6Guard: a honeypot-based IPv6 attack detector
27 Aug 2012 Xu Weilin 6guard attack detect globalpot honeypot ipv6-d51
6Guard is a honeypot-based IPv6 attack detector aiming at detecting the link-local level attacks, especially when the port-mirror feature of switch is unavailable.
Intallation
-
- Download and install Scapy in your machine. (
apt-get install python-scapy)
- Download and install Scapy in your machine. (
-
- Download the v1.0 tarball directly or the latest code from Github Repository, then extract it into a directory.
Usage
-
- Enter the directory of 6Guard.
-
- Run
$ sudo ./conf_generator.pyto generate the configuration files.
- Run
-
- Run
$ sudo ./6guard.py.
- Run
Note: The ./conf directory stores the configuration files of the honeypots and the globalpot. The ./log directory stores the operation logs and the attacking records. The ./pcap directory stores the message-related packets that can be reviewed in Wireshark.