Home page logo

nanog logo nanog mailing list archives

Re: 0day Windows Network Interception Configuration Vulnerability
From: Dan White <dwhite () olp net>
Date: Mon, 4 Apr 2011 11:41:17 -0500

On 04/04/11 12:14 -0400, Valdis.Kletnieks () vt edu wrote:
On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said:
Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html

*yawn* No news, move along, nothing to see.  RFC4862, section 6:

  The use of stateless address autoconfiguration and Duplicate Address
  Detection opens up the possibility of several denial-of-service
  attacks.  For example, any node can respond to Neighbor Solicitations
  for a tentative address, causing the other node to reject the address
  as a duplicate.  A separate document [RFC3756] discusses details
  about these attacks, which can be addressed with the Secure Neighbor
  Discovery protocol [RFC3971].  It should also be noted that [RFC3756]
  points out that the use of IP security is not always feasible
  depending on network environments.

Note that similar text was present in RFC2462, all the way back in Dec 1998.

So somebody's 13 years late to the party.

For more information, see RFC 6104 for a comprehensive problem
statement (rogue routers), and RFC 6105 for a proposed solution.

Dan White

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]