Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability

[Sebastian Krahmer <krahmer () suse de>]

On Tue, Apr 05, 2011 at 09:32:01AM +0200, Marc Heuse wrote:
> Am 04.04.2011 17:34, schrieb Adam Behnke:
> > Hi Daily Davers.
> >
> > InfoSec Institute security researcher Alec Waters has just released a
> > new article on SLAAC Attacks. The basic premise is to use the default
> > network configuration found on all Windows 7 (as well as Server 2008,
> > Vista) installations to intercept and hijack all network traffic
> > without any user knowledge or interaction.
>
> sorry but that is no news and already has a long beard.
> the basics of this attack have been around for many years and once there
> is an ietf draft about it you know you have to move on
> (http://tools.ietf.org/html/draft-chown-v6ops-rogue-ra-02)
>
> I mentioned this attack and many others in my various IPv6 talks at CSW
> and CCC (e.g. http://www.youtube.com/watch?v=c7hq2q4jQYw), but even
> before that Sebastian Krahmer pointed out the issue that IPv6 is
> prefered over IPv4 if a target systems seems to be available can be
> exploited.

Indeed, but I want to make clear that I am not the "inventor"
of this attack. I just digged into glibc to see in which way
clients would need to use sockets and the resolver
for the attack to succeed, after disucssing these issues privately
with someone else. And yes, there are RFCs for secure ND with reason. :)

my 2 euro ct's
Sebastian

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave