Nmap Development mailing list archives

Re: [NSE script] IPv6 RA flood

From: David Fifield <david () bamsoftware com>
Date: Wed, 19 Sep 2012 17:53:46 -0700

On Fri, Sep 14, 2012 at 11:40:21PM -0700, David Fifield wrote:

On Sat, May 05, 2012 at 05:49:52PM +0200, Adam Števko wrote:

Hi guys,

IPv6 deployment is on the rise and there are some protocol
vulnerabilities. One of them is flooding network with Router
Advertisments causing machines to recompute route table entries
leading to 100% CPU utilization.  Based on my testing, I found these
platforms vulnerable: Windows (was unusable), Solaris (was usable, but
the console lagged a bit). Linux and FreeBSD were unaffected (issue
was fixed few days later it was announced). This work is inspired by
THC IPv6 suite. 

In the future I would like to add support for packet fragmentation and
giving ability to bypass RA Guard, work on more NSE scripts inspired
by tools from THC IPv6 suite and commit them to nmap script library.

Script URL: https://bitbucket.org/xenol/nse-scripts/src/0c9b7397daeb/ipv6-ra-flood.nse


Hi Adam. I'm sorry this script has been ignored for so long.

I changed the script's imports to run under Lua 5.2 and tried it. It
pegged a Windows 7 CPU at 100% almost immediately, and continued to do
so after I killed the Nmap process. It works as advertised.

I'd like to add this script if you'll make just a few simple changes.
Update the code to Lua 5.2; this may be as simple as changing the
require statements. A guide is here: https://secwiki.org/w/Nmap/Lua_5.2.
Don't just choose the first interface from the list if no argument was
given; abort the script. See the prerule of url-snarf for an example.


Adam made some changes and I committed the script from
https://bitbucket.org/xenol/nse-scripts/raw/6d3ad48e6251/ipv6-ra-flood.nse.

Adam, you say you will add in a default time limit. When that is ready,
the best way for you to send it to us is as a patch on this mailing
list.

I would also like to ask you to elaborate a bit more (1 or 2 sentences)
ni the description, stating which operating systems are known to be
vulnerable. There should be at least one link to a vulnerability
advisory or something similar.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE script] IPv6 RA flood David Fifield (Sep 14)
- Re: [NSE script] IPv6 RA flood David Fifield (Sep 19)
  - Re: [NSE script] IPv6 RA flood Adam Števko (Sep 23)
    - Re: [NSE script] IPv6 RA flood David Fifield (Sep 23)
    - Re: [NSE script] IPv6 RA flood Adam Števko (Sep 23)
    - Re: [NSE script] IPv6 RA flood David Fifield (Sep 23)
- Re: [NSE script] IPv6 RA flood Adam Števko (Sep 20)