[ipv6hackers] Local-link traffic injection through tunneling ?

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Wed Jul 17 23:42:05 CEST 2013


Hi Omar,


----- Original Message -----
> From: ZAMANI Omar <Omar.ZAMANI at solucom.fr>
> To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
> Cc: 
> Sent: Tuesday, 16 July 2013 6:09 PM
> Subject: Re: [ipv6hackers] Local-link traffic injection through tunneling ?
> 
>T hanks for your replies.
> 
> In fact that's what I wanted to know : whether the targeted node would 
> bridge the two links or not but as you both mentioned it depends on the 
> node's configuration and on what the attacker would do with it after he has 
> it compromised. And I think that there is little chance that nodes such as desk 
> computers would be by default configured to bridge their interfaces.
> 

Furthermore, the sort of bridging you'd be talking about is translational bridging, meaning translating between one layer 2 encapsulation to another. In this case, the layer 2 translation would be occurring between the underlying tunnel encapsulation (IPv4 or IPv6) and most likely ethernet. layer 2 bridging is supposed to be layer 3 agnostic, which makes translational bridging harder because it has to attempt to accurately translate between the functions of one layer 2 and another. Having the bridge being "layer 3 aware" could make that easier, as now what is occurring is closer to what a two interface router would be doing with the traffic. One of the main differences is flooding of multicasts/broadcasts from one interface to another, where as a router normally doesn't do that.

This is mostly theory, I'm not aware of any implementations of layer 3 aware translational bridges between tunnels and ethernet. They may exist, but I don't think they're common, so I'd think the risk of the threat you're asking about would be quite low.

Regards,
Mark.

> Regards,
> 
> Omar ZAMANI
> Consultant
> Fixe : +33 (0)1 49 03 24 91
> omar.zamani at solucom.fr
> solucom
> Tour Franklin : 100 - 101 terrasse Boieldieu 92042 Paris La Défense Cedex
> 
> -----Message d'origine-----
> De : ipv6hackers-bounces at lists.si6networks.com 
> [mailto:ipv6hackers-bounces at lists.si6networks.com] De la part de Mark ZZZ Smith
> Envoyé : lundi 15 juillet 2013 22:41
> À : IPv6 Hackers Mailing List
> Objet : Re: [ipv6hackers] Local-link traffic injection through tunneling ?
> 
> 
> 
> 
> 
> ----- Original Message -----
>>  From: S.P.Zeidler <spz at serpens.de>
>>  To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
>>  Cc: 
>>  Sent: Tuesday, 16 July 2013 2:28 AM
>>  Subject: Re: [ipv6hackers] Local-link traffic injection through tunneling ?
>> 
>> T hus wrote Mark ZZZ Smith (markzzzsmith at yahoo.com.au):
>> 
>>>   > From: ZAMANI Omar <Omar.ZAMANI at solucom.fr>
>>  [...]
>>>   > If so, do the attacker's machine,  > the target node and 
> the other 
>>>  nodes that share it local-link become
>>  all part of
>>>   > the same link when a such tunnel is established ?
>>>   >
>>> 
>>>   Yes.
>> 
>>  I think you want to say "no" for "other nodes", unless 
> you have a 
>>  tunnel where more than two nodes are on-link.
>>  
> 
> I though Omar was only asking about nodes that were part of the tunnel.
> 
> What Omar might have been asking about was "automatic" bridging of 
> non-tunnel nodes onto the same link as the tunnel nodes. That would make them 
> part of the same link-local zone, but the bridging would have to be manually 
> configured by the attack target.
> 
>>  nit-picking regards,
>>      spz
>>  --
>>  spz at serpens.de (S.P.Zeidler)
>>  _______________________________________________
>>  Ipv6hackers mailing list
>>  Ipv6hackers at lists.si6networks.com
>>  http://lists.si6networks.com/listinfo/ipv6hackers
>> 
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
> 



More information about the Ipv6hackers mailing list