[lacnog] ipv6toolkit v1.5.2 publicado! ("v1.5.2 out there!", "v1.5.2 publicado, cachay?" :-))

Fernando Gont fgont en si6networks.com
Sab Ene 18 16:41:58 BRST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Estiamdos,

No se trata de un super-release, pero esta version soluciona algunos
problemas de as versiones anteriores, e incorpora nuevas
funcionalidades (ver debajo el changelog).

Por eso, si se encuentra utilizando el ipv6toolkit, please upgradeen a
la versión 1.5.2.

Pueden encontrar los tarballs (común, y firmado con la mi llave del
fingerprint) en: <http://www.si6networks.com/tools/ipv6toolkit>).

* Herramientas:

SI quieran averiguar que herramientasa incluye el toolkit, hagan un
"man 7 ipv6toolkit".


* Plataformas:

Actualmente soportamos las siguientes plataformas: FreeBSD, NetBSD,
OpenBSD, Debian GNU/Linux, Debian GNU/kfreebsd, Gentoo Linux, Ubuntu,
and Mac OS.

Algunas de estas plataformas incluyen al ipv6toolkit en su sistema de
paquetes -- los créditos correspondientes se encuentan debajo. :-)


===== CREDITS ======
CONTRIBUTORS
- ------------

** Contributors **

The following people sent patches that were incorporated into this
release of the toolkit:

    Octavio Alvarez <alvarezp en alvarezp.com>
    Alexander Bluhm <bluhm en openbsd.org>
    Alistair Crooks <agc en pkgsrc.org>
    Declan A Rieb   <darieb en sandia.gov>


** Package maintainers **

Availability of packages for different operating systems makes it
easier for users to install and update the toolkit, and for the toolkit
to integrate better with the operating systems.

These are the maintainers for each of the different packages:

  + Debian

    Octavio Alvarez <alvarezp en alvarezp.com>, sponsored by Luciano Bello
    <luciano en debian.org>

  + FreeBSD

    Hiroki Sato <hrs en FreeBSD.org>

  + Gentoo Linux

    Robin H. Johnson <robbat2 en gentoo.org>

  + Mac OS

    Declan A Rieb <darieb en sandia.gov> tests the toolkit on multiple Mac
    OS versions, to ensure clean compiles on such platforms.

  + NetBSD (pkgsrc framework)

    Alistair Crooks <agc en pkgsrc.org>

  + OpenBSD

    Alexander Bluhm <bluhm en openbsd.org>


** Troubleshooting/Debugging **

Spotting bugs in networking tool can be tricky, since at times they
only show up in specific network scenarios.

The following individuals provided great help in identifying bugs in
the the toolkit (thus leading to fixes and improvements):

    Stephane Bortzmeyer <stephane en bortzmeyer.org>
    Marc Heuse <mh en mh-sec.de>
    Erik Muller <erikm en buh.org>
    Declan A Rieb <darieb en sandia.gov>
    Tim <tim-security en sentinelchicken.org>
===== CREDITS =====


===== CHANGELOG =====
SI6 Networks IPv6 Toolkit v1.5.2

   * All: Add support for GNU Debian/kfreebsd
     The toolkit would not build on GNU Debian/kfreebsd before this
     release.

   * tcp6: Add support for TCP/IPv6 probes
     tcp6 can now send TCP/IPv6 packets ("--probe-mode" option), and
     read the TCP response packets, if any. This can be leveraged for
     port scans, and miscellaneous measurements.

SI6 Networks IPv6 Toolkit v1.5.1
   * Fix Mac OS breakage
     libipv6.h had incorrect definitions for "struct tcp_hdr".

SI6 Networks IPv6 Toolkit v1.5

   * All: Improved the next-hop determination
     Since the toolkit employs libpcap (as there is no portable way to
     forge IPv6 addresses and do other tricks), it was relying on the
     user specifying a network interface ("-i" was mandatory for all
     tools) and that routers would send Router Advertisements on the
     local links. This not only was rather inconvenient for users
     (specifying a network interface was not warranted), but also meant
     that in setups where RAs where not available (e.g., manual
     configuration), the tools would fail. The toolkit now employs
     routing sockets (in BSDs) or Netlink (in Linux), and only uses
     "sending RAs" as a fall-back in case of failure (IPv6 not
     configured on the local host).

   * All: Improved source address selection
     This is closely related to the previous bullet.

   * All: More code moved to libipv6
     More and more code was moved to libipv6 and removed to the
     individual tool source files. As with some of the above, this was
     painful and time-consuming, but was necessary -- and in the long
     run it will make code maintenance easier.

   * All: libipv6 used throughout all tools
     This was rather painful and non-exciting, but necessary.


SI6 Networks' IPv6 Toolkit v1.4.1

   * frag6: Fixed bug that prevented Ethernet header from being filled
     A bug in the code caused Ethernet frames to go on te wire without
     any of their header fields completed.

