Sunday, February 12, 2012

IPv6 pentesting 4. - dos-new-ip6

This tool can be considered as a pair of detect-new-ip6. Similarly it listens for ICMPv6 DAD packets on the network, but if it sees one, it will send a response that this IPv6 address already exists, this way we can reach, that no host will be able to connect to the network - DoS attack.

If you are using BT5 64bit version, as myself, it won't work properly, along with detect-new-ipv6. I managed to get it work only if I started Wireshark, and a capture with it. Unfortunately also Wireshark didn't start properly:

wireshark: error while loading shared libraries: cannot open shared object file: No such file or director

The solution is:
1. Reinstall Wireshark
2. Copy files:

cp /usr/local/lib/ /usr/lib/
cp /usr/local/lib/ /usr/lib/

After that it works properly.

Usage of the tool is similar:

dos-new-ip6 interface

dos-new-ip6 eth0

Part of the related Wireshark output:

And finaly the message on Windows 7, a successful DoS attack:

Update: On BT5 32bit version you also need to run Wireshark in order to get it worked. I suppose it starts a module or process, which the tool doesn't.

No comments: