Latest version: 2.1.0
Forged NDP messages are sent to deprecated rogue RAs and NAs using custom ICMPv6 messages generation library based on standard structures and functions.
Note: Counter measures on the link
The plugin keeps track of the countermeasures sent to decide if incoming captured packets shall be dropped or not. This is required to prevent counter-counter-...measures because a NDPMon instance listening on an interface captures normal NDP traiffc as well as its own countermeasures sent on this interface. As the counter- measures are also faked advertisements, they would otherwise trigger other countermeasures.
However, the plugin does not store the whole packet content but only a SHA-1 hash of the packet content in order to reduce memory consumption, and to deal with a constant size data type.
To build it, simply enable it in the configure script
This politic is implemented via countermeasures guards. The guards are used to decide if a call to a countermeasure function does actually result in a counter advertisement or if it is ignored. The decision is made according to a strategy which is set in the configuration. Currently the following strategies are implemented:
This politic is defined as follow in the configuration file:
The indicate_ndpmon_presence countermeasure is only necessary when several instances of NDPMon are running on the same link to avoid these multiple instances to send countermeasures against each other. By default, setting a value of SUPPRESS is correct.
Per probe flag
Not every administrator may welcome a monitoring tool that autonomously responds to events on the network. Thus, a flag permits to enable or disable these countermeasures.
For example, to enable it on eth1:
Steps to implement a new counter measure