Wiki¶

The Pcap files were recorded on the router in the testbed described by the following picture.

For the recording were only 4 Nodes used. The Nodes were used for different roles according to each attack vector.
The 4 Machines had during the recording the following addresses:

Atacker (Max Laptop): 2001:db8:1::2 or 2001:db8:2::2
Client (Node1): 2001:db8:1::1 or Slaac (2001:db8:1:0:6600:6aff:fe5b:8f4a)
Server (Node2): 2001:db8:1::5 or 2001:db8:2:2
Router (Node3): 2001:db8:1::3 and 2001:db8:2::3

They were recorded via tcpdump with the following command:

tcpdump -i eno1 -nn -e -vv ip6 -s 0 -w filename.pcap

eno1 is the "inside" Router interface with the static ipv6 address 2001:db8:1::3.

The following additional Addresses were used:

Router "inside (2001:db8:1::3)":

LL: fe80::6600:6aff:fe5b:8eb3/64
MAC: 64:00:6a:5b:8e:b3

Router "outside (2001:db8:2::3)":

LL: fe80::215:17ff:febf:483e
MAC: 00:15:17:bf:48:3e

Client:

LL: fe80::6600:6aff:fe5b:8f4a
MAC: 64:00:6a:5b:8f:4a

Server:

LL: fe80::6600:6aff:fe5b:8952
MAC: 64:00:6a:5b:89:52

Attacker:

LL: fe80::250:b6ff:fe19:e650
MAC: 00:50:b6:19:e6:50
LL: fe80::223:55ff:fe9c:7326
MAC: 00:23:55:9c:73:26

We used Radvd on the Linux Router:
radvd.conf

interface eno1
{
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvDefaultPreference low;
        AdvHomeAgentFlag off;
        prefix 2001:db8:1:0::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };
};

interface enp4s0f0
{
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        AdvDefaultPreference low;
        AdvHomeAgentFlag off;
        prefix 2001:db8:2:0::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };
};

For MLD Routing MRD6 was used with the following Configuration:

/* MRD example configuration file */

log {
    /* Logs are controlled via the 'attach' method */
    /* syntax (one of):

       attach syslog [level]
       attach stderr [level]
       attach name filename [level]

       where level is one of:
        quiet, normal, verbose, debug or extradebug
     */
    attach stderr normal;
    attach default "mrd.log" debug;
}

load-module console;
load-module mld;
load-module pim;

console {
    /* Allow access from any host with admin/admin */
    /* allow-access admin admin any; */

    /* Command format: */
    /* allow-access [username [password [address mask]]]; */
}

/* Global pim variable configuration */
pim {
    /* we want to be a BSR candidate */
    enable bsr-candidate;
    /* we want to be a RP candidate */
    enable rp-candidate;
}

/* Groups configuration */
groups {
    /* group mask */
    ff0e::/16 {
        pim {
            /* include this group mask in our RP adv */
            enable rp_adv;
        }
    }
    ff12::/16 {
        pim {
            /* include this group mask in our RP adv */
            enable rp_adv;
        }
    }
}

And for static multicast routes smcroutes was used and the corresponding ip commands.
smcroute:

mgroup from eno1 group ff0E::123
mroute from eno1 group ff0E::123 source 2001:db8:1::1 to enp4s0f0

ip command for verifícation:

ip -6 ma
ip -6 mroute

Files (1)

Project

General

Profile

Betriebssysteme und Verteilte Systeme » IDSv6 Benchmark: Pcap Suite for IPv6

Wiki

Wiki¶