[ipv6hackers] IPv6 security presentation at Hack.lu 2011
mh at mh-sec.de
Sun Sep 25 15:21:00 CEST 2011
Am 25.09.2011 14:57, schrieb sthaug at nethelp.no:
>>>> If you don't validate RA's, then an attacker would simply spoof RA's,
>>>> and would have all packets forwarded to him, thus defeating any
>>>> protection that could have been provided with the CGAs.
>>> Unless you use RA Guard instead.
>> and in the current state of RA implementations and IPv6 implementation
>> into the OSes, RA guard can easily be bypassed.
> Can you be more detailed about how? Are you, for instance, thinking
> of using multiple IPv6 extension headers to bypass checking?
I documented that some months ago on a different mailing list, this one
did not exist back then:
(and as I can see from the message thread - you even replied to it ;-) )
Mobil: +49 177 9611560
Fax: +49 30 37309726
Marc Heuse - IT-Security Consulting
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers