[ipv6hackers] IPv6 security presentation at Hack.lu 2011

sthaug at nethelp.no sthaug at nethelp.no
Sun Sep 25 14:57:51 CEST 2011


> >> If you don't validate RA's, then an attacker would simply spoof RA's,
> >> and would have all packets forwarded to him, thus defeating any
> >> protection that could have been provided with the CGAs.
> >>
> > 
> > Unless you use RA Guard instead.
> 
> and in the current state of RA implementations and IPv6 implementation
> into the OSes, RA guard can easily be bypassed.

Can you be more detailed about how? Are you, for instance, thinking
of using multiple IPv6 extension headers to bypass checking?

Steinar Haug, Nethelp consulting, sthaug at nethelp.no



More information about the Ipv6hackers mailing list