[ipv6hackers] IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"

Owen DeLong owend at he.net
Tue Sep 4 19:33:40 CEST 2012

Have you tested any of this, or is it just conjecture of possibilities?

I would expect a VPN with split tunneling disabled to not allow this.


On Sep 4, 2012, at 07:48 , Fernando Gont <fgont at si6networks.com> wrote:

> Folks,
> draft-gont-opsec-ipv6-implications-on-ipv4-nets has been adopted as an
> IETF opsec wg item (please see:
> <http://tools.ietf.org/html/draft-ietf-opsec-ipv6-implications-on-ipv4-nets>)
> I was thinking about discussing the following scenario, that I came up
> with a few days ago:
> A dual-stacked user (v6 enabled by default) "visits" an IPv4-only
> network, and establish his VPN with his office (for "mitigating"
> sniffing attacks, etc.).
> A local attacker sends forged ICMPv6 RAs, thus triggering IPv6
> configuration at the victim nodes.
> If any of the remote nodes the victim is trying to "visit" is
> IPv6-enabled, then it's possible/likely that the IPv6 destination
> address will be used over the IPv4 one. in which case the victim will
> send his traffic on the local network, as opposed to "through the VPN".
> Assuming the VPN product does not disable local v6 support, and that the
> VPN does not provide IPv6 connectivity (*), this attack vector could
> prove to be an interesting one ("unexpected", to some extent).
> (*) even then, this attack might still work.
> Thoughts?
> P.S.: Comments on the current version of the aforementioned
> Internet-Draft will be welcome, too.
> Thanks!
> Best regards,
> -- 
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

More information about the Ipv6hackers mailing list