Commit fc710dd2 authored by Raphaël Hertzog's avatar Raphaël Hertzog

Merge branch 'upstream'

parents a9c7a294 1ac06c62
# SI6 Networks' IPv6 Toolkit Configuration File
OUI-Database=/usr/local/share/ipv6toolkit/oui.txt
This diff is collapsed.
.TH FLOW6 1
.SH NAME
flow6 \- A security assessment tool for the IPv6 Flow Label field
.SH SYNOPSIS
.B flow6
.BI \-i \|\ INTERFACE
.BI \-d \|\ DST_ADDR
.RB [\| \-S
.IR LINK_SRC_ADDR\| ]
.RB [\| \-D
.IR LINK_DST_ADDR\| ]
.RB [\| \-s
.IR SRC_ADDR \|[/\| LEN \|]]
.RB [\| \-A
.IR HOP_LIMIT \|]
.RB [\| \-P
.IR PROTOCOL \|]
.RB [\| \-p
.IR PORT \|]
.RB [\| \-W \|]
.RB [\| \-v \|]
.RB [\| \-h \|]
.SH DESCRIPTION
.B flow6
performs a security assessment of the Flow Label generation policy of a target node. It is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols.
.B flow6
sends a number of probe packets to the target node, and samples the Flow Label values of the corresponding response packets. Based on the sampled values, it tries to infer the Flow Label generation policy of the target.
.PP
The tool will first send a number of probe packets from single IPv6 address, such that the per-destination policy is determined. The tool will then send probe packets from random IPv6 addresses (from the same prefix as the first probes) such that the "global" Flow Label generation policy can be determined.
.PP
The tool computes the expected value and the standard deviation of the difference between consecutive-sampled Flow Label values (Labeln – Labeln-1) with the intent of inferring the Flow Label generation algorithm of the target node.
.PP
If the standard deviation of [Labeln – Labeln-1] is 0, the Flow Label is assumed to be set to a constant value, and the corresponding value is informed to the user. For small values of the standard deviation, the Flow Label is assumed to be a monotonically-increasing function with increments of the "expected value", and such "expected value" together with the standard deviation, are informed to the user. For large values of the standard deviation, the Flow Label is assumed to be randomized, and the expected value and standard deviation are informed to the user, as indicators of the "quality" of the Flow Label generation algorithm.
.SH OPTIONS
.B flow6
takes it parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface").
.TP
.BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE
This option specifies the network interface that the tool will use. The network interface must be specified (i.e., the tool does not select any network interface "by default").
.TP
.BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR
This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the probe packets. If an IPv6 prefix is specified, the IPv6 Source Address of the ICMPv6 packets will be randomized from that prefix.
.TP
.BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR
This option specifies the IPv6 Destination Address of the target node. This option cannot be left unspecified.
.TP
.BI \-A\ HOP_LIMIT ,\ \-\-hop\-limit\ HOP_LIMIT
This option specifies the Hop Limit to be used for the IPv6 packets. By default, the Hop Limit is randomized.
.TP
.BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR
This option specifies the link-layer Source Address of the probe packets (currently, only Ethernet is supported). If left unspecified, the link-layer Source Address of the packets is set to the real link-layer address of the network interface.
.TP
.BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR
This option specifies the link-layer Destination Address of the probe packets (currently, only Ethernet is supported). By default, the link-layer Destination Address is automatically set to the link-layer address of the destination host (for on-link destinations) or to the link-layer address of the first-hop router.
.TP
.BI \-P\ PROTOCOL ,\ \-\-protocol\ PROTOCOL
This option specifies the protocol type of the probe packets. Currently, both "UDP" and "TCP" are supported. If this option is left unspecified, the protocol type defaults to "TCP".
.TP
.BI \-p\ PORT ,\ \-\-dst\-port\ PORT
This option specifies the Destination Port of the probe packets. If left unspecified, the Destination Port defaults to "80" when the IPv6 payload is TCP, and to 53 if the IPv6 payload is UDP.
Note: Since it is vital for the tool to receive response packets to be able to infer the Flow Label algorithm of the target, the protocol type and Destination Port should be carefully selected (i.e., the corresponding protocol and Destination Port should not be filter, and the target should respond to packets sent to that protocol/port).
.TP
.BR \-W,\ \-\-flow\-label\-policy
This option instructs the tool to determine the Flow Label generation policy. As of this version of the tool, this option must be specified.
