Nmap Development mailing list archives
Re: [NSE script] IPv6 RA flood
From: David Fifield <david () bamsoftware com>
Date: Fri, 14 Sep 2012 23:40:21 -0700
On Sat, May 05, 2012 at 05:49:52PM +0200, Adam Števko wrote:
Hi guys, IPv6 deployment is on the rise and there are some protocol vulnerabilities. One of them is flooding network with Router Advertisments causing machines to recompute route table entries leading to 100% CPU utilization. Based on my testing, I found these platforms vulnerable: Windows (was unusable), Solaris (was usable, but the console lagged a bit). Linux and FreeBSD were unaffected (issue was fixed few days later it was announced). This work is inspired by THC IPv6 suite. In the future I would like to add support for packet fragmentation and giving ability to bypass RA Guard, work on more NSE scripts inspired by tools from THC IPv6 suite and commit them to nmap script library. Script URL: https://bitbucket.org/xenol/nse-scripts/src/0c9b7397daeb/ipv6-ra-flood.nse
Hi Adam. I'm sorry this script has been ignored for so long. I changed the script's imports to run under Lua 5.2 and tried it. It pegged a Windows 7 CPU at 100% almost immediately, and continued to do so after I killed the Nmap process. It works as advertised. I'd like to add this script if you'll make just a few simple changes. Update the code to Lua 5.2; this may be as simple as changing the require statements. A guide is here: https://secwiki.org/w/Nmap/Lua_5.2. Don't just choose the first interface from the list if no argument was given; abort the script. See the prerule of url-snarf for an example. Since the effect, at least on Windows 7, appears to be persistent, do you think the script should have a default time limit? It wouldn't be the first script that runs forever, but I think people are still surprised when a script does that. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 14)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 19)
- Re: [NSE script] IPv6 RA flood Adam Števko (Sep 23)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 23)
- Re: [NSE script] IPv6 RA flood Adam Števko (Sep 23)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 23)
- Re: [NSE script] IPv6 RA flood Adam Števko (Sep 23)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 19)