[ipv6hackers] IPv6 security presentation at Hack.lu 2011

Marc Heuse mh at mh-sec.de
Tue Sep 27 10:06:52 CEST 2011

Am 27.09.2011 03:28, schrieb Owen DeLong:
> I will point out that NDP spoofing is no worse than ARP spoofing in IPv4,
> so, I'm not sure how you can say that it is not an equivalent level of first
> hop security.

comparing ARP with NA/NS - you are right.
But the RA are makeing the difference.

in IPv4 the router is configured by hand or comes from DHCP.
in IPv6 they can be configured by hand, but otherwise *must* come by RA,
as there is still no DHCP option for routes/routers.
You could argue that you can do DHCP spoofing too, yes, but only when a
device is asking for a new address or if you achieve the a little bit
more difficult part of sabotaging the renewing of a lease.
But with RA, an attacker can do that to all times to all systems.
And if autoconfiguration is active, you can configure DNS servers and
new routes at anytime to anybody too.

And that changes the threat level. As NDP consists of NS/NA and RS/RA,
the security is not equivalent. It would only be if you configure routes
manually on both IPv4 and IPV6.


Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726

Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin

Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the Ipv6hackers mailing list