.TP
.BR \-v\| ,\ \-\-verbose
This option instructs the flow6 tool to be verbose. If this option is set twice, the tool is "very verbose", and outputs the sampled Flow Label values (in addition to other information).
.TP
.BR \-h\| ,\ \-\-help
Print help information for the
.B flow6
tool.
.SH EXAMPLES
The following sections illustrate typical use cases of the
.B flow6
tool.
\fBExample #1\fR
# flow6 \-i eth0 \-\-flow-label-policy \-d fe80::1 \-v
Assess the Flow Label generation policy of the host "fe80::1", using the network interface "eth0". Probe packets are TCP segments directed to port 80 (default). Be verbose.
\fBExample #2\fR
# flow6 \-i eth0 \-d fe80::1 \-\-flow\-label\-policy \-P TCP \-p 22 \-vv
Assess the Flow Label generation policy of the host "fe80::1", using the network interface "eth0". Probe packets are TCP segments directed to port 22. Be very verbose (i.e., list the sampled Flow Label values).
.SH AUTHOR
The
.B flow6
tool and the corresponding manual pages were produced by Fernando Gont <fgont@si6networks.com> for SI6 Networks <http://www.si6networks.com>.
.SH COPYRIGHT
Copyright (c) 2011\-2013 Fernando Gont.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being just "AUTHOR" and "COPYRIGHT", with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at
.IR <http://www.gnu.org/licenses/fdl.html> .
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
.TH NS6 1
.SH NAME
ns6 \- A security assessment tool for attack vectors based on ICMPv6 Neighbor Solicitation messages
.SH SYNOPSIS
.B ns6
\-i INTERFACE [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-E LINK_ADDR] [\-e] [\-t TARGET_ADDR[/LEN]] [\-F N_SOURCES] [\-T N_TARGETS] [\-z SECONDS] [\-l] [\-v] [\-h]
.SH DESCRIPTION
.B ns6
allows the assessment of IPv6 implementations with respect to a variety of attacks based on ICMPv6 Neighbor Solicitation messages. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols.
.SH OPTIONS
.B ns6
The ns6 tool takes its parameters by means of command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface").
Depending on the amount of information (i.e., options) to be conveyed into the Neighbor Solicitations, it may be necessary for the ns6 tool to split that information into more than one Neighbor Solicitation message. Also, when the ns6 tool is instructed to flood the victim with Neighbor Solicitations from different sources ("\-\-flood\-sources" option), multiple packets may need to be sent. ns6 supports IPv6 fragmentation, which may be of use if a large amount of information needs to be conveyed within a single Neighbor Solicitation message. IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option.
.TP
\-\-interface, \-i
This option specifies the network interface that na-attack will use. The network interface must be specified (i.e., the tool does not select any network interface "by default").
.TP
\-\-src\-address, \-s
This option is meant to specify the IPv6 Source Address to be used for the Neighbor Solicitation messages. If left unspecified, a randomized link-local (fe80::/64) address is selected.
.TP
\-\-dst\-address, \-d
This option specifies the IPv6 Destination Address of the Neighbor Solicitation messages. If this option is left unspecified, but the Ethernet Destination Address is specified, the "all-nodes link-local multicast" address (ff02::1) is selected as the IPv6 Destination Address.
.TP
\-\-hop\-limit, \-A
This option specifies the IPv6 Hop Limit to be used for the Neighbor Solicitation messages. It defaults to 255. Note that IPv6 nodes are required to check that the Hop Limit of incoming Neighbor Solicitation messages is 255. Therefore, this option is only useful to assess whether an IPv6 implementation fails to enforce the aforementioned check.
.TP
\-\-frag\-hdr, \-y
This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option.
.TP
\-\-dst\-opt\-hdr, \-u
This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options.
.TP
\-\-dst\-opt\-u\-hdr, \-U
This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed).
.TP
\-\-hbh\-opt\-hdr, \-H
This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop-by-Hop Options headers may be specified by means of multiple "\-H" options.
.TP
\-\-src\-link\-address, \-S
This option specifies the link-layer Source Address of the Neighbor Solicitation messages (currently, only Ethernet is supported). If left unspecified, the link-layer Source Address is randomized.
.TP
\-\-link\-dst\-address, \-D
This option specifies the link-layer Destination Address of the Neighbor Solicitation messages (currently, only Ethernet is supported). If left unspecified, it is set to the address "33:33:00:00:00:01" (the Ethernet address corresponding to the "all-nodes link-local multicast" IPv6 address (ff02::1).
