About IPv6 DDoS attack and RA flood attack – 001.
About: IPv6 DDoS attack using router flooding.
This is extremely dangerous! Why? Because: A single device can instantly stop all the Windows machines on a Local Area Network.
See how you need to disabling router discovery:
1 2 3 4 5 6 7 8 9 10 11 12 | C:\>netsh interface ipv6 show interface Idx Met MTU State Name --- ---------- ---------- ------------ --------------------------- 1 4275 4294967295 connected Loopback Pseudo-Interface 1 15 4230 1500 disconnected Wi-Fi 36 20 1480 connected Broadband Connection 16 4230 1500 disconnected Local Area Connection* 11 19 4275 1280 disconnected isatap.{___....___} 12 4245 1500 connected Ethernet 20 4275 1280 disconnected isatap.{____....__} 17 4265 1500 disconnected Bluetooth Network Connection |
I changed my real … with {___….___}.
Next step is about : netsh int ipv6 set int “[int number]” routerdiscovery=disabled
Let’s try one example :
1 2 | netsh int ipv6 set int "1" routerdiscovery=disabled Ok |
This will disable Loopback Pseudo-Interface 1. No need if you don’t test your software with “Loopback” or your OS don’t need it.
Also can do this :
1 | netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disabled |
this will turn off Router Discovery on all servers and any other machines that do not need Stateless Autoconfiguration.
System administrators can disable router discovery. The machine will discard any RA packets.
Also, RA flood attack is appeared in many operating systems ( see this video to understand more…)
Also, you can see a demonstration from Sam Bowne new ra flod attack.
