6Guard is a honeypot-based IPv6 attack detector aiming at detecting the link-local level attacks, especially when the port-mirror feature of switch is unavailable.

Intallation

1. 1. Download and install Scapy in your machine. (apt-get install python-scapy)
2. 1. Download the v1.0 tarball directly or the latest code from Github Repository, then extract it into a directory.

Usage

1. 1. Enter the directory of 6Guard.
2. 1. Run $ sudo ./conf_generator.py to generate the configuration files.
3. 1. Run $ sudo ./6guard.py.

Note: The ./conf directory stores the configuration files of the honeypots and the globalpot. The ./log directory stores the operation logs and the attacking records. The ./pcap directory stores the message-related packets that can be reviewed in Wireshark.

I’ve been looking on ipv6 lately, and even though I got a global /64 for free from he.net, I’m not that amused about ipv6 yet.

• ipv6 link-local scope : if you have multiple interfaces with ipv6 link-local addresses, the operating system does not know which interface to use, so you have to append the interface to the hostname/ip when connecting hosts in link-local scope. If you do not use getaddrinfo, this information has to be passed to the bind/connect using
  struct sockaddr_in6.sin6_scope_id = if_nametoindex(devicename);
  This sounds weird, and it actually is:
  nc6 -6 -vv fe80::21f:d0ff:fe23:9b77%eth1 80
  may work for some people, but encoding the interface in url renders the whole url-idea useless
  http://[fe80::21f:d0ff:fe23:9b77%eth1]