ipv6mon v1.0 released! (IPv6 address monitoring daemon)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, We are pleased to announce the release of ipv6mon v1.0! ** Description ** ipv6mon (<http://www.si6networks.com/tools/ipv6mon>) is a tool for monitoring IPv6 address usage on a local network. It is meant to be particularly useful in networks that employ IPv6 Stateless Address Auto-Configuration (as opposed to DHCPv6), where address assignment is decentralized and there is no central server that records which IPv6 addresses have been assigned to which nodes during which period of time. ipv6mon employs active probing to discover IPv6 addresses in use, and determine whether such addresses remain active. ** Latest release ** The latest release of ipv6mon is v1.0, and is available at: <http://www.si6networks.com/tools/ipv6mon/ipv6mon-v1.0.tar.gz> ** Documentation ** PDF versions of the ipv6mon manuals are available on-line at: <http:://www.si6networks.com/tools/ipv6mon> ** GIT repository ** The GIT repository for the ipv6mon is: <https://github.com/fgont/ipv6-toolkit.git> ** IPv6 security trainings ** Development of ipv6mon is partially supported through our IPv6 security trainings. Please consider attending one of our upcoming trainings <http://www.hackingipv6networks.com/upcoming-t> Follow us on twitter: @SI6Networks Best regards, - -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 - -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJQUc+lAAoJEJbuqe/Qdv/xHc0IAJ8rTfjwisnAKxDrlXiQpNjZ 3yJbWE3LPEj5wTkoqHgOkd0p6h+hEkz9yaxlSyoZTJAP/N2IOvmdWdmXpV5umTen cVRxn5HopYRL4kEDRu5rc7DiwWXPXiuAZD8uvyyc/u/TiLHJXePjK1Cicp1W/iIZ cSBAKcjMGpaYX0i/Vj2rN36gytrjW0jRlF8e3+64FHss1+poEG58TBLcZyckZkTZ TqE1G184gkAPAa8DryT8U1k68ZWWO/2gWMsLR/nTxjUmSZHamPrZHN2IHlhdC5vu ABBK/M13MIepNfnFlXfBMCTMy0CQU87kRwo5OF+1M7NAeshovmgjtOp+idAsZec= =a76/ -----END PGP SIGNATURE-----
On 2012-09-13 14:21 , Fernando Gont wrote:
Folks,
We are pleased to announce the release of ipv6mon v1.0!
** Description **
ipv6mon (<http://www.si6networks.com/tools/ipv6mon>) is a tool for monitoring IPv6 address usage on a local network. It is meant to be particularly useful in networks that employ IPv6 Stateless Address Auto-Configuration (as opposed to DHCPv6), where address assignment is decentralized and there is no central server that records which IPv6 addresses have been assigned to which nodes during which period of time.
ipv6mon employs active probing to discover IPv6 addresses in use, and determine whether such addresses remain active.
You mean, like what NDPMon has been delivering for several years already:
From http://ndpmon.sourceforge.net/ -- The Neighbor Discovery Protocol Monitor (NDPMon) is a diagnostic software application used by Internet Protocol version 6 network administrators for monitoring ICMPv6 packets. NDPMon observes the local network for anomalies in the function of nodes using Neighbor Discovery Protocol (NDP) messages, especially during the Stateless Address Autoconfiguration. When an NDP message is flagged, it notifies the administrator by writing to the syslog or by sending an email report. It may also execute a user-defined script. For IPv6, NDPMon is an equivalent of Arpwatch for IPv4, and has similar basic features with added attacks detection.
NDPMon runs on Linux distributions (available in Debian repositories and in Ubuntu 12.10 and later), Mac OS X, FreeBSD (available as port), NetBSD and OpenBSD. It uses a configuration file containing the expected and valid behavior for nodes and routers on the link. This includes the routers addresses (MAC and IP) and the prefixes, flags and parameters announced. NDPMon also maintains up-to-date a list of neighbors on the link and watches all advertisements and changes. It permits to track the usage of cryptographically generated interface identifiers or temporary global addresses when Privacy extensions are enabled (default behavior in Ubuntu and Windows for example), or Cryptographically Generated Addresses are in use. -- arpwatch + ndpmon are kind of a requirement in a network where you are not sure who can plug-in to it (especially when not using 802.1x on links or when having a 'weak'/known password for the wireless), are they not? :) Greets, Jeroen
On 09/13/2012 09:31 AM, Jeroen Massar wrote:
ipv6mon employs active probing to discover IPv6 addresses in use, and determine whether such addresses remain active.
You mean, like what NDPMon has been delivering for several years already:
Does NDPMon do active probing? If it doesn't, it's not "like what NDPMon has been delivering for several years already". For instance, ipv6mon is not meant to be analogous to arpwatch, and is *not* meant to detect ND attacks. Thanks, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
On Thu, 13 Sep 2012, Steve Meuse wrote:
On Thu, Sep 13, 2012 at 8:31 AM, Jeroen Massar <jeroen@unfix.org> wrote:
You mean, like what NDPMon has been delivering for several years already:
Having a choice is never a bad thing(tm).
Indeed! +1 Antonio Querubin e-mail: tony@lavanauts.org xmpp: antonioquerubin@gmail.com
participants (4)
-
Antonio Querubin
-
Fernando Gont
-
Jeroen Massar
-
Steve Meuse