[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8f1f7b60608271920o624159eblc5daf7f123c21add@mail.gmail.com>
Date: Sun, 27 Aug 2006 22:20:54 -0400
From: "Peter Dawson" <slash.pd@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Vista's IPv6: Dangerous Information
Leak?
V6 tunnel over V4 should be ok. I really dont see only UDP *ONLY* packets
at the stack level. TCP/IP is enabled too within vista.
http://www.microsoft.com/technet/community/columns/cableguy/cg1005.mspx#ESG
/pd
On 8/27/06, TJ <trejrco@...il.com> wrote:
>
> Yes, Teredo is a concern - both for Vista (V6 enabled by default) and for
> those who have enabled V6 in WinXP (takes one command) ... or for those who
> have installed a 'nix Teredo client. All predicated on Teredo servers +
> eelays being available, of course.
>
> And, for the enterprise / managed env. - easily blockable if you try, even
> assuming you aren't following a default deny policy :).
>
> (BTW - blocking IP prot41 tunnels is also recommended, unless you mean to
> let them out!)
>
>
> /TJ (mobile)
> PS - there is atleast one other UDP-encapsulating 'transition mechanism'
> as well ... thinking specifically of TSP.
>
> -----Original Message-----
> From: "Hadmut Danisch" <hadmut@...isch.de>
> To: full-disclosure@...ts.grok.org.uk
> Sent: 08/27/06 06:32
> Subject: [Full-disclosure] Microsoft Vista's IPv6: Dangerous
> Information Leak?
>
> Hi,
>
> I haven't been using a Microsoft Windows Vista so far, just read some
> announcements and white papers. However, it appears to me at a first
> glance, as if it had a significat information leak.
>
> Microsoft introduced a new IPv6 over IPv4 tunneling mechanism called
> Teredo. (See e.g. RFC 4380). It is somehow similar to 6to4, but the
> differences are:
>
>
>
> - IPv6 packages are wrapped in UDP
>
> - Thus, they run more easily through Firewalls and NAT devices
>
> - You can do it with RFC1918 addresses
>
> - In contrast to 6to4 it is intended to be used host-to-host.
>
> While 6to4 is something you would run on your outermost router
> (the one with an official IPv4 address) and provide plain IPv6 to
> your internal network (then you know what your're doing, you
> actively have to configure it), Teredo is designed to run
> automatically on the local host. So every desktop machine becomes a
> tunneling client.
>
>
>
>
> As announced by Microsoft, Teredo is activated by default. Windows
> Vista will allways prefer IPv6 to IPv4 where possible. So most
> Vista users, especially common users with network experience, would
> not even realize that they are using IPv6.
>
> Most network and security devices, and network admins will not realize
> this either, since they see only plain IPv4 UDP packets. I haven't
> seen any firewall so far able to unpack Teredo packets.
>
>
> So the implications can be severe. As far as I can see at the moment:
>
> - You are using IPv6 without realizing or enabling it.
>
> - You are running it from your desktop machine.
>
> - You are thus opening a tunnel through your NAT/Firewall device
> passing _all_ kind of traffice unfiltered through, no logging.
>
> - Many connections (i.e. Teredo-Teredo and Teredo-IPv6) will be routed
> over a central Teredo server or relay, which is "helping" in the
> configuration of the Teredo client and routing Teredo packets to
> other Teredo clients or plain IPv6.
>
> So these servers (and thus network devices and IP providers close to
> the servers) can easily wiretap your traffic.
>
> - I guess that every Vista client will try to register at a Teredo
> server, so the server will/can generate an almost complete list of
> all clients.
>
>
>
> Can anyone experienced with Windows Vista comment on? Am I correct or
> did I overlook anything? (Did not have a running Vista yet...)
>
>
> regards
> Hadmut
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
http://peterdawson.typepad.com
PeterDawson Home of ThoughtFlickr's
"This message is printed on Recycled Electrons."
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists