Documentation
- INSTALL: HowTo install NDPMon.
- CONFIGURATION: HowTo configure NDPMon.
- MAN: NDPMon manpage.
Important Notes and Known Bugs
The porting of NDPMon under different OS is on its way. NDPMon works under Linux, *BSD and MAC OS X. Please refer to the INSTALL section of the documentation for more informations about the installation of the tool.
Nervertheless, we encountered a problem during this phase, which resulted in what we consider a bug in the tool: under OpenBSD, the mail alert functionnality crashes the tool with an error Null body. Hope that's OK. We tested the tool under OpenBSD 4.1 with sendmail as mail server. We guess that the problem comes from the communication between NDPMon and Sendmail via the usage of popen. We did not find the solution yet, and need to test a few more things first (test with other mail server...). Thus for the moment, it is recommended to disable the mail alert system under OpenBSD. If you have any comment or feedback/solution on the problem, you are welcome !
Source Code Documentation
Source code documentation is available. Only the countermeasures plugin is documented so far, the core of NDPMon will be added soon.
Testing
In order to test the tool and verify by ourself that it detects the addresses, or simply to play with IPv6, we recommend two frameworks:
- THC IPv6 Attack Toolkit: an comprehensive attack toolkit for the IPv6 protocol suite.
- Scapy6: an extension to Scapy that provides support for IPv6 (and much more).
We used both of these frameworks during the implementations and tests of the tool. More precisely, we used the tool alive6 from the THC toolkit to detect quickly the hosts alive on the link.
Papers
Some papers have been written on for this tool:
- Monitoring the Neighbor Discovery Protocol: a research article published in the conference IPv6TD'07
- Internship Report: a report written in French by Thibault Cholez summarizing the work he did during his internship.
- Technical Report: a document written in English describing the tool and its implementation.
Bibliography
NDPMon has been written by taking as reference two papers:
- RFC 3756: IPv6 Neighbor Discovery (ND) Trust Models and Threats.
- Securing IPv6 Neighbor and Router Discovery, an article written by the same authors than the RFC on the same subject.