[ipv6hackers] IPv6 implications on IPv4 nets: IPv6 RAs, IPv4, and VPN "evasion"

The Fungi fungi at yuggoth.org
Tue Sep 4 23:15:24 CEST 2012


On 2012-09-04 22:09:14 +0200 (+0200), Gert Doering wrote:
> Yeah, but that's sort of missing the point. "The big names" in VPN
> client software used to provide stuff that administrators
> configure for "full tunneling", and the software did so - for IPv4
> only, leaving IPv6 completely alone.
[...]

My reply was focused more on the LAN attacks (route injection via
rogue RA) and Marc's comment that "...the VPN software versions
[he'd] seen prevent you from using any other IP connections..." I
agree that a VPN which advertises full-tunneling but does so
entirely for v4 while completely ignoring v6 connectivity on a
dual-stacked client is a gaping security hole. I'm also unsurprised
that at least some major vendors don't consider this a problem.
-- 
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fungi at yuggoth.org); FINGER(fungi at yuggoth.org);
MUD(kinrui at katarsis.mudpy.org:6669); IRC(fungi at irc.yuggoth.org#ccl); }



More information about the Ipv6hackers mailing list