Nmap Development mailing list archives
Ideas for NSE IPv6
From: Djalal Harouni <tixxdz () opendz org>
Date: Sun, 27 Mar 2011 10:46:17 +0100
Hi, I just got a link to this tool: http://www.thc.org/thc-ipv6/ by THC. To quote THC: "A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6 ..." [1], the tool is under GPL v3. Actually there is a simple tool (file: flood_router6.c) that will cause a DoS on multiple plateforms by using IPv6 Neighbor Discovery Router Advertisement packets [2] (I didn't test it). There are some good ideas out there which I think can be implemented as NSE scripts. Speaking about NSE IPv6, there are some scripts which assume that they are running in the IPv4 mode even if the '-6' option was specified. This is buggy code. Scripts that are using protocols which are available _only_ in one mode IPv4 or IPv6, can call the nmap.address_family() function, check the returned string 'inet' or 'inet6' and fail silently with a debug message. [1] http://www.thc.org/thc-ipv6/ [2] http://www.securityfocus.com/bid/45760/info -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ideas for NSE IPv6 Djalal Harouni (Mar 27)
- Re: Ideas for NSE IPv6 David Fifield (Mar 27)
- Re: Ideas for NSE IPv6 Henri Doreau (Mar 27)
- Re: Ideas for NSE IPv6 David Fifield (Mar 27)