[ipv6hackers] Attacking Microsoft DirectAccess and Transition Technologies (6to4/Teredo)

Enno Rey erey at ernw.de
Thu Aug 29 07:00:29 CEST 2013


Hi,

sorry, Jim, no direct answer to your question (btw: pity, you couldn't be in Berlin at IETF 87), but I'd like to somewhat rephrase the question: is there any use of MS DirectAccess in organizations at all?
In dead earnest: I've yet to see any enterprise environment (or any at all) using it. I'm still considering MS DA as a kind-of chimera. Can anybody share any practical experience, war stories, anecdotes, whatever of practical use of MS DA out there? [yes, I'm aware of the presentation at the Heise Kongress 2010/2011].

thanks

Enno

On Thu, Aug 29, 2013 at 03:25:53AM +0000, Jim Small wrote:
> Wondering if anyone has done penetration testing on an older Windows 2008 R2 Server setup for DirectAccess with all the transition technologies on (6to4/Teredo/ISATAP) with no hardening.  My thought is you might be able to gain some internal access/reconnaissance via a Teredo/Miredo client or leveraging 6to4/Teredo weaknesses.  I think DA by itself is pretty solid (open to hear otherwise though), but the transition technologies have issues if not locked down.  I think some people setting up DA don't understand IPv6 or the transition technologies and are blindly following a point and click guide.  ISATAP may also be deployed internally if NAT64 wasn't setup -or- UAG may also be present acting as a NAT64 gateway potentially even providing internal IPv4 access.  I'm not sure how strict the default policy firewall policy is.  Thus these types of setups could be interesting to a penetration tester.
> 
> Any comments welcome,
>   --Jim
> 
> 
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

Troopers 2013 Videos online: http://www.youtube.com/user/TROOPERScon?feature=watch

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
=======================================================



More information about the Ipv6hackers mailing list