[ipv6hackers] IPv6 security presentation at Hack.lu 2011
Marc Heuse
mh at mh-sec.de
Sun Sep 25 15:21:00 CEST 2011
Am 25.09.2011 14:57, schrieb sthaug at nethelp.no:
>>>> If you don't validate RA's, then an attacker would simply spoof RA's,
>>>> and would have all packets forwarded to him, thus defeating any
>>>> protection that could have been provided with the CGAs.
>>>>
>>>
>>> Unless you use RA Guard instead.
>>
>> and in the current state of RA implementations and IPv6 implementation
>> into the OSes, RA guard can easily be bypassed.
>
> Can you be more detailed about how? Are you, for instance, thinking
> of using multiple IPv6 extension headers to bypass checking?
I documented that some months ago on a different mailing list, this one
did not exist back then:
http://www.gossamer-threads.com/lists/nsp/ipv6/29766
(and as I can see from the message thread - you even replied to it ;-) )
Greets,
Marc
--
Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726
www.mh-sec.de
Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin
Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers
mailing list