lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <50462314.5000700@si6networks.com>
Date: Tue, 04 Sep 2012 12:49:40 -0300
From: Fernando Gont <fgont@...networks.com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: IPv6 implications on IPv4 nets: IPv6 RAs, IPv4,
	and VPN "evasion"

Folks,

draft-gont-opsec-ipv6-implications-on-ipv4-nets has been adopted as an
IETF opsec wg item (please see:
<http://tools.ietf.org/html/draft-ietf-opsec-ipv6-implications-on-ipv4-nets>)

I was thinking about discussing the following scenario, that I came up
with a few days ago:

A dual-stacked user (v6 enabled by default) "visits" an IPv4-only
network, and establish his VPN with his office (for "mitigating"
sniffing attacks, etc.).

A local attacker sends forged ICMPv6 RAs, thus triggering IPv6
configuration at the victim nodes.

If any of the remote nodes the victim is trying to "visit" is
IPv6-enabled, then it's possible/likely that the IPv6 destination
address will be used over the IPv4 one. in which case the victim will
send his traffic on the local network, as opposed to "through the VPN".

Assuming the VPN product does not disable local v6 support, and that the
VPN does not provide IPv6 connectivity (*), this attack vector could
prove to be an interesting one ("unexpected", to some extent).

(*) even then, this attack might still work.

Thoughts?

P.S.: Comments on the current version of the aforementioned
Internet-Draft will be welcome, too.

And yeah, our Twitter is @SI6Networks...

Thanks!

Best regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@...networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