Dailydave mailing list archives
Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability
From: Nate Lawson <nate () root org>
Date: Mon, 04 Apr 2011 15:33:58 -0700
On 4/4/2011 8:34 AM, Adam Behnke wrote:
InfoSec Institute security researcher Alec Waters has just released a new article on SLAAC Attacks. The basic premise is to use the default network configuration found on all Windows 7 (as well as Server 2008, Vista) installations to intercept and hijack all network traffic without any user knowledge or interaction. The testing in our lab shows that this attack requires no interaction on the user's part, and is totally transparent. It is hard to detect even in enterprise computing environments with significant security gear in place. It works on wired and wireless networks. Even though we are exploiting the IPv6 to IPv4 translation process, it does not require an existing IPv6 network to be set up or functional. It only requires the operating system to have IPv6 enabled by default. Mac OS-X is also likely vulnerable, but we have not tested it yet.
Summary: attackers who have layer 2 access to your network can do IPv6 RA spoofing (similar to DHCP) and get targets to use them as the gateway. This is nothing they can't already do with DHCP or ARP spoofing in IPv4. Here is a summary of the various countermeasures for this devastating and novel attack: http://www.rfc-archive.org/getrfc.php?rfc=6104 "You can't claim 0-day if there's already an RFC with recommended fixes." -- Nate _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Adam Behnke (Apr 04)
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Nate Lawson (Apr 05)
- Message not available
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Adam Behnke (Apr 06)
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Dobbins, Roland (Apr 08)
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Adam Behnke (Apr 06)