[ipv6hackers] Local-link traffic injection through tunneling ?
Mark ZZZ Smith
markzzzsmith at yahoo.com.au
Wed Jul 17 23:42:05 CEST 2013
Hi Omar,
----- Original Message -----
> From: ZAMANI Omar <Omar.ZAMANI at solucom.fr>
> To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
> Cc:
> Sent: Tuesday, 16 July 2013 6:09 PM
> Subject: Re: [ipv6hackers] Local-link traffic injection through tunneling ?
>
>T hanks for your replies.
>
> In fact that's what I wanted to know : whether the targeted node would
> bridge the two links or not but as you both mentioned it depends on the
> node's configuration and on what the attacker would do with it after he has
> it compromised. And I think that there is little chance that nodes such as desk
> computers would be by default configured to bridge their interfaces.
>
Furthermore, the sort of bridging you'd be talking about is translational bridging, meaning translating between one layer 2 encapsulation to another. In this case, the layer 2 translation would be occurring between the underlying tunnel encapsulation (IPv4 or IPv6) and most likely ethernet. layer 2 bridging is supposed to be layer 3 agnostic, which makes translational bridging harder because it has to attempt to accurately translate between the functions of one layer 2 and another. Having the bridge being "layer 3 aware" could make that easier, as now what is occurring is closer to what a two interface router would be doing with the traffic. One of the main differences is flooding of multicasts/broadcasts from one interface to another, where as a router normally doesn't do that.
This is mostly theory, I'm not aware of any implementations of layer 3 aware translational bridges between tunnels and ethernet. They may exist, but I don't think they're common, so I'd think the risk of the threat you're asking about would be quite low.
Regards,
Mark.
> Regards,
>
> Omar ZAMANI
> Consultant
> Fixe : +33 (0)1 49 03 24 91
> omar.zamani at solucom.fr
> solucom
> Tour Franklin : 100 - 101 terrasse Boieldieu 92042 Paris La Défense Cedex
>
> -----Message d'origine-----
> De : ipv6hackers-bounces at lists.si6networks.com
> [mailto:ipv6hackers-bounces at lists.si6networks.com] De la part de Mark ZZZ Smith
> Envoyé : lundi 15 juillet 2013 22:41
> À : IPv6 Hackers Mailing List
> Objet : Re: [ipv6hackers] Local-link traffic injection through tunneling ?
>
>
>
>
>
> ----- Original Message -----
>> From: S.P.Zeidler <spz at serpens.de>
>> To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
>> Cc:
>> Sent: Tuesday, 16 July 2013 2:28 AM
>> Subject: Re: [ipv6hackers] Local-link traffic injection through tunneling ?
>>
>> T hus wrote Mark ZZZ Smith (markzzzsmith at yahoo.com.au):
>>
>>> > From: ZAMANI Omar <Omar.ZAMANI at solucom.fr>
>> [...]
>>> > If so, do the attacker's machine, > the target node and
> the other
>>> nodes that share it local-link become
>> all part of
>>> > the same link when a such tunnel is established ?
>>> >
>>>
>>> Yes.
>>
>> I think you want to say "no" for "other nodes", unless
> you have a
>> tunnel where more than two nodes are on-link.
>>
>
> I though Omar was only asking about nodes that were part of the tunnel.
>
> What Omar might have been asking about was "automatic" bridging of
> non-tunnel nodes onto the same link as the tunnel nodes. That would make them
> part of the same link-local zone, but the bridging would have to be manually
> configured by the attack target.
>
>> nit-picking regards,
>> spz
>> --
>> spz at serpens.de (S.P.Zeidler)
>> _______________________________________________
>> Ipv6hackers mailing list
>> Ipv6hackers at lists.si6networks.com
>> http://lists.si6networks.com/listinfo/ipv6hackers
>>
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers
>
More information about the Ipv6hackers
mailing list