Observes the local network to see if nodes using neighbor discovery messages behave properly. #Protocol monitor #Network monitor #Attack detector #Detect #Monitor #Network
NDPMon, Neighbor Discovery Protocol Monitor, is a tool working with ICMPv6 packets. NDPMon observes the local network to see if nodes using neighbor discovery messages behave properly.
When NDPMon detects a suspicious Neighbor Discovery message, it will notify the administrator by writing in the syslog and in some cases by sending an email report.
NDPMon is very similar to ArpWatch concerning reported activities and erroneous configurations, but it also provides new features, specific to the Neighbor Discovery protocol, for which it detects attacks, which could harm the network.
NDPMon can also be launched with an option disabling reports. This learning phase allows to build the neighbor database during the first execution without raising unappropriate warnings.
Reported Activities: · wrong couple MAC/IP · wrong router MAC · wrong router IP · wrong prefix · wrong router redirect · router flag in Neighbor Advertisment: NDPMon is carefull about nodes sending · router advertisments - only nodes specified to be official routers in the · configuration file can send one. · Duplicate Address Detection DOS · reused old ethernet address: other kinds of malicious behaviors
Sysloged Activities: · Unknown MAC MAnufacturer · new station · new IPv6 Global Address · new Link Local Address · wrong couple MAC/IP · wrong router MAC · wrong router IP · wrong prefix · wrong router redirect · wrong ipv6 router: if neither the Link Local Address and the MAC address are known for a RA · wrong RA flags: if the managed and other flags in the RA are not well set · wrong source link address option: the MAC address in the Link Adress option does not match with the Ethernet source address · wrong ipv6 hop limit: IPv6 Hop Limit is not 255 · wrong RA lifetimes: preferred lifetime is bigger than the valid lifetime · RA valid lifetime too short: valid lifetime is less than 2 hours · router flag in Neighbor Advertisment: NDPMon is carefull about nodes sending · router advertisments - only nodes specified to be official routers in the configuration file can send one. · Duplicate Address Detection DOS flip flop · reused old ethernet address: other kinds of malicious behaviors · Ethernet mismatch · IP Multicast · Ethernet Broadcast
What's new in NDPMon 2.1.0:
- multiple interfaces support
- whole new architecture
- multithreading
- event driven
NDPMon 2.1.0
add to watchlist add to download basket send us an update REPORT- runs on:
- Mac OS X (PPC & Intel)
- file size:
- 181 KB
- main category:
- Security
- developer:
- visit homepage
Microsoft Teams
ShareX
7-Zip
Windows Sandbox Launcher
IrfanView
Bitdefender Antivirus Free
paint.net
calibre
Zoom Client
4k Video Downloader
- calibre
- Zoom Client
- 4k Video Downloader
- Microsoft Teams
- ShareX
- 7-Zip
- Windows Sandbox Launcher
- IrfanView
- Bitdefender Antivirus Free
- paint.net