Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
JUMBO6(1)		    General Commands Manual		     JUMBO6(1)

NAME
       jumbo6  -  A  security assessment tool for attack vectors based on IPv6
       jumbograms

SYNOPSIS
       jumbo6  [-i  INTERFACE]	[-S  LINK_SRC_ADDR]  [-D  LINK-DST-ADDR]   [-s
       SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-H	HBH_OPT_HDR_SIZE]  [-U
       DST_OPT_U_HDR_SIZE]    [-y   FRAG_SIZE]	 [-u   DST_OPT_HDR_SIZE]   [-q
       IPV6_LENGTH] [-Q	JUMBO_LENGTH] [-P PAYLOAD_SIZE]	[-l] [-z SECONDS] [-v]
       [-h]

DESCRIPTION
       jumbo6 allows the assessment of IPv6 implementations  with  respect  to
       attack  vectors	based  on  IPv6	jumbograms. It is part of the SI6 Net-
       works' IPv6 Toolkit : a security	assessment suite for the  IPv6	proto-
       cols.

       This  tool has only one mode of operation: active mode. In active mode,
       the tool	sends IPv6 jumbograms to the specified target, and informs the
       user of any received ICMPv6 error messages (typically "ICMPv6 Parameter
       Problem"	error messages).

OPTIONS
       jumbo6 takes its	parameters as command-line options. Each  of  the  op-
       tions  can  be specified	with a short name (one character preceded with
       the hyphen character, as	e.g. "-i") or with a long name (a string  pre-
       ceded with two hyphen characters, as e.g. "--interface").

       jumbo6  supports	 IPv6 Extension	Headers, including the IPv6 Fragmenta-
       tion Header, which might	be of  use  to	circumvent  layer-2  filtering
       and/or Network Intrusion	Detection Systems (NIDS). However, IPv6	exten-
       sion  headers  are  not employed	by default, and	must be	explicitly en-
       abled with the corresponding options.

       -i INTERFACE, --interface INTERFACE
	      This option specifies the	network	interface that the  tool  will
	      use.  If	the  destination address ("-d" option) is a link-local
	      address, the interface must be explicitly	specified. The	inter-
	      face  may	 also  be  specified along with	a destination address,
	      with the "-d" option.

       -S SRC_LINK_ADDR, --src-link-address SRC_LINK_ADDR

	      This option specifies the	link-layer Source Address of the probe
	      packets. If left unspecified, the	link-layer Source  Address  of
	      the packets is set to the	real link-layer	address	of the network
	      interface.

       -D DST_LINK_ADDR, --dst-link-address DST_LINK_ADDR

	      This  option specifies the link-layer Destination	Address	of the
	      probe packets (currently,	only Ethernet is  supported).  By  de-
	      fault,  the  link-layer Destination Address is automatically set
	      to the link-layer	address	of the destination host	 (for  on-link
	      destinations)  or	 to  the  link-layer  address of the first-hop
	      router.

       -s SRC_ADDR, --src-address SRC_ADDR

	      This option specifies the	IPv6 source address (or	 IPv6  prefix)
	      to be used for the Source	Address	of the outgoing	packets. If an
	      IPv6  prefix is specified, the IPv6 Source Address of the	outgo-
	      ing packets will be randomized from that prefix.

       -d DST_ADDR, --dst-address DST_ADDR

	      This option specifies the	IPv6 Destination Address of the	target
	      node. This option	cannot be left unspecified.

       --hop-limit, -A

	      This option specifies the	Hop Limit to  be  used	for  the  IPv6
	      packets. By default, the Hop Limit is randomized.

       -y SIZE,	--frag-hdr SIZE

	      This  option  specifies  that the	resulting packet must be frag-
	      mented. The fragment size	must be	specified as  an  argument  to
	      this option.

       -u HDR_SIZE, --dst-opt-hdr HDR_SIZE

	      This option specifies that a Destination Options header is to be
	      included in the resulting	packet.	The extension header size must
	      be specified as an argument to this option (the header is	filled
	      with  padding options). Multiple Destination Options headers may
	      be specified by means of multiple	"-u" options.

       -U HDR_SIZE, --dst-opt-u-hdr HDR_SIZE

	      This option specifies a Destination Options  header  to  be  in-
	      cluded in	the "unfragmentable part" of the resulting packet. The
	      header size must be specified as an argument to this option (the
	      header is	filled with padding options). Multiple Destination Op-
	      tions  headers  may  be  specified by means of multiple "-U" op-
	      tions. This option is only valid if the "-y" option is specified
	      (as the concept of "unfragmentable part" only makes  sense  when
	      fragmentation is employed).

       -H HDR_SIZE, --hbh-opt-hdr HDR_SIZE

	      This  option specifies that a Hop-by-Hop Options header is to be
	      included in the resulting	packet.	The header size	must be	speci-
	      fied as an argument to this option (the header  is  filled  with
	      padding  options).  Multiple  Hop-by-Hop	Options	headers	may be
	      specified	by means of multiple "-H" options.

       --ipv6-length, -q

	      This option specifies the	value that the "Total Length" field of
	      the IPv6 header should be	set to.	If this	option is left unspec-
	      ified, the "Total	Length"	field is set to	0, as required by  the
	      IPv6 jumbograms specification.

       --jumbo-length, -Q

	      This  option  specifies  the  value  to which the	"Jumbo Payload
	      Length" field of the Jumbo Payload option	should be set. If this
	      option is	left unspecified, the "Jumbo Payload Length" field  is
	      set  according  to  the  real size of the	jumbo payload (see the
	      "-p" option).

       --payload-size, -P

	      This options specifies the size of the jumbo payload.   If  left
	      unspecified, the payload size is set to 0.

       --loop, -l

	      This option instructs the	jumbo6 tool to send periodic IPv6 jum-
	      bograms  to the victim node. The amount of time to pause between
	      sending IPv6 jumbograms can be specified by means	 of  the  "-z"
	      option, and defaults to 1	second.

       --sleep,	-z

	      This  option specifies the amount	of time	to pause between send-
	      ing IPv6 jumbograms (when	the "--loop" option is set).  If  left
	      unspecified, it defaults to 1 second.

       --verbose, -v

	      This  option  instructs the jumbo6 tool to be verbose.  When the
	      option is	set twice, the tool is "very verbose",	and  the  tool
	      also  informs which packets have been accepted or	discarded as a
	      result of	applying the specified filters.

       --help, -h

	      Print help information for the jumbo6 tool.

EXAMPLES
       The following sections illustrate typical use cases of the jumbo6 tool.

       Example #1

       # jumbo6	-s fc00:1::/64 -d fc00:1::1 -P 100

       Send an IPv6 jumbogram to the host fc00:1::1. The IPv6  Source  Address
       will  be	 randomly selected from	the prefix fc00:1::/64,	and a the pay-
       load of 100 bytes is included in	the packet.

AUTHOR
       The jumbo6 tool and the corresponding manual  pages  were  produced  by
       Fernando	    Gont     <fgont@si6networks.com>	for    SI6    Networks
       <http://www.si6networks.com>.

COPYRIGHT
       Copyright (c) 2011-2013 Fernando	Gont.

       Permission is granted to	copy, distribute and/or	modify	this  document
       under  the  terms of the	GNU Free Documentation License,	Version	1.3 or
       any later version published by the Free Software	 Foundation;  with  no
       Invariant  Sections,  no	Front-Cover Texts, and no Back-Cover Texts.  A
       copy  of	 the   license	 is   available	  at   <http://www.gnu.org/li-
       censes/fdl.html>.

								     JUMBO6(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=jumbo6&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help