./security/ipv6-toolkit, IPv6 security assessment and troubleshooting tool

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.1, Package name: ipv6toolkit-1.4.1, Maintainer: agc

The SI6 Networks' IPv6 toolkit is a set of IPv6
security/trouble-shooting tools, that can send arbitrary IPv6-based
packets.

flow6: A tool to perform a security asseessment of the IPv6 Flow Label.
frag6: A tool to perform IPv6 fragmentation-based attacks and to
perform a security assessment of a number of fragmentation-related
aspects.
icmp6: A tool to perform attacks based on ICMPv6 error messages.
jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms.
na6: A tool to send arbitrary Neighbor Advertisement messages.
ni6: A tool to send arbitrary ICMPv6 Node Information messages, and
assess possible flaws in the processing of such packets.
ns6: A tool to send arbitrary Neighbor Solicitation messages.
ra6: A tool to send arbitrary Router Advertisement messages.
rd6: A tool to send arbitrary ICMPv6 Redirect messages.
rs6: A tool to send arbitrary Router Solicitation messages.
scan6: An IPv6 address scanning tool.
tcp6: A tool to send arbitrary TCP segments and perform a variety of
TCP-based attacks.


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 09a90562c7cfe5849b11479daadc5416b03effc6
RMD160: 43ff67290223a79e5cd58a5dd5801dc52f0ae245
Filesize: 458.373 KB

Version history: (Expand)


CVS history: (Expand)


   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2013-09-09 08:42:45 by Alistair G. Crooks | Files touched by this commit (4) | Package updated
Log message:
Update security/ipv6-toolkit to version 1.4.1

Changes since previous version:

	SI6 Networks' IPv6 Toolkit v1.4.1

	   * frag6: Fixed bug that prevented Ethernet header from being filled
	     A bug in the code caused Ethernet frames to go on te wire without any of
	     their header fields completed.

	   * All: Use of library to avoid code replication
	     An "libipv6" library was created, such that common functions do \ 
not need
	     to be replicated for each tool. ni6, ns6, rs6, and tcp6 now employ such
	     library.

pkgsrc changes:

	* address6 and its man page are no longer installed

	* extend the Makefile changes to include the correct linkage for rs6 and tcp6
	  i.e. include the libipv6 object mentioned above
   2013-08-31 21:16:51 by Alistair G. Crooks | Files touched by this commit (1)
Log message:
Remove patch that's no longer needed
   2013-08-31 21:14:47 by Alistair G. Crooks | Files touched by this commit (2) | Package updated
Log message:
update security/ipv6-toolkit to version 1.4nb1

code was added to fix the compiler uninitialised warning (thanks!),
but the distfile name didn't change since it was packaged originally,
so do the DIST_SUBDIR dance, and bump package version to nb1
   2013-08-24 18:12:24 by Alistair G. Crooks | Files touched by this commit (4) | Package updated
Log message:
Update ipv6-toolkit to version 1.4 from 1.3.4

Pkgsrc changes:
+ quieten warnings from gcc 4.5.3 about uninitialised variables

Distribution changes:
SI6 Networks' IPv6 Toolkit v1.4 release

   * frag6: Fixed the flooding option
     Fixed the fragment size used when employing the flooding option. It was
     prevously sending fragment sizes that where not a multiple of eight, and
     hence these fragments were dropped.

   * scan6: Added support for 64-bit encoding of IPv4 addresses
     Option "--tgt-ipv4" was augmented to support both encodings (32 bit
     and 64 bit) of embedded IPv4 addresses.

   * tcp6: Fixed response to Neighbor Solicitations
     tcp6 was not responding to incomming Neighbor Solicitations. Hence, when
     packets were sent from spoofed addresses, tcp6 would never receive the
     response packets, because the NSs sent by the local router or target node
     would never be responded.

   * tcp6: Added support for TCP Window-based attacks
     tcp6 can now close the window after sending an app-layer command, and
     also "modulate" the TCP window to circumvent trivial mitigations \ 
for these
     attacks ("--window-mode" and "--win-modulate" options).

   * tcp6: Support for multiple connection-establishment types
     tcp6 can now cause e.g. TCP simultaneous opens (see the "--open-mode"
     option).

   * tcp6: Support for multiple connection-termination types
     tcp6 can now perform multiple connection-termination types (see the
     "--close-mode" option).

   * tcp6: Support for sending application layer requests
     tcp6 can now send application-layer requests with the "--data" option.

   * Many improvements to the manual pages.
     Fixed the troff encoding of many manual pages. Added ipv6toolkit(7), that
     describes a general description of the toolkit.

   * All: Fixed bug in link-layer destination address selection
     Tools now try to find a local router or perform Neighbor Discovery only
     when necessary (i.e., underlying link-layer is *not* loopback or tunnel,
     destination address is *not* link-local, and a link-layer destination
     address has *not* been specified).

   * All: Fixed bug in option handling
     Incorrect data type was used for the return value of getopt_long(), thus
     leading to problems in some architectures.

   * All: Fixed a number of issues with pcap_next_ex()
     The timeout parameter of pcap_next_ex() is now based on the platform (the
     previous constant value had different semantics in different platforms).
     Additionally, handle the case where pcap_next_ex() returns no packets.

   * All: General improvements and clean-up
     The development process now includes building the toolkit with the clang
     compiler (in addition to gcc), which has lead to the identification of a
     number of issues.

   * All: Improved support for building the toolkit.
     The toolkit now contains one makefile for pmake, and another for GNU make.
     Added support for the DESTDIR variable. Appropriate paths are selected
     based on the value of a number of variables. Configuration file is
     dynamically generated, with the right path to the oui.txt file.
   2013-05-11 23:15:55 by Alistair G. Crooks | Files touched by this commit (2)
Log message:
Allow this package to be cross-built too - take the compiler from
the environment if it's there.
   2013-04-18 06:23:17 by Alistair G. Crooks | Files touched by this commit (4) | Package updated
Log message:
Update security/ipv6-toolkit from version 1.3.3 to 1.3.4

Changes from previous version:
   * IPv6-host tracking support in the scan6 tool.
   * A new tool, address6, to analyze IPv6 addresses
   * Minor bug fixes
   * PDF manual pages have been removed
   * additional manual pages

pkgsrc changes:
   * patch to avoid "uninitialised variable" warning from compiler
   2013-03-12 21:32:00 by Alistair G. Crooks | Files touched by this commit (2) | Package updated
Log message:
Update security/ipv6-toolkit to version 1.3.3

	This minor update incorporates the "--tgt-known-iids" option, which
	can be used to track systems across networks, even if they employ the
	so-called "Privacy Address" (and yes, that includes Microsoft Windows
	systems).