Full Disclosure mailing list archives
Re: Exploitation of unused IPv6-capabilities
From: "TJ" <trejrco () gmail com>
Date: Sun, 25 Jan 2009 07:51:36 -0500
Indeed, that is one of the reasons a feature like "RA Guard" is sorely needed ... http://tools.ietf.org/html/draft-ietf-v6ops-ra-guard-01 /TJ
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure- bounces () lists grok org uk] On Behalf Of Valdis.Kletnieks () vt edu Sent: Monday, January 19, 2009 11:48 AM To: Lukas Th. Hey Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Exploitation of unused IPv6-capabilities On Sun, 18 Jan 2009 22:17:44 +0100, "Lukas Th. Hey" said:Attack: Have an IPv6 tunnel with appropriate prefix
delegated.
Configure your machine to propagate the prefix and switch on IPv6 routing.Yes, that attack unfortunately often works quite well. It's been known about for quite some time though. Read section 7 of RFC5006, which specifically mentions rogue RAs for redirection. It also adds: Also, an attacker could configure a host to send out an RA with a fraudulent RDNSS address, which is presumably an easier avenue of attack than becoming a rogue router and having to process all traffic for the subnet. It is necessary to disable the RA RDNSS option in both routers and clients administratively to avoid this problem. All of this can be done independently of implementing ND. And having a rogue RA has been a known issue since at least 2004: http://www.atm.tut.fi/list-archive/ipng/msg13311.html (Probably further back, but I'll let somebody else chase down the first citation)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Exploitation of unused IPv6-capabilities Lukas Th. Hey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities A . L . M . Buxey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities Lukas Th. Hey (Jan 18)
- Re: Exploitation of unused IPv6-capabilities Valdis . Kletnieks (Jan 19)
- Re: Exploitation of unused IPv6-capabilities TJ (Jan 25)
- Re: Exploitation of unused IPv6-capabilities Sebastian Krahmer (Jan 20)
- Re: Exploitation of unused IPv6-capabilities Florian Weimer (Jan 20)
- Re: Exploitation of unused IPv6-capabilities A . L . M . Buxey (Jan 18)