Project 11x: Rogue RA Attack with npg on Windows (10 pts.)

What you need

Isolating the Network

This attack will affect all Windows machines in your LAN, so work isolated. You can physically isolate your computers with a router, or use two virtual machines in NAT networking mode.

Make sure the Attacker and Target machines are on the same network, but no other Windows machines are on the same network.

Install WireShark on the Attacker

On the Attacker Windows machine, open a Web browser and go to http://www.wireshark.org/download.html

Click "Windows Installer (32-bit)". Download and install Wireshark with the default options. This will also instll WinPcap, which npg needs.

Downloading the Packet File on the Attacker

On the Attacker Windows machine, open a Web browser and go to http://samsclass.info

Click 'CNIT 124". Click "Projects". Just below "Project 11x", right-click the "ra-attack,txt" link, as shown below on this page. Save the file on your desktop.

Downloading and Unzipping npg on the Attacker

npg is the main tool we need. This is a very simple tool--it takes raw hexadecimal and sends it out the network card as it is. That means you can send any desired type of network traffic without Windows getting in the way! It also means you need to build your packets yourself, the activity known as "packet crafting".

On the Attacker Windows machine, open a Web browser and go to http://www.wikistc.org/wiki/Network_packet_generator

Scroll to the bottom of the page and right-click the "Download npg1.3.0.zip beta" link. Save the zip file on your desktop.

Minimize all windows. Right-click the zip file and click "Extract All". In the "Extract Compressed (Zipped) Folders" box, enter a destination folder of "C:\tools", as shown below on this page. Click the "Extract" button.

Moving the Packet File to the bin Folder

On the Attacker Windows machine, you should see a C:\Tools window, with a "bin" folder in it. Drag the ra-attack.txt file from your desktop into the "bin" folder.

Preparing the Target Machine

On the Target Windows machine, open a Command Prompt window and execute the IPCONFIG command. You should see only one IPv6 address on the network interface that goes to your LAN, as shown below on this page.

On the Target Windows machine, right-click the Taskbar and click "Start Task Manager". Click the "Performance" tab. The CPU should be near 0%, as shown below on this page.

Running the Attack on the Attacker

On the Attacker Windows machine, click Start, type in CMD, and press Shift+Ctrl+Enter. If a "User Account Control" box appears, click "Yes".

In the "Administrator Command Prompt" window, execute these commands. The first command protects your Attacker machine from its own attack.

netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disabled

c:

cd \tools\bin

npg -vv -f ra-attack.txt

A prompt appears asking which network interface to use, as shown below on this page. Select the network interface you are using, and enter its number. Press the Enter key to start the attack.

Observing the Effect on the Target

The CPU should rapidly rise to 100% on the Target, as shown below on this page.

Viewing the Autoconfigured IP Addresses on the Target Machine

On the Attacker Windows machine, press Ctrl+C to stop the attack.

On the Target Windows machine, in the Command Prompt, execute the IPCONFIG command. You should see many IPv6 addresses, starting with dead:, as shown below on this page.

Capturing the Screen Image

Make sure you can see the dead: addresses, as shown above on this page. Save a screen image with a filename of "Proj 11x from YOUR NAME".

Turning in Your Project

Email the image to [email protected] with a Subject line of Proj 11x from Your Name.


Last modified: 4-5-11 10 am