.TP
\-\-target, \-t
This option specifies the IPv6 Target Address of the Neighbor Solicitation messages.
If the "\-T" ("\-\-flood\-targets") option is specified, this option specifies an IPv6 prefix in the form "\-t prefix/prefixlen". See the description of the "\-T" option for further information on how the "\-t" option is processed in that specific case.
.TP
\-\-source\-lla\-opt, \-E
This option specifies the contents of a source link-layer address option to be included in the Neighbor Solicitation messages. If more than one source link-layer address is specified (by means of multiple "\-E" options), and all the resulting options cannot be conveyed into a single Neighbor Solicitation, multiple Neighbor Solicitations will be sent as needed.
.TP
\-\-add\-slla\-opt, \-e
This option instructs the ns6 tool to include a source link-layer address option in the Neighbor Solicitation messages that it sends. The link-layer address included in the option is the same as the Ethernet Source Address used for the outgoing Neighbor Solicitation messages.
.TP
\-\-flood\-sources, \-F
This option instructs the ns6 tool to send Neighbor Solicitations from multiple (and random) IPv6 Source Addresses. The number of different sources is specified as "\-F number". The IPv6 Source Address of the packets are randomly selected from the prefix specified by the "\-s" option (which defaults to fe80::/64).
.TP
\-\-flood\-targets, \-T
This option instructs the ns6 tool to send Neighbor Solicitation messages for multiple Target Addresses. The number of different Target Addresses is specified as "\-T number". The Target Address of each packet is randomly selected from the prefix ::/64, unless a different prefix has been specified by means of the "\-t" option.
.TP
\-\-loop, \-l
This option instructs the ns6 tool to send periodic Neighbor Solicitations to the victim. The amount of time to pause between sending Neighbor Solicitations can be specified by means of the "\-z" option, and defaults to 1 second.
.TP
\-\-sleep, \-z
This option instructs the ns6 tool to the amount of time to pause between sending Neighbor Solicitations. If left unspecified, it defaults to 1 second.
.TP
\-\-verbose, \-v
This option instructs the ns6 tool to be verbose.
.TP
\-\-help, \-h
Print help information for the ns6 tool.
.SH EXAMPLES
The following sections illustrate typical use cases of the
.B ns6
tool.
\fBExample #1\fR
# ns6 \-i eth0 \-d fe80::01 \-t 2001:db8::1 \-e
Use the network interface "eth0" to send a Neighbor Solicitation message using a random link-local unicast IPv6 Source Address and a random Ethernet Source Address, to the IPv6 Destination address fe80::1 and the Ethernet Destination Address 33:33:00:00:00:01 (selected by default). The target of the Neighbor Advertisement is 2001:db8::1. The Neighbor Solicitation also includes a source link-layer address option, that contains the same Ethernet address as that used for the Ethernet Source Address of the packet.
\fBExample #2\fR
# ns6 \-i eth0 \-s 2001:db8::/32 \-t 2001:db8::1 \-F 10 \-l \-z 10 \-e \-v
Send 10 Neighbor Solicitation messages using random Ethernet Source Addresses and random IPv6 Source Addresses from the prefix 2001:db8::/32, to the Ethernet Destination Address 33:33:00:00:00:01 (default) and the IPv6 Destination Address ff02::1 (default). The IPv6 Target Address of the Neighbor Solicitation is 2001:db8::1, and each message includes a source link-layer address option that contains the same address as that used for the Ethernet Source Address of the packet. Repeat this operation every ten seconds. Be verbose.
\fBExample #3\fR
# ns6 \-i eth0 \-s 2001:db8::/32 \-t 2001:db8::1 \-F 10 \-l \-z 10 \-E ff:ff:ff:ff:ff:ff \-v
Send 10 Neighbor Solicitation messages using random Ethernet Source Addresses and random IPv6 Source Addresses from the prefix fe80::/64 (default, link-local unicast), to the Ethernet Destination Address 33:33:00:00:00:01 (default) and the IPv6 Destination Address ff02:1 (default). The IPv6 Target Address of the Neighbor Solicitation is 2001:db8::1, and each message includes a source link-layer address option that contains the Ethernet address ff:ff:ff:ff:ff:ff. Repeat this operation every ten seconds. Be verbose.
.SH SEE ALSO
"Security/Robustness Assessment of IPv6 Neighbor Discovery Implementations" (available at: <http://www.si6networks.com/tools/ipv6toolkit/si6networks-ipv6\-nd-assessment.pdf>) for a discussion of Neighbor Discovery vulnerabilities, and additional examples of how to use the na6 tool to exploit them.
