-
Notifications
You must be signed in to change notification settings - Fork 14
Home
Welcome to the sylkie wiki!
It is recommended that sylkie
is build with json and seccomp support.
A few examples of the installation of these dependencies are listed below.
# apt-get install libjson-c-dev libseccomp-dev cmake3
# pacman -S json-c libseccomp linux-headers git cmake
# emerge --ask json-c libseccomp git cmake
Option | Description | Default |
---|---|---|
ENABLE_JSON | Build sylkie with json support | ON |
ENABLE_SECCOMP | Build sylkie with seccomp support | ON |
ENABLE_SETUID | Install sylkie with the setuid bit set | OFF |
ENABLE_STATIC | Statically link sylkie | OFF |
BUILD_DOCS | Build sylkie doxygen docs | OFF |
BUILD_TESTS | Build the test suite | OFF |
Type | Description |
---|---|
Release | Standard release build |
Debug | Standard build with debug info |
ASAN | Address sanitized build |
Build types can be defined with -DCMAKE_BUILD_TYPE=<build type>
. For
example the following would configure an address sanitized build.
mkdir build
cd ./build
cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=ASAN ..
make
sudo make install
sylkie
is a tool for sending forged NDP messages. The following
attempts to describe what each subcomand actually does in a little
more detail.
The router-advert
(ra
) command attempts to DoS a network by sending
"forged" Router Advertisement messages to either a targeted address
(if one is provided) or the link local scope all-nodes address ff02::1
.
The "forged" Router Advertisement contains Prefix Information
with the lifetimes set to 0. The message also contains the
Source Link-Layer Address.
This should cause the targeted address or all link local nodes to
remove the targetted router from the list of default routes.
The neighbor-advert
(na
) command attempts to spoof a given address
by sending "forged" Neighbor Advertisement message to the targeted address.
The "forged" Neighbor Advertisement has the Override Flag
set. This advertisement also contains the necessary
Target Link-layer Address
information set so that the targeted host does not have to query the
targeted host for more information before updating the neighbor cache.
This should cause the targeted host to update the neighbor cache entry
for the given ip address with the given link-layer address.
The json and
plaintext
features becomes especially useful as more information is required
or if there is a set of advertisements that need to be configured
and sent. For example, the following json config would send two
router advertisements on the configured intervals. And would cause
the second entry router-ip
(fe80::cbed:6822:cd23:bbdb
) to
become the default route.
{
"router-advert": [
{
"interface": "ens3",
"target-mac": "0c:c4:7a:6c:cd:54",
"router-ip": "fe80::ec4:7aff:fe6c:cd54",
"prefix": 64,
"repeat": -1,
"timeout": 5
},
{
"interface": "ens3",
"target-mac": "52:54:00:c2:a7:7c",
"router-ip": "fe80::cbed:6822:cd23:bbdb",
"prefix": 64,
"lifetime": 600,
"repeat": -1,
"timeout": 5
}
]
}
Note the addition of the lifetime
parameter for the second entry.
Since the value is non-zero hosts will add fe80::cbed:6822:cd23:bbdb
as a default route and since they have also removed the "real" default
route, fe80::cbed:6822:cd23:bbdb
will become the default route (assuming
fe80::ec4:7aff:fe6c:cd54
was the only default route on the network)
Learning is fun. I didn't know much about The ND protocol so I read RFC 4861 and this seemed like a good way to learn by practice.