[ipv6hackers] Attacking Microsoft DirectAccess and Transition Technologies (6to4/Teredo)

Jim Small jim.small at cdw.com
Thu Aug 29 05:25:53 CEST 2013


Wondering if anyone has done penetration testing on an older Windows 2008 R2 Server setup for DirectAccess with all the transition technologies on (6to4/Teredo/ISATAP) with no hardening.  My thought is you might be able to gain some internal access/reconnaissance via a Teredo/Miredo client or leveraging 6to4/Teredo weaknesses.  I think DA by itself is pretty solid (open to hear otherwise though), but the transition technologies have issues if not locked down.  I think some people setting up DA don't understand IPv6 or the transition technologies and are blindly following a point and click guide.  ISATAP may also be deployed internally if NAT64 wasn't setup -or- UAG may also be present acting as a NAT64 gateway potentially even providing internal IPv4 access.  I'm not sure how strict the default policy firewall policy is.  Thus these types of setups could be interesting to a penetration tester.

Any comments welcome,
  --Jim





More information about the Ipv6hackers mailing list