Dailydave mailing list archives
Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 6 Apr 2011 11:45:36 +0200
On Tue, Apr 05, 2011 at 09:32:01AM +0200, Marc Heuse wrote:
Am 04.04.2011 17:34, schrieb Adam Behnke:Hi Daily Davers. InfoSec Institute security researcher Alec Waters has just released a new article on SLAAC Attacks. The basic premise is to use the default network configuration found on all Windows 7 (as well as Server 2008, Vista) installations to intercept and hijack all network traffic without any user knowledge or interaction.sorry but that is no news and already has a long beard. the basics of this attack have been around for many years and once there is an ietf draft about it you know you have to move on (http://tools.ietf.org/html/draft-chown-v6ops-rogue-ra-02) I mentioned this attack and many others in my various IPv6 talks at CSW and CCC (e.g. http://www.youtube.com/watch?v=c7hq2q4jQYw), but even before that Sebastian Krahmer pointed out the issue that IPv6 is prefered over IPv4 if a target systems seems to be available can be exploited.
Indeed, but I want to make clear that I am not the "inventor" of this attack. I just digged into glibc to see in which way clients would need to use sockets and the resolver for the attack to succeed, after disucssing these issues privately with someone else. And yes, there are RFCs for secure ND with reason. :) my 2 euro ct's Sebastian -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Marc Heuse (Apr 05)
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Adam Behnke (Apr 06)
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Sebastian Krahmer (Apr 06)