[ipv6hackers] RFC 6324: Routing Loop Attack Using IPv6 Automatic Tunnels

[Fernando Gont]

On 08/25/2011 02:20 AM, Robert Larsen wrote:
> Hmm... not really -- I was more interested if this had come from some
> kind of real-world exploit or whether it was something that had only
> been worked on in a lab.  Thanks for the offer, though!

My take is that this came mostly from a lab (which does not mean that
these vulnerabilities have never been exploited in the wild).

I had reviewed an earlier version of this document (a while ago), but
have not read the latest version of the document (the RFC version).

Some comments:

* The version I have reviewed described a potential vulnerability in
which Teredo was allegedly used to provide connectivity to a number of
hosts on a local network. This was incorrect, since Teredo is mean to
provide connectivity to s single host -- hence this couldn't have come
up "from the wild"

* Miredo (a free implementation of Teredo) patched their implementation
a while ago (with something along the lines of
http://tools.ietf.org/id/draft-gont-6man-teredo-loops-00.txt) --
probably in response to the paper originally published by Nakibly et al
(and not sure if before that paper got published in the corresponding
conference proceedings).

The above means that of the possible real scenarios in which the
aforementioned vulnerabilities could be exploited, at least Miredo
mitigated this issue probably before it was publicly released.

Regarding *Microsoft's* Teredo implementation, I don't know whether it
was vulnerable at some point (it probably was), or whether Microsoft
implementation of the Teredo *relay* is widely deployed.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
web: http://www.si6networks.com