.SH AUTHOR
The
.B ns6
tool and the corresponding manual pages were produced by Fernando Gont
.I <fgont@si6networks.com>
for SI6 Networks
.IR <http://www.si6networks.com> .
.SH COPYRIGHT
Copyright (c) 2011\-2013 Fernando Gont.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being just "AUTHOR" and "COPYRIGHT", with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at
.IR <http://www.gnu.org/licenses/fdl.html> .
This diff is collapsed.
This diff is collapsed.
.TH RS6 1
.SH NAME
rs6 \- A security assessment tool for attack vectors based on ICMPv6 Router Solicitation messages
.SH SYNOPSIS
.B rs6
\-i INTERFACE [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-E LINK_ADDR] [\-e] [\-F N_SOURCES] [\-z SECONDS] [\-l] [\-v] [\-h]
.SH DESCRIPTION
.B rs6
allows the assessment of IPv6 implementations with respect to a variety of attacks based on ICMPv6 Router Solicitation messages. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols.
.SH OPTIONS
.B rs6
takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface").
Depending on the amount of information (i.e., options and option data) to be conveyed into the Router Solicitations, it may be necessary for rs6 to split that information into more than one Router Solicitation. Also, when the rs6 tool is instructed to flood the victim with Router Solicitations from different sources ("\-\-flood\-sources" option), multiple packets may need to be generated. rs6 supports IPv6 fragmentation, which may be of use if a large amount of information needs to be conveyed within a single Router Solicitation message. IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option.
.TP
\-\-interface, \-i
This option specifies the network interface that the rs6 tool will use. The network interface must be specified (i.e., the tool does not select any network interface "by default").
.TP
\-\-src\-address, \-s
This option is meant to specify the IPv6 Source Address (or IPv6 prefix) to be used for the Router Solicitation messages. If left unspecified, a randomized link-local unicast (fe80::/64) address is selected.
.TP
\-\-dst\-address, \-d
This option specifies the IPv6 Destination Address of the Router Solicitation messages. If left unspecified, but the Ethernet Destination Address is specified, the "all-routers link-local multicast" address (ff02::2) is selected as the IPv6 Destination Address.
.TP
\-\-hop\-limit, \-A
This option specifies the IPv6 Hop Limit to be used for the Router Solicitation messages. It defaults to 255. Note that IPv6 nodes are required to check that the Hop Limit of incoming Router Solicitation messages is 255. Therefore, this option is only useful to assess whether an IPv6 implementation fails to enforce the aforementioned check.
.TP
\-\-frag\-hdr, \-y
This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option.
.TP
\-\-dst\-opt\-hdr, \-u
This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options.
.TP
\-\-dst\-opt\-u\-hdr, \-U
This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed).
.TP
\-\-hbh\-opt\-hdr, \-H
This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop-by-Hop Options headers may be specified by means of multiple "\-H" options.
.TP
\-\-src\-link\-address, \-S
This option specifies the link-layer Source Address of the Router Solicitation messages (currently, only Ethernet is supported). If left unspecified, the link-layer Source Address is randomized.
.TP
\-\-link\-dst\-address, \-D
This option specifies the link-layer Destination Address of the Router Solicitation messages (currently, only Ethernet is supported). If left unspecified, the link-layer Destination Address is set to "33:33:00:00:00:02" (the Ethernet address that corresponds to the "all-routers link-local multicast" address).
.TP
\-\-source\-lla\-opt, \-E
This option specifies the contents of a source link-layer address option to be included in the Router Solicitation messages. If more than one source link-layer address is specified (by means of multiple "\-E" options), and all the resulting options cannot be conveyed into a single Router Solicitation, multiple Router Solicitations will be sent as needed.
.TP
\-\-add\-slla\-opt, \-e
This option instructs the rs6 tool to include a source link-layer address option in the Router Solicitation messages that it sends. The link-layer address included in the option is the same as the Ethernet Source Address used for the outgoing Router Solicitation messages.
.TP
\-\-flood\-sources, \-F
This option instructs the rs6 tool to send Neighbor Solicitations from multiple (and random) IPv6 Source Addresses. The number of different sources is specified as "\-F number". The IPv6 Source Address of each Router Solicitation is a randomized from the IPv6 prefix specified with the "\-s" option, and defaults to a random link-local unicast address (fe80::/64).
.TP
\-\-loop, \-l
This option instructs the rs6 tool to send periodic Router Solicitations to the destination node. The amount of time to pause between sending Neighbor Solicitations can be specified by means of the "\-z" option, and defaults to 1 second.
.TP
\-\-sleep, \-z
This option instructs the rs6 tool to the amount of time to pause between sending Neighbor Solicitations. If left unspecified, it defaults to 1 second.
.TP
\-\-verbose, \-v
This option instructs the rs6 tool to be verbose.
.TP
\-\-help, \-h
Print help information for the rs6 tool.
.SH EXAMPLES
The following sections illustrate typical use cases of the
.B rs6
tool.
\fBExample #1\fR
# rs6 \-i eth0 \-e
Use the network interface "eth0" to send a Router Solicitation using a random link-local unicast IPv6 Source Address and a random Ethernet Source Address, to the IPv6 Destination Address "ff02::2" ("all-routers link-local multicast" address, selected by default) and the Ethernet Destination Address "33:33:00:00:00:02" (selected by default). The Router Solicitation also includes a source link-layer address option, that contains the same Ethernet address as that used for the Ethernet Source Address of the packet.
\fBExample #2\fR
# rs6 \-i eth0 \-e \-F 100 \-l \-z 10 \-v
Send 100 Router Solicitation messages using a random Ethernet Source Address and random IPv6 Source Address for each of them, to the Ethernet Destination Address "33:33:00:00:00:02" (default) and the IPv6 Destination Address "ff02:2" (default). Each message includes a source link-layer address option that contains the same link-layer address as that used for the Ethernet Source Address of the packet. Repeat this operation every ten seconds. Be verbose.
\fBExample #3\fR
# rs6 \-i eth0 \-d fe80::1 \-E ff:ff:ff:ff:ff:ff \-v
Send one Router Solicitation message using a random Ethernet Source Address and a random link-local unicast (i.e., fe80::/64) IPv6 Source Address, to the Ethernet Destination Address "33:33:00:00:00:02" (default) and the IPv6 Destination Address "fe80::1". Each Router Solicitation includes a source link-layer address option that contains the Ethernet address "ff:ff:ff:ff:ff:ff". Be verbose.
.SH SEE ALSO
"Security/Robustness Assessment of IPv6 Neighbor Discovery Implementations" (available at: <http://www.si6networks.com/tools/ipv6toolkit/si6networks-ipv6\-nd-assessment.pdf>) for a discussion of Neighbor Discovery vulnerabilities, and additional examples of how to use the na6 tool to exploit them.
.SH AUTHOR
The
.B rs6
tool and the corresponding manual pages were produced by Fernando Gont
.I <fgont@si6networks.com>
for SI6 Networks
.IR <http://www.si6networks.com> .
.SH COPYRIGHT
Copyright (c) 2011\-2013 Fernando Gont.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being just "AUTHOR" and "COPYRIGHT", with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at
.IR <http://www.gnu.org/licenses/fdl.html> .
This diff is collapsed.
This diff is collapsed.
.TH IPV6TOOLKIT.CONF 5
.SH NAME
ipv6toolkit.conf \- Configuration file for the SI6 Networks' IPv6 address monitoring daemon (ipv6mon)
.SH SYNOPSIS
.B /etc/ipv6toolkit.conf
.SH DESCRIPTION
This file controls the operation of the
.B SI6 Networks' IPv6 Toolkit
\[char46] It aloows the system administrator to configure parameters such as:
.TS
tab (@);
l l.
@\+ Location of the IEEE OUI database
.TE
The configuration file follows the following general format:
.sp
.RS 4
.nf
# Comments
Variable1=Value1 # Comments
Variable2=Value2
.fi
.RE
The following configuration options are currently supported:
.TP
\fBOUI-Database\fR
This variable specifies the location of the IEEE OUI database. If left unspecified, the IEEE OUI databased is expected to be found "/usr/share/oui.txt". This is a stripped down version of the IEEE OUI list available at <http://standards.ieee.org/develop/regauth/oui/oui.txt>. The tool is able to process the raw file available from the IEEE site (hence the included oui.txt file can be overwritten with a freshly downloaded copy without any additional processing).
.SH EXAMPLES
The following is a sample
.IR ipv6toolkit.conf
file.
.sp
.nf
# SI6 Networks IPv6 Toolkit Configuration File
OUI-Database=/usr/share/ipv6toolkit/oui.txt
.fi
.RE
.SH AUTHOR
The
.B SI6 Networks' IPv6 Toolkit
and the corresponding manual pages were produced by Fernando Gont <fgont@si6networks.com> for SI6 Networks <http://www.si6networks.com>.
.SH COPYRIGHT
Copyright (c) 2011-2013 Fernando Gont.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being just "AUTHOR" and "COPYRIGHT", with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at
.IR <http://www.gnu.org/licenses/fdl.html> .
.TH IPV6TOOLKIT 7
.SH NAME
ipv6toolkit \- An IPv6 security assessment and trouble-shooting toolkit
.SH DESCRIPTION
The SI6 Networks' IPv6 Toolkit is a security assessment and trouble-shooting toolkit for IPv6 networks and implementations. It provides a number of tools to send abitrary IPv6 packets, perform IPv6 address-scans, analyze IPv6 addresses, etc.
The current version of the toolkit includes the following tools:
* addr6
* flow6
* frag6
* icmp6
* jumbo6
* na6
* ni6
* ns6
* ra6
* rd6
* rs6
* scan6
* tcp6
.B addr6
is an IPv6 address analysis and manipulation tool. Given a list of IPv6 addresses, it can filter such list based on different criteria, such as IPv6 address type, IPv6 address scope, IPv6 prefix, etc. Additionally, given a list of IPv6 addresses
.B addr6
can produce statistics on such addresses, including address scopes, types, and type of IPv6 interface identifier.
.B addr6
can also analyze a single address, producing script-friendly output, such that its analysis can be leveraged by other tools or scripts.
.B flow6
allows the security assessment of the IPv6 Flow Label. Essentially, it can be leveraged to assess the Flow Label generation policy of a terget implementation.
.B frag6
is a security assessment tool for the IPv6 fragmentation mechanism. It allows the exploitation of fragmentation-based attacks, and can also be employed to assess the Fragment Identification generation policy, assess support for IPv6 atomic fragments, etc.
.B icmp6
is a security assessment tool for the ICMPv6 protocol. It can easily produce arbitrary ICMPv6 error messages, and includes the capability to generate such messages in response to received traffic.
.B icmp6
can also be used to send crafted ICMPv6 messages of arbitrary type/code combinations.
.B jumbo6
is a secuity assessment tool for IPv6 Jumbograms.
.B na6
is a security assessment tool for attack vectors based on Neighbor Advertisement messages (including Neighbor Cache poisoning attacks, DAD attacks, etc.).
.B ni6
is a security assessment tool for attacks vectors and reconnaissance techniques based on ICMPv6 Node Information messages.
.B ns6
is a security assessment tool for attack vectors based on Neighbor Solicitation messages (including Neighbor Cache poisoning attacks, Neighbor Cahe exhaustion attacks, etc.).
.B ra6
is a security assessment tool for attack vectors based on Router Advertisement messages (including various types of fooding attacks, man-in-the-middle attacks, and Denial of Service attacks, etc.).
.B rd6
is a security assessment tool for attack vectors based on ICMPv6 Redirect messages. It can easily produce arbitrary ICMPv6 Redirect messages, and also includes the capability to generate such messages in response to received traffic.
.B rs6
is a security assessment tool for attack vectors based on Router Solicitation messages.
.B scan6
is a full-fledged IPv6 address scanning tool, which can leverage specific IPv6 address patterns to greatly reduce the search space for "alive" nodes.
.B tcp6
is a security assessment tool for attack vectors based on TCP/IPv6 packets. It can be easily employed to launch classic TCP-based attacks such as SYN-floods, but can also be employed to launch other more complex attacks such as TCO connection floods, etc.
.SH SEE ALSO
.BR ipv6toolkit.conf (5),
.BR addr6 (1),
.BR flow6 (1),
.BR frag6 (1),
.BR icmp6 (1),
.BR jumbo6 (1),
.BR na6 (1),
.BR ni6 (1),
.BR ns6 (1),
.BR ra6 (1),
.BR rd6 (1),
.BR rs6 (1),
.BR scan6 (1),
.BR tcp6 (1)
.SH AUTHOR
The SI6 Networks' IPv6 Toolkit and the corresponding manual pages were produced by Fernando Gont
.I <fgont@si6networks.com>
for SI6 Networks
.IR <http://www.si6networks.com> .
.SH COPYRIGHT
Copyright (c) 2011-2013 Fernando Gont.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being just "AUTHOR" and "COPYRIGHT", with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at
.IR <http://www.gnu.org/licenses/fdl.html> .
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment