[ipv6hackers] IPv6 security presentation at Hack.lu 2011

Marc Heuse mh at mh-sec.de
Sun Sep 25 15:21:00 CEST 2011

Am 25.09.2011 14:57, schrieb sthaug at nethelp.no:
>>>> If you don't validate RA's, then an attacker would simply spoof RA's,
>>>> and would have all packets forwarded to him, thus defeating any
>>>> protection that could have been provided with the CGAs.
>>> Unless you use RA Guard instead.
>> and in the current state of RA implementations and IPv6 implementation
>> into the OSes, RA guard can easily be bypassed.
> Can you be more detailed about how? Are you, for instance, thinking
> of using multiple IPv6 extension headers to bypass checking?

I documented that some months ago on a different mailing list, this one
did not exist back then:


(and as I can see from the message thread - you even replied to it ;-) )


Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726

Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin

Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list