   * All: Use of library to avoid code replication
     An "libipv6" library was created, such that common functions do
     not need to be replicated for each tool. ni6, ns6, rs6, and tcp6
     now employ such library.


SI6 Networks' IPv6 Toolkit v1.4 release

   * frag6: Fixed the flooding option
     Fixed the fragment size used when employing the flooding option.
     It was previously sending fragment sizes that where not a multiple
     of eight, and hence these fragments were dropped.

   * scan6: Added support for 64-bit encoding of IPv4 addresses
     Option "--tgt-ipv4" was augmented to support both encodings (32 bit
     and 64 bit) of embedded IPv4 addresses.

   * tcp6: Fixed response to Neighbor Solicitations
     tcp6 was not responding to incoming Neighbor Solicitations. Hence,
     when packets were sent from spoofed addresses, tcp6 would never
     receive the response packets, because the NSs sent by the local
     router or target node would never be responded.

   * tcp6: Added support for TCP Window-based attacks
     tcp6 can now close the window after sending an app-layer command,
     and also "modulate" the TCP window to circumvent trivial
     mitigations for these attacks ("--window-mode" and
     "--win-modulate" options).

   * tcp6: Support for multiple connection-establishment types
     tcp6 can now cause e.g. TCP simultaneous opens (see the
     "--open-mode" option).

   * tcp6: Support for multiple connection-termination types
     tcp6 can now perform multiple connection-termination types (see the
     "--close-mode" option).

   * tcp6: Support for sending application layer requests
     tcp6 can now send application-layer requests with the "--data"
     option.

   * Many improvements to the manual pages.
     Fixed the troff encoding of many manual pages. Added
     ipv6toolkit(7), that describes a general description of the
     toolkit.

   * All: Fixed bug in link-layer destination address selection
     Tools now try to find a local router or perform Neighbor Discovery
     only when necessary (i.e., underlying link-layer is *not* loopback
     or tunnel, destination address is *not* link-local, and a
     link-layer destination address has *not* been specified).

   * All: Fixed bug in option handling
     Incorrect data type was used for the return value of
     getopt_long(), thus leading to problems in some architectures.

   * All: Fixed a number of issues with pcap_next_ex()
     The timeout parameter of pcap_next_ex() is now based on the
     platform (the previous constant value had different semantics in
     different platforms).
     Additionally, handle the case where pcap_next_ex() returns no
     packets.

   * All: General improvements and clean-up
     The development process now includes building the toolkit with the
     clang compiler (in addition to gcc), which has lead to the
     identification of a number of issues.

   * All: Improved support for building the toolkit.
     The toolkit now contains one makefile for pmake, and another for
     GNU make.
     Added support for the DESTDIR variable. Appropriate paths are
     selected based on the value of a number of variables.
     Configuration file is dynamically generated, with the right path
     to the oui.txt file.

===== CHANGELOG =====


- -- 
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJS2sr0AAoJEK4lDVUdTnSSL0sP+QGm220VBUyd/M5LBDWov3/G
gt4jG2Rey9A1J10W6Q2+UhXmn7COCN4UesPtLXGjRYZXrIvoEu4OfmSOw4xnjRUs
5RISQp9pTmDJC5UuDUDM2QfDh70v2dDPG6cewnhgYHkE5ad6EvFXe+8rX9BIDuyZ
kQ73776JqSTAvSiL5CavTrYfqUuPjGCYe9YpzotOWDIEUMg7esmBaIJ8Xeuxp6lS
IMPjzixmRCkKcdHjcNDvZJmD3jydoR1yeCQXaW+SHGN9/hLpKTTGF9J1T/YtZ4h7
rfOq5mKbFyy2vYeUvLXl1q+cfYIYlZ2EpgQ96ujqnd+9MRKu+kF7R1J212juWLGz
uGSb5ZPwIZbacGlMRWaXKgE1w0ytc6t/t9U6UZgE/2liBS+A1+SbZb9H+6oREqav
880rmABe4TcuHOB/hiN6f4ZhBP1XsGSOHN4ps+Fu9Q3mLQZPdDh8cjrfgO0AnuJr
zJNQUCK78YujnWGPwtFKPRY0s2+8GuR26Uc02VIo+zjjyhnXYoq0sLSEnOFiAk9N
t3lbKQTgSnBuw3TAbyWjqRCdvqfNw23x8mhANyFoY0n5PlxsdUdJhdtE1WJybf6W
MVVnl/SGsHz1dxH/IxST+Ro76B6zBFYdOk3KNZN9QzeR3Ke9yrr/h9JweG56Vc9b
V8ooo2D10x2RZTp6BPX6
=oXbd
-----END PGP SIGNATURE-----



Más información sobre la lista de distribución LACNOG