lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4DE61B2A.9080007@mh-sec.de>
Date: Wed, 01 Jun 2011 12:57:46 +0200
From: Marc Heuse <mh@...sec.de>
To: Fernando Gont <fernando@...t.com.ar>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Ra-Guard evasion (new Internet-Drafts)

Hi Fernando,

to quote from your drafts:

> As part of the project "Security Assessment of the Internet Protocol
> version 6 (IPv6)" [CPNI-IPv6], we devised a number of techniques for
> circumventing the RA-Guard protection, which are described in the
> following sections of this document.  These techniques, and the
> corresponding tools to assess their effectiveness, had so far been
> made available only to vendors, in the hopes that they could
> implement counter-measures before they were publicly disclosed.
> However, since there has been some public discussion about these
> issues, it was deemed as appropiate to publish the present document.

this surprised me for two things.

First: Cisco was not aware. So you tell you discovered this issue as
well and you informed vendors, but the only vendor who really has RA
support so far is Cisco, and they did not know. I informed them.
So I recommend that you don't keep your findings to your group but
actively inform the vendors about that, and that not via an Internet draft.

Second: it is always a race who is credited as the finder of an issue.
As anybody can claim he had the vulnerability in his drawers for years,
only the person who publishes it gets the credit, so sorry :-)
I had my attack tool since beginning of January :-) - which is pretty
sure before your group discovered that, and I published first :-)

that being said I have started to inform vendors of two new IPv6
vulnerability types now, and nobody has told them about these before either.

But nontheless - good work, good draft proposals, thats the way to go
with the issue.

Greets,
Marc

> I've just published two new IETF Internet-Drafts, that document the
> problem of RA-Guard evasion, and propose mitigations.
> 
> They are two Internet-Drafts:
> 
> * "IPv6 Router Advertisement Guard (RA-Guard) Evasion", available at:
> http://tools.ietf.org/id/draft-gont-v6ops-ra-guard-evasion-00.txt
> 
> * "Security Implications of the Use of IPv6 Extension Headers with IPv6
> Neighbor Discovery", available at:
> http://tools.ietf.org/id/draft-gont-6man-nd-extension-headers-00.txt
> 
> The motivation for publishing these documents now (and not earlier or
> later) is discussed in the first I-D. ;-)
> 
> Any comments on these documents will be more than welcome.

--
Marc Heuse
www.mh-sec.de

Marc Heuse - IT-Security Consulting

Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