./security/ipv6-toolkit, IPv6 security assessment and troubleshooting tool

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.4.1, Package name: ipv6toolkit-1.4.1, Maintainer: agc

The SI6 Networks' IPv6 toolkit is a set of IPv6
security/trouble-shooting tools, that can send arbitrary IPv6-based
packets.

flow6: A tool to perform a security asseessment of the IPv6 Flow Label.
frag6: A tool to perform IPv6 fragmentation-based attacks and to
perform a security assessment of a number of fragmentation-related
aspects.
icmp6: A tool to perform attacks based on ICMPv6 error messages.
jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms.
na6: A tool to send arbitrary Neighbor Advertisement messages.
ni6: A tool to send arbitrary ICMPv6 Node Information messages, and
assess possible flaws in the processing of such packets.
ns6: A tool to send arbitrary Neighbor Solicitation messages.
ra6: A tool to send arbitrary Router Advertisement messages.
rd6: A tool to send arbitrary ICMPv6 Redirect messages.
rs6: A tool to send arbitrary Router Solicitation messages.
scan6: An IPv6 address scanning tool.
tcp6: A tool to send arbitrary TCP segments and perform a variety of
TCP-based attacks.


Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 458.373 KB

Version history: (Expand)


CVS history: (Expand)


   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2013-09-09 08:42:45 by Alistair G. Crooks | Files touched by this commit (4)
Log message:
Update security/ipv6-toolkit to version 1.4.1

Changes since previous version:

	SI6 Networks' IPv6 Toolkit v1.4.1

	   * frag6: Fixed bug that prevented Ethernet header from being filled
	     A bug in the code caused Ethernet frames to go on te wire without any of
	     their header fields completed.

	   * All: Use of library to avoid code replication
	     An "libipv6" library was created, such that common functions do \ 
not need
	     to be replicated for each tool. ni6, ns6, rs6, and tcp6 now employ such
	     library.

pkgsrc changes:

	* address6 and its man page are no longer installed

	* extend the Makefile changes to include the correct linkage for rs6 and tcp6
	  i.e. include the libipv6 object mentioned above
   2013-08-31 21:16:51 by Alistair G. Crooks | Files touched by this commit (1)
Log message:
Remove patch that's no longer needed
   2013-08-31 21:14:47 by Alistair G. Crooks | Files touched by this commit (2) | Package updated
Log message:
update security/ipv6-toolkit to version 1.4nb1

code was added to fix the compiler uninitialised warning (thanks!),
but the distfile name didn't change since it was packaged originally,
so do the DIST_SUBDIR dance, and bump package version to nb1
   2013-08-24 18:12:24 by Alistair G. Crooks | Files touched by this commit (4)
Log message:
Update ipv6-toolkit to version 1.4 from 1.3.4

Pkgsrc changes:
+ quieten warnings from gcc 4.5.3 about uninitialised variables

Distribution changes:
SI6 Networks' IPv6 Toolkit v1.4 release

   * frag6: Fixed the flooding option
     Fixed the fragment size used when employing the flooding option. It was
     prevously sending fragment sizes that where not a multiple of eight, and
     hence these fragments were dropped.

   * scan6: Added support for 64-bit encoding of IPv4 addresses
     Option "--tgt-ipv4" was augmented to support both encodings (32 bit
     and 64 bit) of embedded IPv4 addresses.

   * tcp6: Fixed response to Neighbor Solicitations
     tcp6 was not responding to incomming Neighbor Solicitations. Hence, when
     packets were sent from spoofed addresses, tcp6 would never receive the
     response packets, because the NSs sent by the local router or target node
     would never be responded.

   * tcp6: Added support for TCP Window-based attacks
     tcp6 can now close the window after sending an app-layer command, and
     also "modulate" the TCP window to circumvent trivial mitigations \ 
for these
     attacks ("--window-mode" and "--win-modulate" options).

   * tcp6: Support for multiple connection-establishment types
     tcp6 can now cause e.g. TCP simultaneous opens (see the "--open-mode"
     option).

   * tcp6: Support for multiple connection-termination types
     tcp6 can now perform multiple connection-termination types (see the
     "--close-mode" option).

   * tcp6: Support for sending application layer requests
     tcp6 can now send application-layer requests with the "--data" option.

   * Many improvements to the manual pages.
     Fixed the troff encoding of many manual pages. Added ipv6toolkit(7), that
     describes a general description of the toolkit.

   * All: Fixed bug in link-layer destination address selection
     Tools now try to find a local router or perform Neighbor Discovery only
     when necessary (i.e., underlying link-layer is *not* loopback or tunnel,
     destination address is *not* link-local, and a link-layer destination
     address has *not* been specified).

   * All: Fixed bug in option handling
     Incorrect data type was used for the return value of getopt_long(), thus
     leading to problems in some architectures.

   * All: Fixed a number of issues with pcap_next_ex()
     The timeout parameter of pcap_next_ex() is now based on the platform (the
     previous constant value had different semantics in different platforms).
     Additionally, handle the case where pcap_next_ex() returns no packets.

   * All: General improvements and clean-up
     The development process now includes building the toolkit with the clang
     compiler (in addition to gcc), which has lead to the identification of a
     number of issues.

   * All: Improved support for building the toolkit.
     The toolkit now contains one makefile for pmake, and another for GNU make.
     Added support for the DESTDIR variable. Appropriate paths are selected
     based on the value of a number of variables. Configuration file is
     dynamically generated, with the right path to the oui.txt file.
   2013-05-11 23:15:55 by Alistair G. Crooks | Files touched by this commit (2)
Log message:
Allow this package to be cross-built too - take the compiler from
the environment if it's there.