|]
.RB [\| \-p
.IR PORT \|]
.RB [\| \-W \|]
.RB [\| \-v \|]
.RB [\| \-h \|]
.SH DESCRIPTION
.B flow6
performs a security assessment of the Flow Label generation policy of a target node. It is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols.
.B flow6
sends a number of probe packets to the target node, and samples the Flow Label values of the corresponding response packets. Based on the sampled values, it tries to infer the Flow Label generation policy of the target.
.PP
The tool will first send a number of probe packets from single IPv6 address, such that the per-destination policy is determined. The tool will then send probe packets from random IPv6 addresses (from the same prefix as the first probes) such that the "global" Flow Label generation policy can be determined.
.PP
The tool computes the expected value and the standard deviation of the difference between consecutive-sampled Flow Label values (Labeln – Labeln-1) with the intent of inferring the Flow Label generation algorithm of the target node.
.PP
If the standard deviation of [Labeln – Labeln-1] is 0, the Flow Label is assumed to be set to a constant value, and the corresponding value is informed to the user. For small values of the standard deviation, the Flow Label is assumed to be a monotonically-increasing function with increments of the "expected value", and such "expected value" together with the standard deviation, are informed to the user. For large values of the standard deviation, the Flow Label is assumed to be randomized, and the expected value and standard deviation are informed to the user, as indicators of the "quality" of the Flow Label generation algorithm.
.SH OPTIONS
.B flow6
takes it parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface").
.TP
.BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE
This option specifies the network interface that the tool will use. The network interface must be specified (i.e., the tool does not select any network interface "by default").
.TP
.BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR
This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the probe packets. If an IPv6 prefix is specified, the IPv6 Source Address of the ICMPv6 packets will be randomized from that prefix.
.TP
.BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR
This option specifies the IPv6 Destination Address of the target node. This option cannot be left unspecified.
.TP
.BI \-A\ HOP_LIMIT ,\ \-\-hop\-limit\ HOP_LIMIT
This option specifies the Hop Limit to be used for the IPv6 packets. By default, the Hop Limit is randomized.
.TP
.BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR
This option specifies the link-layer Source Address of the probe packets (currently, only Ethernet is supported). If left unspecified, the link-layer Source Address of the packets is set to the real link-layer address of the network interface.
.TP
.BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR
This option specifies the link-layer Destination Address of the probe packets (currently, only Ethernet is supported). By default, the link-layer Destination Address is automatically set to the link-layer address of the destination host (for on-link destinations) or to the link-layer address of the first-hop router.
.TP
.BI \-P\ PROTOCOL ,\ \-\-protocol\ PROTOCOL
This option specifies the protocol type of the probe packets. Currently, both "UDP" and "TCP" are supported. If this option is left unspecified, the protocol type defaults to "TCP".
.TP
.BI \-p\ PORT ,\ \-\-dst\-port\ PORT
This option specifies the Destination Port of the probe packets. If left unspecified, the Destination Port defaults to "80" when the IPv6 payload is TCP, and to 53 if the IPv6 payload is UDP.
Note: Since it is vital for the tool to receive response packets to be able to infer the Flow Label algorithm of the target, the protocol type and Destination Port should be carefully selected (i.e., the corresponding protocol and Destination Port should not be filter, and the target should respond to packets sent to that protocol/port).
.TP
.BR \-W,\ \-\-flow\-label\-policy
This option instructs the tool to determine the Flow Label generation policy. As of this version of the tool, this option must be specified.
.TP
.BR \-v\| ,\ \-\-verbose
This option instructs the flow6 tool to be verbose. If this option is set twice, the tool is "very verbose", and outputs the sampled Flow Label values (in addition to other information).
.TP
.BR \-h\| ,\ \-\-help
Print help information for the
.B flow6
tool.
.SH EXAMPLES
The following sections illustrate typical use cases of the
.B flow6
tool.
\fBExample #1\fR
# flow6 \-i eth0 \-\-flow-label-policy \-d fe80::1 \-v
Assess the Flow Label generation policy of the host "fe80::1", using the network interface "eth0". Probe packets are TCP segments directed to port 80 (default). Be verbose.
\fBExample #2\fR
# flow6 \-i eth0 \-d fe80::1 \-\-flow\-label\-policy \-P TCP \-p 22 \-vv
Assess the Flow Label generation policy of the host "fe80::1", using the network interface "eth0". Probe packets are TCP segments directed to port 22. Be very verbose (i.e., list the sampled Flow Label values).
.SH AUTHOR
The
.B flow6
tool and the corresponding manual pages were produced by Fernando Gont <fgont@si6networks.com> for SI6 Networks <http://www.si6networks.com>.
.SH COPYRIGHT
Copyright (c) 2011\-2013 Fernando Gont.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being just "AUTHOR" and "COPYRIGHT", with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at
.IR <http://www.gnu.org/licenses/fdl.html> .
