Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


In this Discussion

Hijacking IPv6 addresses using neighbor solicitations
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hijacking IPv6 addresses using neighbor solicitations

pechspilzpechspilz Member
edited June 2013 in General

I recently noticed an increase in traffic on my VPS. Tcpdump shows lots of ICMP6 neighbour solicitations on my virtual eth0. Since many IPv6 addresses are repeated within a short time (and thus obviously unanswered and unused) I tried to "hijack" one of the addresses and to add them to my eth0. Interestingly, this worked like a charm even though these IP addresses are not assigned to my VPS. I could do some really stupid things using the hijacked IP and all blame would fall to the owner of the /48 (supposedly a VPS on the same node since the solicitations are being sent from a link-local fe80). As long as the real owner doesn't claim his IPv6's the IPv6 DAD won't kick in.

I've never seen any ARP requests on my eth0 (well, except for my own IP MAC), so shouldn't that be the same for ICMP6 neighbor solicitations in a VPS environment?

Comments

  • Maybe he's handing out addresses with radvd or something without knowing it.

Sign In or Register to comment.