Fuzz Testing with the DHCPv6 Protocol

Overview

The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is a mechanism for configuring devices with network configuration parameters, IP addresses, and prefixes.

Testing environment requirements

• beSTORM 13.4.0 or later (licensed)

• Windows 10 or later

• A device where a DHCPv6 server is running (this will be the device under test [DUT])

Fuzzing with beSTORM

To fuzz with the DHCPv6 protocol in beSTORM, do the following:

1. Using a network cable, connect the DHCPv6 device (DUT) to the beSTORM computer's Ethernet adapter.

2. Open beSTORM Client.

3. Select New Project. The beSTORM New Project Wizard opens.

4. On the Welcome page, do the following:

   1. In the Project Name box, enter a name.

   2. Optionally, select a different file location for your project in the Location Name box.

   3. For Please select the wizard, select Advanced.

   4. Leave Perform a port scan, and service detection and assist me in choosing the relevant module unchecked.

      

5. Select Next.

6. On the Basic Configuration page, do the following:

   1. In the beSTORM's predefined modules list, select DHCPv6 from the Low-level Network group.

   2. In the Network Device list, select the beSTORM computer's Ethernet adapter where you connected your network cable.

      

7. Select Next.

8. On the Advanced Configuration page, adjust Scale Type to reduce the number of combinations and overall testing duration. For the least number of combinations and shortest testing duration, select Base10.

   

9. Select Next.

10. On the Module Environment page, do the following for the first five parameters:

    1. Interface Name - In the Value box, confirm it is set to the Ethernet adapter you selected in step 6b.

    2. Destination IPv6 Address - In the Value box, enter the IP address of the DHCPv6 server, or use the default FF02::1:2 value (this value, in the DHCPv6 protocol context, is a multicast address where all DHCP Servers and Relay agents devices listen for packets).

    3. Destination MAC Address - Double-click the Value box. In the MAC Address Finder dialog, enter the IPv4 address of the DHCP server (you cannot use the same multicast address used for the Destination IPv6 Address parameter), and then select Find. The MAC Address box will refresh and display the MAC address of the DHCP server. Select OK.

    4. Sender IPv6 Address - In the Value box, enter the IPv6 address of the beSTORM computer.

    5. Source MAC Address - Double-click the Value box. In the MAC Address Finder dialog, enter the IPv4 Address of the beSTORM computer and then select Find. The MAC Address box will refresh and display the MAC address of the beSTORM computer. Select OK.

    6. Optionally, you can adjust the remaining parameters to further refine DHCPv6 fuzzing with beSTORM.

       

11. Select Next.

12. On the Extra Configuration page, do the following:

    1. Select the ARP Echo, ICMP Echo, and UDP Echo checkboxes.

    2. Set the Monitored IP Address to the DHCP server's IPv4 Address, and Port to the same value you set for Destination Port (547 by default) on the previous step. Leave all other parameters to their default setting.

       

13. Select Next.

14. On the Complete beSTORM wizard page, select Finish to begin fuzzing, or clear the Auto-start beSTORM scan now checkbox to run the test later.

15. Once your test begins, if an exception occurs (that is, an attack was successful), a message will appear in an Exception Information dialog informing you that the router is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.

    

16. When fuzzing is complete, select Report > Generate Report from the beSTORM Client to generate a more comprehensive report of your Configuration page.