| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54824.1232383700@turing-police.cc.vt.edu>
Date: Mon, 19 Jan 2009 11:48:20 -0500
From: Valdis.Kletnieks@...edu
To: "Lukas Th. Hey" <hey@...r.nl>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Exploitation of unused IPv6-capabilities
On Sun, 18 Jan 2009 22:17:44 +0100, "Lukas Th. Hey" said:
> Attack: Have an IPv6 tunnel with appropriate prefix delegated.
> Configure your machine to propagate the prefix and
> switch on IPv6 routing.
Yes, that attack unfortunately often works quite well. It's been known
about for quite some time though. Read section 7 of RFC5006, which
specifically mentions rogue RAs for redirection. It also adds:
Also, an attacker could configure a host to send out
an RA with a fraudulent RDNSS address, which is presumably an easier
avenue of attack than becoming a rogue router and having to process
all traffic for the subnet. It is necessary to disable the RA RDNSS
option in both routers and clients administratively to avoid this
problem. All of this can be done independently of implementing ND.
And having a rogue RA has been a known issue since at least 2004:
http://www.atm.tut.fi/list-archive/ipng/msg13311.html
(Probably further back, but I'll let somebody else chase down the
first citation)
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists