sylkie: IPv6 Address Spoofing
iSpeech
A command line tool and library for testing networks for common address spoofing security vulnerabilities in IPv6 networks using the Neighbor Discovery Protocol.
Dependencies
Basic usage
The following describes the basic usage of sylkie. Run sylkie -h or sylkie <subcommand> -h for more details.
DoS (Router Advert)
The basic usage of the sylkie router advert command is listed below. This command will send a Router Advertisement message to the given ip or the all nodes multicast addres causing the targeted nodes to remove <router-ip>/<prefix>from their list of default routes.
sylkie ra -interface <interface> \
--target-mac <mac of router> \
--router-ip <ip of router> \
--prefix <router prefix> \
--timeout <time between adverts> \
--repeat <number of times to send the request>
}
How it works:
The router advert (ra) command attempts to DoS a network by sending “forged” Router Advertisement messages to either a targeted address (if one is provided) or the link local scope all-nodes address ff02::1. The “forged” Router Advertisement contains Prefix Information with the lifetimes set to 0. The message also contains the Source Link-Layer Address. This should cause the targeted address or all link local nodes to remove the targetted router from the list of default routes.
[adsense size='1']
Address spoofing (Neighbor Advert)
sylkie na -i <interface> \
--dst-mac <dest hw addr> \
--src-ip <source ip> \
--dst-ip <dest ip address> \
--target-ip <target ip address> \
--target-mac <target mac address> \
--timeout <time betweeen adverts> \
--repeat <number of times to send the request>
Gloss