Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Google Summer of Code 2012 project, supported by The Honeynet Project organization.
Python
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
common
conf
log
pcap
.gitignore
6guard.py
README.md
conf_generator.py

README.md

6Guard (IPv6 attack detector)

Description

6Guard is an IPv6 attack detector aiming at link-local level security threats, including most attacks initiated by the THC-IPv6 suit and the advanced host discovery methods used by Nmap. It can help the network administrators detect the link-local IPv6 attacks in the early stage.

6Guard is sponsered by Google Summer of Code 2012 and supported by The Honeynet Project organization. The project page is at Project 9 - IPv6 attack detector (Xu).

Here is an example of the attacking alert message provided by 6Guard.

[ATTACK]
Timestamp: 2012-08-19 14:48:27
Reported by: Honeypot-apple-2A:C4:2D
Type: DoS
Name: Fake Echo Request
Attacker: [Unknown]  00:00:de:ad:be:ef (CETIA)
Victim  : [Honeypot-apple-2A:C4:2D]  40:3C:FC:2A:C4:2D (Apple, Inc.)
Utility: THC-IPv6: smurf6
Packets: b12fe3415c1d61c1da085cb8811974a2.pcap

Installation

  1. Download and install Scapy in your machine. (Or apt-get install python-scapy)
  2. Download the latest code from Github/mzweilin/ipv6-attack-detector and extract it into a directory.

Usage

  1. Enter the directory of 6Guard.
  2. Run $ sudo ./conf_generator.py to generate the configuration files.
  3. Run $ sudo ./6guadrd.py.

Note

  • If it is the first time running 6guard, it will remind you to choice a genuine Router Advertisement message.
  • The attacking alert message will be printed in the screen in real time.
  • The attacking alert message will be also stored in the log file './log/attack.log'.'
  • The attacking alert message includes an item 'Packets', telling which pcap file in './pcap/' is the related one that can be reviewd in Wireshark.
Something went wrong with that request. Please try again.