[ipv6hackers] "Stick to limited IPv6 deployments, businesses warned"

Marc Heuse mh at mh-sec.de
Fri Aug 24 23:39:41 CEST 2012


>>> And for the record: Windows 7 with all currennt updates applied
>>> is still vulnerable to RA flooding, just tried last week.
>>
>> This sucks - I will do what I can to apply pressure for a solution.
> 
> Let's keep this in perspective too. To get an RA to a host you have to
> be on the local link. There may be ways to remotely inject rogue RAs,
> but I suspect that takes a lot of effort. And the panoply of attacks
> possible if rogue RAs can be remotely injected or a link local host is
> compromised go way beyond this one.

well, you make the usage of the machine impossible. only a hard shutdown
can be done.
in a "normal" untrusted environment, an attacker can sniff on network
traffic or denial network traffic. but preventing that you can use your
machine is an issue. and having a personal firewall does not protect you.

so how can the average user joe defend himself? he can't, because he
does not know what hits him, and if he knew, he would not know how to
disable/prevent it.

remote injecting should not be possible, unless your have some very bad
tunnel implementation.

> In short, how likely is this particular problem, RA flooding, to
> actually be a problem in practice?

as long as you stay in your home or office, the chance should be pretty
small.
when you go to a conference, the chance rises, and if its a security
conference, it gets pretty high ... its the mobile user who is at risk.

at universities it happens too, gee even when I was at the university 15
years ago we played such DOS games (without ipv6 though) but it can
happen in a lot of other areas as well. airport wlans, hotel wlans ... I
have seen them misconfigured so you could talk ipv6 (even link local) to
other wlan machines where ipv4 was filtered.

Greets,
Marc

--
Marc Heuse
www.mh-sec.de

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A



More information about the Ipv6hackers mailing list