[ipv6hackers] Local-link traffic injection through tunneling ?

[ZAMANI Omar]

Hello everyone !

 

I'm looking at the various attacks possible against an IPv6 enabled enterprise network and in particular attacks that can be launched from outside the network.

 

As far as I know, IPv6 well-known attacks rely on NDP which are mostly Local-link attacks  (except NDP exhaustion if my memories are correct).

 

What I was wondering is : by establishing a tunnel from outside the network to an internal IPv6 node, is it possible to target that node with NDP local-link attacks from outside the network ? In other words and more generally, does the tunnel act as a link-layer in that case ? If so, do the attacker's machine, the target node and the other nodes that share it local-link become all part of the same link when a such tunnel is established ?

 

Also, just to be clear about it, if a such tunnel is established with an internal router, local-link encapsulated traffic won't be emitted on the network because routers are not supposed to do so am I right ?

 

Thanks for your answers and please excuse my bad English.

 

Have a nice day.

 

Omar ZAMANI
Consultant
Fixe : +33 (0)1 49 03 24 91
omar.zamani at solucom.fr <mailto:omar.zamani at solucom.fr> 
solucom
Tour Franklin : 100 - 101 terrasse Boieldieu 
92042 Paris La Défense Cedex