[LACNIC/Seguridad] Quiz: Weird IPv6 Traffic on the Local Network

Fernando Gont fgont en si6networks.com
Mar Feb 16 20:55:21 BRST 2016


Estimados,

Para entretenerse:
<http://blog.si6networks.com/2016/02/quiz-weird-ipv6-traffic-on-local-network.html>


Version fea sin colores (en el blog se ve mas facil):
---- cut here ----
Quiz: Weird IPv6 Traffic on the Local Network

One thing that I enjoy a lot is capturing network traffic to
subsequently try to figure out whether the captured traffic makes any
sense -- you learn a lot that way.

The following packet was shared with me by Timo Hilbrink during the 10th
Slovenian IPv6 Summit.

The quiz consists in explaining the packet trace bellow.

Actors:

* Apple iOS 8.3
* Fritz!Box CPE


The "Crime Scene" (tcpdump packet trace):

Two packets:

19:00:02.246726 IP6 truncated-ip6 - 16011 bytes missing!(class 0x50,
flowlabel 0x00040,
hlim 0, next-header unknown (64) payload length: 16035)
4006:a0bd:c0a8:b229:40e9:a79c:f129:50 > f141:8159::b002:ffff:32fc:0:
ip-proto-64
16035
19:00:02.252529 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 256)
fe80::be05:43ff:feea:be92 > ip6-allnodes: [icmp6 sum ok] ICMP6, router
advertisement, length 256
hop limit 255, Flags [other stateful], pref high, router lifetime 1800s,
reachable time
0s, retrans time 0s
prefix info option (3), length 32 (4): 4006:a0bd:c0a8:b229::/64, Flags
[onlink, auto],
valid time 7200s, pref. time 0s
prefix info option (3), length 32 (4): 4006:11b:c0a8:b229::/64, Flags
[onlink, auto],
valid time 6973s, pref. time 0s
prefix info option (3), length 32 (4): 4006:3e38:c0a8:b229::/64, Flags
[onlink, auto],
valid time 6972s, pref. time 0s
prefix info option (3), length 32 (4): 2001:980:376d:1::/64, Flags
[onlink, auto], valid
time 6603s, pref. time 3600s
rdnss option (25), length 24 (3): lifetime 1200s, addr:
fd00::be05:43ff:feea:be92
mtu option (5), length 8 (1): 1500
unknown option (24), length 8 (1):
0x0000: 0008 0000 0708


So... can you explain what this packet trace is all about?

  -- Fernando Gont
---- cut here ----

Saludos cordiales,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont en si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492







Más información sobre la lista de distribución Seguridad