6Guard (IPv6 attack detector)

6Guard is an IPv6 attack detection tool specifically designed to tackle security threats that arise from link-local connections. It targets a range of attacks that are initiated by the THC-IPv6 suite, as well as the sophisticated host discovery techniques used by Nmap.

This tool helps network administrators detect link-local IPv6 attacks early on. 6Guard is a project sponsored by Google Summer of Code 2012 and is backed by The Honeynet Project organization, which is dedicated to improving cybersecurity.

The project page is at Project 9 - IPv6 Attack Detector (Xu). Below is an example of an attack alert message provided by 6Guard. [ATTACK] Timestamp: 2012-08-19 14:48:27 Reported by: Honeypot-apple-2A:C4:2D Type: DoS Name: Fake Echo Request Attacker: [Unknown] 00:00:de:ad:be:ef (CETIA) Victim: [Honeypot-apple-2A:C4:2D] 40:3C:FC:2A:C4:2D (Apple, Inc.) Utility: THC-IPv6: smurf6 Packets: b12fe3415c1d61c1da085cb8811974a2.pcap Installation To install, download and install Scapy on your machine. Alternatively, you can use the command `apt-get install python-scapy`. After that, download the latest code from Github repository mzweilin/ipv6-attack-detector and extract it into a directory of your choice. Usage Navigate to the directory where 6Guard is located. Run the command `$ sudo ./conf_generator.py` to generate the necessary configuration files. Once that is done, execute `$ sudo ./6guard.py` to start the program. Note If this is your first time running the program, please ensure that all dependencies are correctly installed.