Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability

[Marc Heuse <mh () baseline-security de>]

Am 04.04.2011 17:34, schrieb Adam Behnke:
> Hi Daily Davers.
>
> InfoSec Institute security researcher Alec Waters has just released a
> new article on SLAAC Attacks. The basic premise is to use the default
> network configuration found on all Windows 7 (as well as Server 2008,
> Vista) installations to intercept and hijack all network traffic
> without any user knowledge or interaction.

sorry but that is no news and already has a long beard.
the basics of this attack have been around for many years and once there
is an ietf draft about it you know you have to move on
(http://tools.ietf.org/html/draft-chown-v6ops-rogue-ra-02)

I mentioned this attack and many others in my various IPv6 talks at CSW
and CCC (e.g. http://www.youtube.com/watch?v=c7hq2q4jQYw), but even
before that Sebastian Krahmer pointed out the issue that IPv6 is
prefered over IPv4 if a target systems seems to be available can be
exploited.

> We contacted Microsoft over the weekend, but, because this is a
> default installation configuration vulnerability, Microsoft is not
> able to release a patch and states “....

I have been in touch with M$ for other IPv6 issues, its basically "yeah
we know and we wont change anything" but they word it nicely so the
reporter feels appreciated. Its the team responsible for the IPv6 stack
that doesnt care, not MSRC.

(and really they cant with this issue because its a fundamental weakness
in the IPv6 protocol, and one you can't fix easily if you dont want to
use static routes or dhcpv6.)

(and with other issues they could but the responsible team just doesnt
care. shame on them)

Greets,
Marc

--
Marc Heuse
www.mh-sec.de

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave