[ipv6hackers] RA flood on Windows 8

Eric Vyncke (evyncke) evyncke at cisco.com
Mon Sep 17 12:23:58 CEST 2012


I would rather call it 'passing the hot potato' to switch vendors to build more than 'plain' RA-guard, i.e., filtering not only on the source (port/address) but also the content to only let the right prefixes to be announced...

Just a cynical guess to be honest ;-)

-éric


> -----Original Message-----
> From: ipv6hackers-bounces at lists.si6networks.com [mailto:ipv6hackers-
> bounces at lists.si6networks.com] On Behalf Of Joe Klein
> Sent: samedi 15 septembre 2012 21:06
> To: IPv6 Hackers Mailing List
> Subject: Re: [ipv6hackers] RA flood on Windows 8
> 
> I get the same message no matter if I am discussing the RA flood DoS, Teredo
> problems, host based firewall limitations, application proxy used in front of
> windows 2003 applications, Security ND, and others. Considering they were
> attempting to recruitment me recently, not with the promise I could improved
> security for their products, but that I would be 'protecting the image of
> micro$oft"
> 
> The quote I keep hearing from the Micro$oft people about IPv6 is, "Any
> changes required to IPv6 will force us to make major changes to many other
> applications. At this time we do not have the programers and the funding to
> fix it"
> 
> On the upside, more capabilities for my penetration testing tool kit - "Thank
> you Microsoft"
> 
> Joe Klein
> 
> Definition: Microsoft - The malware you pay for.
> 
> 
> 
> On Sat, Sep 15, 2012 at 10:00 AM, Fernando Gont <fgont at si6networks.com>wrote:
> 
> > HI, Tomas,
> >
> > On 09/15/2012 09:28 AM, Tomas Podermanski wrote:
> > >     it is unbelievable, but final version of Windows 8 are still
> > > vulnerable with RA flood DoS. Doe everyone believe that Microsoft
> > > will ever fix the issue?
> >
> > My take is that their current plan is that they will NOT fix it?
> >
> > secure at microsoft.com is not the most competent security team I have
> > spoken to (to put it in a polite way).
> >
> >
> > > Tested on "W8 pro" released for enterprise customers. The video with
> > > demonstration is available on
> > > http://ipv6.vutbr.cz/article/ipv6-ra-flood-dos-attack-in-windows-8/.
> >
> > They essentially fail to enforce limit on any structures.
> >
> > So there are a number of data structures that you can target: e.g. the
> > routing table, table of default routers, etc.
> >
> > For testing the former, just use the ra6 from the SI6 ipv6 toolkit
> > (http://www.si6networks.com/tools) with the "--flood-prefixes" option
> > -- IIRC, there's even an example in the corresponding manual page.
> >
> > Cheers,
> > --
> > Fernando Gont
> > SI6 Networks
> > e-mail: fgont at si6networks.com
> > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> >
> >
> >
> >
> > _______________________________________________
> > Ipv6hackers mailing list
> > Ipv6hackers at lists.si6networks.com
> > http://lists.si6networks.com/listinfo/ipv6hackers
> >
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers



More information about the Ipv6hackers mailing list