NDPMon

NDPMon - Observes the local network to see if nodes using neighbor discovery messages behave properly
Download

NDPMon Ranking & Summary

Advertisement

  • Rating:
  • License:
  • GPL
  • Price:
  • FREE
  • Publisher Name:
  • Frederic Beck
  • Publisher web site:
  • Operating Systems:
  • Mac OS X
  • File Size:
  • 237 KB

NDPMon Tags


NDPMon Description

NDPMon - Observes the local network to see if nodes using neighbor discovery messages behave properly NDPMon, Neighbor Discovery Protocol Monitor, is a tool working with ICMPv6 packets. NDPMon observes the local network to see if nodes using neighbor discovery messages behave properly. When NDPMon detects a suspicious Neighbor Discovery message, it will notify the administrator by writing in the syslog and in some cases by sending an email report.NDPMon is very similar to ArpWatch concerning reported activities and erroneous configurations, but it also provides new features, specific to the Neighbor Discovery protocol, for which it detects attacks, which could harm the network.NDPMon can also be launched with an option disabling reports. This learning phase allows to build the neighbor database during the first execution without raising unappropriate warnings.Reported Activities:· wrong couple MAC/IP· wrong router MAC· wrong router IP· wrong prefix· wrong router redirect· router flag in Neighbor Advertisment: NDPMon is carefull about nodes sending router advertisments - only nodes specified to be official routers in the configuration file can send one.· Duplicate Address Detection DOS· flip flop· reused old ethernet address: other kinds of malicious behaviors Sysloged Activities:· Unknown MAC MAnufacturer· new station· new IPv6 Global Address· new Link Local Address· wrong couple MAC/IP· wrong router MAC· wrong router IP· wrong prefix· wrong router redirect· wrong ipv6 router: if neither the Link Local Address and the MAC address are known for a RA· wrong RA flags: if the managed and other flags in the RA are not well set· wrong source link address option: the MAC address in the Link Adress option does not match with the Ethernet source address· wrong ipv6 hop limit: IPv6 Hop Limit is not 255· wrong RA lifetimes: preferred lifetime is bigger than the valid lifetime· RA valid lifetime too short: valid lifetime is less than 2 hours· router flag in Neighbor Advertisment: NDPMon is carefull about nodes sending router advertisments - only nodes specified to be official routers in the configuration file can send one.· Duplicate Address Detection DOS· flip flop· reused old ethernet address: other kinds of malicious behaviors· Ethernet mismatch· IP Multicast· Ethernet Broadcast


NDPMon Related Software

About SoftwareSea