Home page logo

nanog logo nanog mailing list archives

Re: 0day Windows Network Interception Configuration Vulnerability
From: Jeroen van Ingen <jeroen () utwente nl>
Date: Mon, 04 Apr 2011 18:46:03 +0200

On Mon, 2011-04-04 at 12:14 -0400, Valdis.Kletnieks () vt edu wrote:
On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said:
Someone has recently post to a mailing list: 

*yawn* No news, move along, nothing to see.  RFC4862, section 6:

I think the article is important: since a lot of systems and network
admins still bury their heads in the sand when it comes to IPv6, they
don't realize that it can be an attack vector in several ways... 

All recent operating systems have IPv6 enabled by default and prefer it
over IPv4; this article clearly shows how easy it is to set up a MITM
for IPv4 traffic when IPv6 hasn't been configured or properly secured on
a network yet. I believe this attack will work on most networks out
there, simply because IPv6 is enabled on hosts and rogue RA filtering
hasn't been implemented on most switches yet.


Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]