Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
JUMBO6(1)		    General Commands Manual		     JUMBO6(1)

NAME
       jumbo6  -  A  security assessment tool for attack vectors based on IPv6
       jumbograms

SYNOPSIS
       jumbo6  [-i  INTERFACE]	[-S  LINK_SRC_ADDR]  [-D  LINK-DST-ADDR]   [-s
       SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-H	HBH_OPT_HDR_SIZE]  [-U
       DST_OPT_U_HDR_SIZE]   [-y   FRAG_SIZE]	[-u   DST_OPT_HDR_SIZE]	   [-q
       IPV6_LENGTH] [-Q	JUMBO_LENGTH] [-P PAYLOAD_SIZE]	[-l] [-z SECONDS] [-v]
       [-h]

DESCRIPTION
       jumbo6 allows the assessment of IPv6 implementations  with  respect  to
       attack  vectors	based  on  IPv6	jumbograms. It is part of the SI6 Net-
       works' IPv6 Toolkit : a security	assessment suite for the  IPv6	proto-
       cols.

       This  tool has only one mode of operation: active mode. In active mode,
       the tool	sends IPv6 jumbograms to the specified target, and informs the
       user of any received ICMPv6 error messages (typically "ICMPv6 Parameter
       Problem"	error messages).

OPTIONS
       jumbo6 takes its	parameters as command-line options. Each  of  the  op-
       tions  can  be specified	with a short name (one character preceded with
       the hyphen character, as	e.g. "-i") or with a long name (a string  pre-
       ceded with two hyphen characters, as e.g. "--interface").

       jumbo6  supports	 IPv6 Extension	Headers, including the IPv6 Fragmenta-
       tion Header, which might	be of  use  to	circumvent  layer-2  filtering
       and/or Network Intrusion	Detection Systems (NIDS). However, IPv6	exten-
       sion headers are	not employed by	default, and must  be  explicitly  en-
       abled with the corresponding options.

       -i INTERFACE, --interface INTERFACE
	      This  option  specifies the network interface that the tool will
	      use. If the destination address ("-d" option)  is	 a  link-local
	      address,	the interface must be explicitly specified. The	inter-
	      face may also be specified along	with  a	 destination  address,
	      with the "-d" option.

       -S SRC_LINK_ADDR, --src-link-address SRC_LINK_ADDR

	      This option specifies the	link-layer Source Address of the probe
	      packets. If left unspecified, the	link-layer Source  Address  of
	      the packets is set to the	real link-layer	address	of the network
	      interface.

       -D DST_LINK_ADDR, --dst-link-address DST_LINK_ADDR

	      This option specifies the	link-layer Destination Address of  the
	      probe  packets  (currently,  only	Ethernet is supported).	By de-
	      fault, the link-layer Destination	Address	is  automatically  set
	      to  the  link-layer address of the destination host (for on-link
	      destinations) or to the  link-layer  address  of	the  first-hop
	      router.

       -s SRC_ADDR, --src-address SRC_ADDR

	      This  option  specifies the IPv6 source address (or IPv6 prefix)
	      to be used for the Source	Address	of the outgoing	packets. If an
	      IPv6  prefix is specified, the IPv6 Source Address of the	outgo-
	      ing packets will be randomized from that prefix.

       -d DST_ADDR, --dst-address DST_ADDR

	      This option specifies the	IPv6 Destination Address of the	target
	      node. This option	cannot be left unspecified.

       --hop-limit, -A

	      This  option  specifies  the  Hop	 Limit to be used for the IPv6
	      packets. By default, the Hop Limit is randomized.

       -y SIZE,	--frag-hdr SIZE

	      This option specifies that the resulting packet  must  be	 frag-
	      mented.  The  fragment  size must	be specified as	an argument to
	      this option.

       -u HDR_SIZE, --dst-opt-hdr HDR_SIZE

	      This option specifies that a Destination Options header is to be
	      included in the resulting	packet.	The extension header size must
	      be specified as an argument to this option (the header is	filled
	      with  padding options). Multiple Destination Options headers may
	      be specified by means of multiple	"-u" options.

       -U HDR_SIZE, --dst-opt-u-hdr HDR_SIZE

	      This option specifies a Destination Options  header  to  be  in-
	      cluded in	the "unfragmentable part" of the resulting packet. The
	      header size must be specified as an argument to this option (the
	      header is	filled with padding options). Multiple Destination Op-
	      tions headers may	be specified by	means  of  multiple  "-U"  op-
	      tions. This option is only valid if the "-y" option is specified
	      (as the concept of "unfragmentable part" only makes  sense  when
	      fragmentation is employed).

       -H HDR_SIZE, --hbh-opt-hdr HDR_SIZE

	      This  option specifies that a Hop-by-Hop Options header is to be
	      included in the resulting	packet.	The header size	must be	speci-
	      fied  as	an  argument to	this option (the header	is filled with
	      padding options).	Multiple Hop-by-Hop  Options  headers  may  be
	      specified	by means of multiple "-H" options.

       --ipv6-length, -q

	      This option specifies the	value that the "Total Length" field of
	      the IPv6 header should be	set to.	If this	option is left unspec-
	      ified,  the "Total Length" field is set to 0, as required	by the
	      IPv6 jumbograms specification.

       --jumbo-length, -Q

	      This option specifies the	value  to  which  the  "Jumbo  Payload
	      Length" field of the Jumbo Payload option	should be set. If this
	      option is	left unspecified, the "Jumbo Payload Length" field  is
	      set  according  to  the  real size of the	jumbo payload (see the
	      "-p" option).

       --payload-size, -P

	      This options specifies the size of the jumbo payload.   If  left
	      unspecified, the payload size is set to 0.

       --loop, -l

	      This option instructs the	jumbo6 tool to send periodic IPv6 jum-
	      bograms to the victim node. The amount of	time to	pause  between
	      sending  IPv6  jumbograms	 can be	specified by means of the "-z"
	      option, and defaults to 1	second.

       --sleep,	-z

	      This option specifies the	amount of time to pause	between	 send-
	      ing  IPv6	 jumbograms (when the "--loop" option is set). If left
	      unspecified, it defaults to 1 second.

       --verbose, -v

	      This option instructs the	jumbo6 tool to be verbose.   When  the
	      option  is  set  twice, the tool is "very	verbose", and the tool
	      also informs which packets have been accepted or discarded as  a
	      result of	applying the specified filters.

       --help, -h

	      Print help information for the jumbo6 tool.

EXAMPLES
       The following sections illustrate typical use cases of the jumbo6 tool.

       Example #1

       # jumbo6	-s fc00:1::/64 -d fc00:1::1 -P 100

       Send  an	 IPv6 jumbogram	to the host fc00:1::1. The IPv6	Source Address
       will be randomly	selected from the prefix fc00:1::/64, and a  the  pay-
       load of 100 bytes is included in	the packet.

AUTHOR
       The  jumbo6  tool  and  the corresponding manual	pages were produced by
       Fernando	   Gont	   _fgont@si6networks.com_    for     SI6     Networks
       _http://www.si6networks.com_.

COPYRIGHT
       Copyright (c) 2011-2013 Fernando	Gont.

       Permission  is  granted to copy,	distribute and/or modify this document
       under the terms of the GNU Free Documentation License, Version  1.3  or
       any  later  version  published by the Free Software Foundation; with no
       Invariant Sections, no Front-Cover Texts, and no	Back-Cover  Texts.   A
       copy   of   the	 license   is	available  at  _http://www.gnu.org/li-
       censes/fdl.html_.

								     JUMBO6(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=jumbo6&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help