[ipv6hackers] "Stick to limited IPv6 deployments, businesses warned"
jim.small at cdw.com
Fri Aug 24 05:59:45 CEST 2012
> >> The fake router RA vulnerabilities are well known and relatively well
> >> understood. Vendors are working on it and most have reasonable
> >> initial solutions with progress being made towards more complete
> >> solutions.
> > This is not the message that I got the last time I talk with some
> > well-known desktop os vendor.
> If you managed to find an OS vendor that is asleep at the switch, good for
> you got an opportunity to educate someone. Nonetheless, the data has
> well published and I know most of the switch/router vendors either have
> code to (mostly) solve the problem or are working on it as we speak.
> >> However, I do not see this as being any worse in most
> >> cases than a rogue DHCP server which is a vulnerability in IPv4 that
> >> has not been fixed even to this day.
> > My understanding is that you cannot crash a host with forged DHCP
> > responses, but that you *can* do taht with forged RAs.
> I'm not sure I buy either one of those assertions.
Hi Owen - actually you can. See here:
As far as I know, there is no equivalent vulnerability in IPv4. I wholeheartedly agree with Marc that this is unacceptable. Microsoft's position is untenable. I really hope this is fixed in 8/2012. Until Marc brought it up I just assumed this had been fixed. I'm a little stunned that it's gone on this long.
More information about the Ipv6hackers