[support] Security MIPv6 Test

Sebastien Decugis sdecugis at hongo.wide.ad.jp
Thu Apr 9 10:21:55 JST 2009 

Hello,

I don't know any reference about attacks to MIPv6 systems, I think
you'll have to design it yourself.

I never used ettercap, but since it uses libpcap it should support IPv6
or at least require very few modifications to support it.
We have used (and modified) the driftnet software (spy a network and
display images that are transported on it, very visual for a
demonstration), you can find the modified source and pre-compiled
package in the repository (package driftnet6)

You can use scapy6 to forge about anything :) So yes, it can be used to
forge BU.

Here is how I used it to create BU. I have two version, I am not sure
which one is provided in the repository, so please try both:
(of course you'll have to change the addresses in the message)

-> with the old version:

a=IPv6(dst='2001:200:0:849c::9c')/ \
IPv6ExtHdrDestOpt(options=HAO(hoa='2001:200:0:8410:213:72ff:fee5:c73a'))/ \
IPv6MobHdrBU()/ \
AlternateCareofAddress(acoa='2001:200:0:8410:213:72ff:fee5:c73a')

-> with the new version:

a=IPv6(dst='2001:200:0:849c::9c')/ \
IPv6ExtHdrDestOpt(options=HAO(hoa='2001:200:0:8410:213:72ff:fee5:c73a'))/ \
MIP6MH_BU(options=MIP6OptAltCoA(acoa='2001:200:0:8410:213:72ff:fee5:c73a'))


The following might be useful to some people also, here is how I created
UDP-encapsulated BU (for DSMIPv6).
I am not sure that the format is correct anymore though.

bu =IP(src='10.0.1.44', dst='172.16.235.130') / \
UDP(sport=667, dport=666) / \
IPv6(src='2001:200:0:84c4::2', dst='2001:200:0:84c4::1') / \
MIP6MH_BU(mhtime=15, options=MIP6OptCoA4(coa4='10.0.1.44'))

bu.show()

r=sr1(bu)


I hope this helps,
Best regards,
Sebastien.




Brama Subhifajar a écrit :
> dear forum,
>
> I have been testing how security Mobile IPv6 work, now I'm trying to
> make an attack ( false BU, Sniffing, MiTM, and DoS ) for testing RR,
> IP Sec, and Dynamic Key management.
>
> can I have a reference how to make a real attack for MIPv6 ? (tutorial
> or software)
>
> now I'm trying use ettercap but I cant use it because I never try it
> with IPv6, is ettercap working in IPv6 ?
>
> and scapy6 which build in Homeguy, can that software is used to make
> false BU ?
>
> I found some tutorial how to construct BU message using scapy6, but I
> have error :
>
> >>> b1=IPv6()
> >>> b1.src='2000::212:3fff:fead:f081'
> >>> b1.dst='2001::8'
> >>> b1.show()
> >>> b2=IPv6ExtHdrDestOpt(options=[HAO(hoa='2003::1')])  
> >>> b3=b1/b2
> >>> b3.show()
> >>> b4=NonceIndices( olen=4,hni=4, coni=4)                          
> ==>error option NonceIndices is not defined
> >>> b5=BindingAuthData( authenticator=2807)                       
> ==>error option BindingAuthData is not defined
> >>> b6=IPv6MobHdrBU( options=[b4,b5])                           
> ==>error option IPv6MobHdrBU is not defined      
> >>> b_final=b3/b6
> >>> b_final.show()
>
>
> can forum help me...
>
> thank you before.
>
>
>
>
> ------------------------------------------------------------------------
> Berselancar lebih cepat.
> <http://us.lrd.yahoo.com/_ylc=X3oDMTFndmQxc2JlBHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMDM0NjkEdG1fbmV0A1lhaG9vIQ--/SIG=11kadq57p/**http%3A//downloads.yahoo.com/id/internetexplorer/>
> Internet Explorer 8 yang dioptimalkan untuk Yahoo! otomatis membuka 2
> halaman favorit Anda setiap kali Anda membuka browser.Dapatkan IE8 di
> sini! (Gratis)
> <http://us.lrd.yahoo.com/_ylc=X3oDMTFndmQxc2JlBHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMDM0NjkEdG1fbmV0A1lhaG9vIQ--/SIG=11kadq57p/**http%3A//downloads.yahoo.com/id/internetexplorer/>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Support mailing list
> Support at ml.nautilus6.org
> http://ml.nautilus6.org/mailman/listinfo/support
>

More information about the Support mailing list