Nmap Development mailing list archives
Re: [NSE script] IPv6 RA flood
From: David Fifield <david () bamsoftware com>
Date: Wed, 19 Sep 2012 17:53:46 -0700
On Fri, Sep 14, 2012 at 11:40:21PM -0700, David Fifield wrote:
On Sat, May 05, 2012 at 05:49:52PM +0200, Adam Števko wrote:Hi guys, IPv6 deployment is on the rise and there are some protocol vulnerabilities. One of them is flooding network with Router Advertisments causing machines to recompute route table entries leading to 100% CPU utilization. Based on my testing, I found these platforms vulnerable: Windows (was unusable), Solaris (was usable, but the console lagged a bit). Linux and FreeBSD were unaffected (issue was fixed few days later it was announced). This work is inspired by THC IPv6 suite. In the future I would like to add support for packet fragmentation and giving ability to bypass RA Guard, work on more NSE scripts inspired by tools from THC IPv6 suite and commit them to nmap script library. Script URL: https://bitbucket.org/xenol/nse-scripts/src/0c9b7397daeb/ipv6-ra-flood.nseHi Adam. I'm sorry this script has been ignored for so long. I changed the script's imports to run under Lua 5.2 and tried it. It pegged a Windows 7 CPU at 100% almost immediately, and continued to do so after I killed the Nmap process. It works as advertised. I'd like to add this script if you'll make just a few simple changes. Update the code to Lua 5.2; this may be as simple as changing the require statements. A guide is here: https://secwiki.org/w/Nmap/Lua_5.2. Don't just choose the first interface from the list if no argument was given; abort the script. See the prerule of url-snarf for an example.
Adam made some changes and I committed the script from https://bitbucket.org/xenol/nse-scripts/raw/6d3ad48e6251/ipv6-ra-flood.nse. Adam, you say you will add in a default time limit. When that is ready, the best way for you to send it to us is as a patch on this mailing list. I would also like to ask you to elaborate a bit more (1 or 2 sentences) ni the description, stating which operating systems are known to be vulnerable. There should be at least one link to a vulnerability advisory or something similar. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 14)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 19)
- Re: [NSE script] IPv6 RA flood Adam Števko (Sep 23)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 23)
- Re: [NSE script] IPv6 RA flood Adam Števko (Sep 23)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 23)
- Re: [NSE script] IPv6 RA flood Adam Števko (Sep 23)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 19)