Community discussions

MUM Europe 2020
 
User avatar
k.untner
just joined
Topic Author
Posts: 7
Joined: Sat Feb 18, 2006 9:42 pm
Location: vienna /austria / europe
Contact:

IPv6 flood_router6 attack - Router advertisement Guard

Tue Sep 11, 2012 12:41 pm

Hi there!
Do you have IPv6 running?
I´m running my Routerboard RB751G-2HnD now in "OS / Bridge / Firewall - mode" so i´m able to filter attacks between the
LAN, WLAN and VPN Interfaces.
/interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=no
created a filter:
/ipv6 firewall filter
add action=drop chain=input comment="Block flood_routers6 attack" disabled=no dst-address=ff02::1/128 icmp-options=\
134:0 protocol=icmpv6 src-address=fe80::218:0:0:0/80
From the attacker backtrack type "flood_router6 eth0" to run the attack. - keep it running eg. for 30 sec.
CPU=100%, Memory decreasing
Stop attack. CPU=hanging ~ 25% Memory = - 6 MB
restart attack, after ~25 sec. Winbox disconnected

Anyone an Idea how to build a working "Router advertisement Guard"

Have a fine day, Kletool
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1370
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: IPv6 flood_router6 attack - Router advertisement Guard

Mon Oct 08, 2012 9:57 am

Nice one. What did support say? Do you have the "Submit this post as a bug report to MikroTik Technical Support:" checkbox at the top of a Newpost ?
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: IPv6 flood_router6 attack - Router advertisement Guard

Mon Oct 08, 2012 11:03 am

try our testing build:
http://www.mikrotik.com/download/share/ ... e-5.21.npk

i had 100% usage, but no memory problems.
 
Basiley
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: IPv6 flood_router6 attack - Router advertisement Guard

Thu Dec 13, 2012 11:07 am

generally its why and what for SEND are creating as NDP replacement.
hardly possible to fix/protect "insecure by design" things.

Who is online

Users browsing this forum: bassist, bpwl, dedysobr, ipunet, reinerotto, techlord and 150 guests