IPv6 tools

14,215 views
14,071 views

Published on

These are a few tools that we are using during my advanced IPv6 Training and in particular the "Hacking and Protecting IPv6 Networks"
Enjoy!

http://www.ipv6forlife.com/modulation/IPv6HackSecu4.html

1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total views
14,215
On SlideShare
0
From Embeds
0
Number of Embeds
9,693
Actions
Shares
0
Downloads
120
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

IPv6 tools

  1. 1. Some IPv6 ToolsAs a Short Preview of the Hacking & ProtectingIPv6 Networks Training funtime…Fred Bovy.Copyright IPv6 For Life!
  2. 2. iperfTraffic Generator To test firewall rules andperformance
  3. 3. Iperf to test the networkperformances¡  One End is started as a server¡  One End as a client¡  Iperf is a traffic generator to test the IP or IPv6 Network Performances¡  Usefull to test a firewall rules¡  TCP or UDP and Port number can be given to the CLI
  4. 4. Iperf –V to test IPv6ClientReport bugs to <iperf-users@lists.sourceforge.net>root@ks363021:~# iperf -c 2001:41d0:8:68dd:1:2:3:4 -V -u -t 30 -i 1 -b 5M -p 25------------------------------------------------------------Client connecting to 2001:41d0:8:68dd:1:2:3:4, UDP port 25Sending 1470 byte datagramsUDP buffer size: 122 KByte (default)------------------------------------------------------------[ 3] local 2001:41d0:1:f24a:1:2:3:4 port 48738 connected with 2001:41d0:8:68dd:1:2:3:4 port 25[ ID] Interval Transfer Bandwidth[ 3] 0.0- 1.0 sec 612 KBytes 5.01 Mbits/sec[ 3] 1.0- 2.0 sec 610 KBytes 5.00 Mbits/sec[ 3] 2.0- 3.0 sec 610 KBytes 5.00 Mbits/sec[ 3] 3.0- 4.0 sec 610 KBytes 5.00 Mbits/secSERVERroot@ns3000172# iperf -s -V -u -B 2001:41d0:8:68dd:1:2:3:4 25------------------------------------------------------------Server listening on UDP port 25Binding to local address 2001:41d0:8:68dd:1:2:3:4Receiving 1470 byte datagramsUDP buffer size: 122 KByte (default)------------------------------------------------------------
  5. 5. Nmap Port ScannerPort Scanner
  6. 6. nmap -6 to scan open openport with IPv6root@ks363021:~# nmap -6 2001:41d0:8:68dd:1:2:3:4Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-26 18:02 CESTInteresting ports on ipv6forlife.com (2001:41d0:8:68dd:1:2:3:4):Not shown: 993 filtered portsPORT STATE SERVICE20/tcp closed ftp-data21/tcp open ftp22/tcp open ssh25/tcp open smtp53/tcp open domain80/tcp open http443/tcp open httpsNmap done: 1 IP address (1 host up) scanned in 4.49 secondsroot@ks363021:~#
  7. 7. ScapyA powerfull multi-function tool
  8. 8. What is Scapy?“Scapy is a powerful interactive packet manipulation program.It is able to forge or decode packets of a wide number ofprotocols, send them on the wire, capture them, matchrequests and replies, and much more. It can easily handle most classical tasks like scanning,tracerouting, probing, unit tests, attacks or network discovery(it can replace hping, 85% of nmap, arpspoof, arp-sk, arping,tcpdump, tethereal, p0f, etc.).It also performs very well at a lot of other specific tasks that mostother tools cant handle, like sending invalid frames, injectingyour own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encryptedchannel ...), etc.” (Sourced from https://www.secdev.org/projects/Scapy/).
  9. 9. Scapy installation¡  Scapy is python application which uses many libraries.¡  To make sure that you do not forget anything, here is the line command to use:¡  apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx
  10. 10. Scapy: Send a packet>>> send(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/ICMP()/"HelloWorld").Sent 1 packets.>>>¡  send - this tells Scapy that you want to send a packet (just a single packet)¡  IPv6 - the type of packet you want to create, in this case an IPv6 packet¡  (dst=” 2001:41d0:8:68dd:1:2:3:4”) - the destination to send the packet to (in this case my router)¡  /ICMP() - you want to create an ICMP packet with the default values provided by Scapy¡  /”HelloWorld”) - the payload to include in the ICMP packet (you don’t have to provide this in order for it to work.
  11. 11. Scapy: Send TCP>>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/TCP(dport=21))Begin emission:Finished to send 1 packets.*Received 1 packets, got 1 answers, remaining 0 packets>>> h(<Results: TCP:1 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0UDP:0 ICMP:0 Other:0>)>>>
  12. 12. Scapy: Send a range of TCP>>> h=sr(IPv6(dst="2001:41d0:8:68dd:1:2:3:4")/TCP(dport=[21,22,80]))Begin emission:*...*Finished to send 3 packets.*Received 6 packets, got 3 answers, remaining 0 packets>>> h(<Results: TCP:3 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:0UDP:0 ICMP:0 Other:0>)>>>
  13. 13. Scapy: Request DNS
  14. 14. Scapy: Sending Hop-by-Hop
  15. 15. Sniff icmp6 packets>>> sniff(iface="eth0", filter="icmp6", count=10)<Sniffed: TCP:4 UDP:0 ICMP:0 Other:6>>>> a=_>>> a.nsummary()0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d30005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400)0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:000007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3)0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:000009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4)>>>
  16. 16. Traceroute>>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.cisco.com","yoda.ipv6forlife.com"])Begin emission:.................*..........*..*.*........*.....*.*..*..*.*...**..*..*.*...*...*.....**....*.........**..*...*.*.*....**..*...**...*......*.*.....*..........**......*........*.*..*.......**...*...*.*...*...**Finished to send 90 packets....*......*....*..*............*.*..*.....**..*....**..*..........*.*....*......**....*..........**.....**.*.....*.....*....*............*.....*......*.................................Received 392 packets, got 79 answers, remaining 11 packets 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww 2a02:26f0:0026:0003:8700:0000:0000:0090 :tcpwww1 2001:41d0:1:f2ff:ff:ff:ff:fe 3 - -2 2001:41d0::a91 3 2001:41d0::aa1 3 2001:41d0::6b1 33 2001:41d0::167 3 2001:41d0::b72 3 -4 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 3 2001:7f8:4::7577:1 35 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 3 2001:7f8:4::51cc:1 36 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 3 2a02:26f0:26:3:8700::90 SA7 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 3 2a02:26f0:26:3:8700::90 SA8 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA9 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA10 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA11 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA12 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA13 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA14 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA15 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA16 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA17 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA18 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA19 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA20 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA21 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA22 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA23 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA24 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA25 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA -26 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90 SA27 2001:41d0:8:68dd:1:2:3:4 SA - 2a02:26f0:26:3:8700::90 SA28 2001:41d0:8:68dd:1:2:3:4 SA - -29 - - 2a02:26f0:26:3:8700::90 SA30 - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA 2a02:26f0:26:3:8700::90 SA(<Traceroute: TCP:67 UDP:0 ICMP:0 Other:12>, <Unanswered: TCP:11 UDP:0 ICMP:0 Other:0>)>>>
  17. 17. Traceroute>>> traceroute6(["2001:41d0:8:68dd:1:2:3:4","www.ipv6.cisco.com","yoda.ipv6forlife.com"])Begin emission:....................................................................................*...........................*.....*.....*......*.*....*..*..*...*....*.*..*...*..*....*....................*......*.*...................*.*..........*..*......*....*..Finished to send 90 packets.....*...*..*..*....*.*.................*..*....*.......*...*.............*.*.*....*...*..*..*.*..........**...*......**..*...*..........*.......*.*..........*.*........*.*....*...*.....Received 436 packets, got 60 answers, remaining 30 packets 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww1 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2001:41d0:1:f2ff:ff:ff:ff:fe 3 2001:41d0:1:f2ff:ff:ff:ff:fd 32 2001:41d0::aa1 3 2001:41d0::a91 3 2001:41d0::aa1 33 2001:41d0::782 3 2001:41d0::171 3 2001:41d0::b72 34 2001:7f8:1::a500:6939:1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 35 2001:470:0:3f::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 36 2001:470:0:128::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 37 2001:470:0:1dd::2 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 38 2001:1890:ff:ffff:12:122:81:110 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA9 2001:1890:ff:ffff:12:122:3:38 3 2001:41d0:8:68dd:1:2:3:4 SA -10 2001:1890:ff:ffff:12:122:1:173 3 - -11 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA12 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA13 - 2001:41d0:8:68dd:1:2:3:4 SA -14 2001:420:1100:6::1 3 - -15 2001:420:1100:2::1 3 - -16 - 2001:41d0:8:68dd:1:2:3:4 SA -17 2001:420:1101:1::a SA - -18 - 2001:41d0:8:68dd:1:2:3:4 SA -19 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA20 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA21 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA22 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA23 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA24 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA -25 2001:420:1101:1::a SA - -26 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA27 2001:420:1101:1::a SA - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA28 - - 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA29 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA -30 - 2001:41d0:8:68dd:1:2:3:4 SA -(<Traceroute: TCP:38 UDP:0 ICMP:0 Other:22>, <Unanswered: TCP:30 UDP:0 ICMP:0 Other:0>)>>>
  18. 18. Display the packet again>>> ans,unans=_>>> unans<Unanswered: TCP:6 UDP:0 ICMP:0 Other:0>>>> unans.show()0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:irc > 2001:41d0:0008:68dd:0001:0002:0003:0004:www S0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:7363 > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www S0002 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:35159 > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www S0003 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:3113 > 2001:0420:1101:0001:0000:0000:0000:000a:www S0004 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:15173 > 2001:0420:1101:0001:0000:0000:0000:000a:www S0005 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:27103 > 2001:0420:1101:0001:0000:0000:0000:000a:www S>>> ans.show() 2001:0420:1101:0001:0000:0000:0000:000a :tcpwww 2001:41d0:0008:68dd:0001:0002:0003:0004 :tcpwww 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3 :tcpwww1 2001:41d0:1:f2ff:ff:ff:ff:fd 3 2001:41d0:1:f2ff:ff:ff:ff:fe 3 2001:41d0:1:f2ff:ff:ff:ff:fd 32 2001:41d0::aa1 3 2001:41d0::a91 3 2001:41d0::aa1 33 2001:41d0::782 3 2001:41d0::167 3 2001:41d0::b72 34 2001:7f8:1::a500:6939:1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::163 35 2001:470:0:3f::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2001:41d0::542 36 2001:470:0:128::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e00:2:e::2 37 2001:470:0:1dd::2 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340::1 38 2001:1890:ff:ffff:12:122:81:110 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA9 2001:1890:ff:ffff:12:122:3:38 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA10 2001:1890:ff:ffff:12:122:1:173 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA11 2001:1890:ff:ffff:12:122:28:174 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA12 2001:1890:ff:ffff:12:122:119:9 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA13 2001:1890:c00:8701::11b7:3f7f 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA14 2001:420:1100:6::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA15 2001:420:1100:2::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA16 2001:420:1100:100::1 3 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA17 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA18 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA19 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA20 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA21 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA22 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA23 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA24 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA25 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA26 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA27 - 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA28 2001:420:1101:1::a SA 2001:41d0:8:68dd:1:2:3:4 SA 2a01:e35:2f26:d340:8249:71ff:fe15:69c3 SA29 - 2001:41d0:8:68dd:1:2:3:4 SA ->>>
  19. 19. Ping TCP flag « A »>>> ans,unans=sr(IPv6(dst="yoda.ipv6forlife.com")/TCP(dport=[80,666],flags="A"))Begin emission:..............Finished to send 2 packets...............**Received 30 packets, got 2 answers, remaining 0 packets>>> ans.show()0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www A ==>IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:www > 2001:41d0:1:f24a:1:2:3:4:ftp_data R0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:666 A ==>IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:666 > 2001:41d0:1:f24a:1:2:3:4:ftp_data R>>>>>> ans,unans=sr(IPv6(dst="yoda.ipv6forlife.com")/TCP(dport=[80,25],flags="A"))Begin emission:......Finished to send 2 packets........................*.......*Received 38 packets, got 2 answers, remaining 0 packets>>> ans.show()0000 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:www A ==>IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:www > 2001:41d0:1:f24a:1:2:3:4:ftp_data R0001 IPv6 / TCP 2001:41d0:1:f24a:1:2:3:4:ftp_data > 2a01:0e35:2f26:d340:8249:71ff:fe15:69c3:smtp A ==>IPv6 / TCP 2a01:e35:2f26:d340:8249:71ff:fe15:69c3:smtp > 2001:41d0:1:f24a:1:2:3:4:ftp_data R>>> unans.show()>>>
  20. 20. Sniff packets>>> sniff()^C<Sniffed: TCP:1113 UDP:3 ICMP:0 Other:19>>>>>>> a=_>>> a.nsummary()0000 Ether / IP / TCP 91.121.177.74:ssh > 82.242.109.52:53421 PA / Raw0001 Ether / IP / TCP 82.242.109.52:52586 > 91.121.177.74:8880 A0002 Ether / IP / TCP 82.242.109.52:52586 > 91.121.177.74:8880 PA / Raw[SNIP]>>> a[3]<Ether dst=00:00:0c:07:ac:01 src=38:60:77:d4:fa:d3 type=0x800 |<IP version=4L ihl=5L tos=0x0 len=52 id=52244flags=DF frag=0L ttl=64 proto=tcp chksum=0xa1c5 src=91.121.177.74 dst=82.242.109.52 options= |<TCP sport=8880dport=52586 seq=3851900756 ack=4220157835 dataofs=8L reserved=0L flags=A window=122 chksum=0xcd10 urgptr=0options=[(NOP, None), (NOP, None), (Timestamp, (962435905, 1350247719))] |>>>
  21. 21. Sniff icmp6 packets>>> sniff(iface="eth0", filter="icmp6", count=10)<Sniffed: TCP:4 UDP:0 ICMP:0 Other:6>>>> a=_>>> a.nsummary()0000 Ether / IP / TCP 82.242.109.52:53421 > 91.121.177.74:ssh A0001 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www A0002 Ether / IP / TCP 82.242.109.52:58601 > 91.121.177.74:www PA / Raw0003 Ether / IP / TCP 91.121.177.74:www > 82.242.109.52:58601 A0004 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 38:60:77:d4:fa:d30005 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::21e:79ff:fe1e:d400)0006 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:000007 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: fe80::3a60:77ff:fed4:fad3)0008 Ether / IPv6 / ICMPv6ND_NS / ICMPv6 Neighbor Discovery Option - Source Link-Layer Address 00:1e:79:1e:d4:000009 Ether / IPv6 / ICMPv6 Neighbor Discovery - Neighbor Advertisement (tgt: 2001:41d0:1:f24a:1:2:3:4)>>>
  22. 22. NessusLab/Demo #2
  23. 23. What is Nessus?¡  Nessus is a powerfull Security Scanner¡  It scan a host or a subnet for the host and look for all the system weaknesses which could be used to attack your system¡  It is a great tool to perform a Security Audit before a change in the Network and After
  24. 24. Nessus Scanning Result in Real-time
  25. 25. Nessus Scan Complete
  26. 26. Firewall ASALab/Demo #3
  27. 27. CISCO Firewall¡  PIX Firewall since the early 90s¡  PIX was the #1 IP firewall for many years¡  The #2 was Checkpoint on Windows with its own IP Stack¡  The PIX and now the ASA has its own OS which is much stronger than other Firewalls running on Windows¡  Today FORTINET propose a very powerfull Appliance to compete with ASA
  28. 28. Firewall CISCO ASA Ext Hdr
  29. 29. ASA Firewall ASDM & CLI
  30. 30. ASA Firewall ASDM
  31. 31. SNORTLab with Tools
  32. 32. What is Snort ? Snort is an open source network intrusion detection system, capable of performing real-timetraffic analysis and packet logging on IP networks. It can perform protocol analysis, contentsearching/matching and can be used to detect a variety of attacks and probes, such asbuffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,and much more.Snort uses a flexible rules language to describe traffic that it should collect or pass, as well asa detection engine that utilizes a modular plugin architecture.Snort also has a modular real-time alerting capability, incorporating alerting and loggingplugins for syslog, a ASCII text files, UNIX sockets, database (Mysql/PostgreSQL/Oracle/ODBC)or XML.Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), apacket logger (useful for network traffic debugging, etc), or as a full blown network intrusiondetection system.Snort logs packets in tcpdump(1) binary format, to a database or in Snorts decoded ASCIIformat to a hierarchy of logging directories that are named based on the IP address of the"foreign" host.Log info in Sysloghttp://manual.snort.org/node2.html
  33. 33. SNORT Example from Syslogwhile shutdown hostAug 28 06:46:02 ns3000172 snort[21339]: Breakdown by protocol (includes rebuilt packets):Aug 28 06:46:02 ns3000172 snort[21339]: ETH: 672145 (100.000%)Aug 28 06:46:02 ns3000172 snort[21339]: ETHdisc: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: VLAN: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: IPV6: 107583 (16.006%)Aug 28 06:46:02 ns3000172 snort[21339]: IP6 EXT: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: IP6opts: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: IP6disc: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: IP4: 505375 (75.188%)Aug 28 06:46:02 ns3000172 snort[21339]: IP4disc: 9988 (1.486%)Aug 28 06:46:02 ns3000172 snort[21339]: TCP 6: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: UDP 6: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: ICMP6: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: ICMP-IP: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: TCP: 124453 (18.516%)Aug 28 06:46:02 ns3000172 snort[21339]: UDP: 269581 (40.108%)Aug 28 06:46:02 ns3000172 snort[21339]: ICMP: 91894 (13.672%)Aug 28 06:46:02 ns3000172 snort[21339]: TCPdisc: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: UDPdisc: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: ICMPdis: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: FRAG: 84 (0.012%)Aug 28 06:46:02 ns3000172 snort[21339]: FRAG 6: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: ARP: 59187 (8.806%)Aug 28 06:46:02 ns3000172 snort[21339]: EAPOL: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: ETHLOOP: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: IPX: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: OTHER: 9375 (1.395%)Aug 28 06:46:02 ns3000172 snort[21339]: DISCARD: 12087 (1.798%)Aug 28 06:46:02 ns3000172 snort[21339]: InvChkSum: 70086 (10.427%)Aug 28 06:46:02 ns3000172 snort[21339]: S5 G 1: 0 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: S5 G 2: 1 (0.000%)Aug 28 06:46:02 ns3000172 snort[21339]: Total: 672145Aug 28 06:46:02 ns3000172 snort[21339]:
  34. 34. Snort Utilization¡  Sniffer Mode «  Snort –vde 08/29-01:47:12.381297 6C:9C:ED:BB:BD:80 -> E0:CB:4E:8C:2A:8A type:0x800 len:0x42^C 82.242.109.52:59762 -> 37.59.45.221:22 TCP TTL:54 TOS:0x0 ID:43280 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xAE2BFE00 Ack: 0x3C33BDF7 Win: 0x802C TcpLen: 32 TCP Options (3) => NOP NOP TS: 1653158964 69394 *** Caught Int-Signal Run time prior to being shutdown was 2.419819 seconds =============================================================================== Packet Wire Totals: Received: 1948 Analyzed: 1946 (99.897%) Dropped: 0 (0.000%) Outstanding: 2 (0.103%) =============================================================================== Breakdown by protocol (includes rebuilt packets): ETH: 1946 (100.000%) ETHdisc: 0 (0.000%) VLAN: 0 (0.000%) IPV6: 4 (0.206%) IP6 EXT: 0 (0.000%) IP6opts: 0 (0.000%) IP6disc: 0 (0.000%) IP4: 1942 (99.794%) IP4disc: 335 (17.215%) TCP 6: 0 (0.000%) UDP 6: 0 (0.000%) ICMP6: 0 (0.000%)…
  35. 35. SNMPv3 Over IPV6
  36. 36. SNMP Version 3 ¡  MD5 or SHA Hash for Authetntication not to send password in Clear Text ¡  DES is used to Encrypt/Decrypt SNMP Messages
  37. 37. In SNMPv3no more Manager and Objects but Entities SNMP Entities SNMP Engine Identified by (SnmpEngineID) Message Access Security DISPATCHER Processing Control Subsystems Subsystem Subsystems w Application(s) Command Notification Proxy Generator Receiver Forwarder Command Notification Other Responder Originator
  38. 38. SNMPv3 MinimumParameters¡  Username¡  Security Level «  Some applications require you to explicitly set the security level and others determine it based on the combination of authentication and privacy protocol in use. «  The specified values are noAuthNoPriv, which is no authentication and no privacy, authNoPriv,which is authentication and no privacy,and authPriv, which is authentication and privacy. Note that you cannot have privacy without authentication, but you can have authentication without privacy.
  39. 39. SNMPv6 on IPv6Edit /etc/snmp/snmpd.confrocommunity IPv6ForLife63rocommunity6 IPv6ForLife63syslocation "OVH Datacenter"syscontact fred@ipv6forlife.com#Users CreationcreateUser monitor SHA monitorpwcreateUser engineer MD5 engineerpwcreateUser supervisor MD5 supervisorpw DES supervisorx#Access featuresrouser monitor noauth .1.3.6.1.2.1rouser engineer auth .1.3.6.1.2.1rwuser supervisor auth .1.3.6.1.2.1.1rouser supervisor priv .1.3.6.1.2.1"/etc/snmp/snmpd.conf"Restart the serverroot@ns3000172:/etc/snmp# snmpd udp:161,udp6:161Try the Client locallyroot@ns3000172:/etc/snmp# snmpget -v 3 -u engineer -l authNoPriv -a MD5-A engineerpw localhost .1.3.6.1.2.1.1.6.0SNMPv2-MIB::sysLocation.0 = STRING: "OVH Datacenter”Try with IPv4 Clientroot@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -Aengineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter"”Try with IPv6 Clientroot@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -Aengineerpw udp6:[2001:41d0:8:68dd:1:2:3:4] .1.3.6.1.2.1.1.6.0iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter"”
  40. 40. SNMPv3 AuthNoPrivroot@ubuntu:/home/fred# snmpget -v 3 -u engineer -l authNoPriv -a MD5 -Aengineerpw ns3000172.ovh.net .1.3.6.1.2.1.1.6.0iso.3.6.1.2.1.1.6.0 = STRING: ""OVH Datacenter
  41. 41. SNMPv3 AuthPriv IPv6snmpget -v 3 -u supervisor -l authPriv -a MD5 -A supervisorpw -x DES -Xsupervisorx udp6:[2001:41d0:8:68dd:1:2:3:4] .1.3.6.1.2.1.1.6.0
  42. 42. And this is not finished…¡  More Tools and more fun during the Training.http://ipv6forlife.com/modulation/IPv6HackSecu4.html

×