full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Exploitation of unused

Re: [Full-disclosure] Exploitation of unused IPv6-capabilities

From: <Valdis.Kletnieks_at_nospam>
Date: Mon Jan 19 2009 - 16:48:20 GMT
To: "Lukas Th. Hey" <hey@cmkr.nl>


On Sun, 18 Jan 2009 22:17:44 +0100, "Lukas Th. Hey" said: > Attack: Have an IPv6 tunnel with appropriate prefix delegated.
> Configure your machine to propagate the prefix and
> switch on IPv6 routing.
Yes, that attack unfortunately often works quite well. It's been known about for quite some time though. Read section 7 of RFC5006, which specifically mentions rogue RAs for redirection. It also adds:

          Also, an attacker could configure a host to send out    an RA with a fraudulent RDNSS address, which is presumably an easier    avenue of attack than becoming a rogue router and having to process    all traffic for the subnet. It is necessary to disable the RA RDNSS    option in both routers and clients administratively to avoid this    problem. All of this can be done independently of implementing ND.

And having a rogue RA has been a known issue since at least 2004:

http://www.atm.tut.fi/list-archive/ipng/msg13311.html

(Probably further back, but I'll let somebody else chase down the first citation)



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/