I am working on a python script for IPv6 malicious packet handling. The script requires Scapy which can be downloaded from http://www.secdev.org/projects/scapy/
Be sure you are running at least Scapy (2.2.0-dev) The script was tested on Backtrack 5 R2
Currently the script performs the following tests:
1. Send HbH Header Flood
Test handling of a large number of HbH headers directed at a L3 device. Could DOS a router if there isn't proper policing of packets to the CPU.
2. Send RH0 Packets
Test for the filtering and/or handling of RH0 packets. RH0 packets have been deprecated and shouldn't be accepted.
3. Send Packets with two RH0 Headers
Tests the corner case of two RH0 headers; one after the other.
4. RA deamon killer
Some RA daemons will crash if you send RAs towards them with a spoofed source of themselves with a lifetime of zero
5. RA Flood
Send a flood of RAs with random prefixs. Will DOS Windows and possible other devices.
6. Hide Layer 4 Info for ACL Bypass
Test the handling of ACL and firewall rules with the layer 4 information "hidden" in the second fragment. Some firewalls will pass this since it doesn't find the layer 4 information in the first fragment.
You can download the current version of the script from github: ipv6-test.py
Copyright © 2015, Keith O'Brien. All rights reserved.