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
.TH NS6 1
.SH NAME
ns6 \- A security assessment tool for attack vectors based on ICMPv6 Neighbor Solicitation messages
.SH SYNOPSIS
.B ns6
\-i INTERFACE [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-E LINK_ADDR] [\-e] [\-t TARGET_ADDR[/LEN]] [\-F N_SOURCES] [\-T N_TARGETS] [\-z SECONDS] [\-l] [\-v] [\-h]
.SH DESCRIPTION
.B ns6
allows the assessment of IPv6 implementations with respect to a variety of attacks based on ICMPv6 Neighbor Solicitation messages. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols.
.SH OPTIONS
.B ns6
The ns6 tool takes its parameters by means of command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface").
Depending on the amount of information (i.e., options) to be conveyed into the Neighbor Solicitations, it may be necessary for the ns6 tool to split that information into more than one Neighbor Solicitation message. Also, when the ns6 tool is instructed to flood the victim with Neighbor Solicitations from different sources ("\-\-flood\-sources" option), multiple packets may need to be sent. ns6 supports IPv6 fragmentation, which may be of use if a large amount of information needs to be conveyed within a single Neighbor Solicitation message. IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option.
.TP
\-\-interface, \-i
This option specifies the network interface that na-attack will use. The network interface must be specified (i.e., the tool does not select any network interface "by default").
.TP
\-\-src\-address, \-s
This option is meant to specify the IPv6 Source Address to be used for the Neighbor Solicitation messages. If left unspecified, a randomized link-local (fe80::/64) address is selected.
.TP
\-\-dst\-address, \-d
This option specifies the IPv6 Destination Address of the Neighbor Solicitation messages. If this option is left unspecified, but the Ethernet Destination Address is specified, the "all-nodes link-local multicast" address (ff02::1) is selected as the IPv6 Destination Address.
.TP
\-\-hop\-limit, \-A
This option specifies the IPv6 Hop Limit to be used for the Neighbor Solicitation messages. It defaults to 255. Note that IPv6 nodes are required to check that the Hop Limit of incoming Neighbor Solicitation messages is 255. Therefore, this option is only useful to assess whether an IPv6 implementation fails to enforce the aforementioned check.
.TP
\-\-frag\-hdr, \-y
This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option.
.TP
\-\-dst\-opt\-hdr, \-u
This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options.
.TP
\-\-dst\-opt\-u\-hdr, \-U
This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed).
.TP
\-\-hbh\-opt\-hdr, \-H
This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop-by-Hop Options headers may be specified by means of multiple "\-H" options.
.TP
\-\-src\-link\-address, \-S
This option specifies the link-layer Source Address of the Neighbor Solicitation messages (currently, only Ethernet is supported). If left unspecified, the link-layer Source Address is randomized.
.TP
\-\-link\-dst\-address, \-D
This option specifies the link-layer Destination Address of the Neighbor Solicitation messages (currently, only Ethernet is supported). If left unspecified, it is set to the address "33:33:00:00:00:01" (the Ethernet address corresponding to the "all-nodes link-local multicast" IPv6 address (ff02::1).
.TP
\-\-target, \-t
This option specifies the IPv6 Target Address of the Neighbor Solicitation messages.
If the "\-T" ("\-\-flood\-targets") option is specified, this option specifies an IPv6 prefix in the form "\-t prefix/prefixlen". See the description of the "\-T" option for further information on how the "\-t" option is processed in that specific case.
.TP
\-\-source\-lla\-opt, \-E
This option specifies the contents of a source link-layer address option to be included in the Neighbor Solicitation messages. If more than one source link-layer address is specified (by means of multiple "\-E" options), and all the resulting options cannot be conveyed into a single Neighbor Solicitation, multiple Neighbor Solicitations will be sent as needed.
.TP
\-\-add\-slla\-opt, \-e
This option instructs the ns6 tool to include a source link-layer address option in the Neighbor Solicitation messages that it sends. The link-layer address included in the option is the same as the Ethernet Source Address used for the outgoing Neighbor Solicitation messages.
.TP
\-\-flood\-sources, \-F
This option instructs the ns6 tool to send Neighbor Solicitations from multiple (and random) IPv6 Source Addresses. The number of different sources is specified as "\-F number". The IPv6 Source Address of the packets are randomly selected from the prefix specified by the "\-s" option (which defaults to fe80::/64).
.TP
\-\-flood\-targets, \-T
This option instructs the ns6 tool to send Neighbor Solicitation messages for multiple Target Addresses. The number of different Target Addresses is specified as "\-T number". The Target Address of each packet is randomly selected from the prefix ::/64, unless a different prefix has been specified by means of the "\-t" option.
.TP
\-\-loop, \-l