0day Windows Network Interception Configuration Vulnerability

Dan White dwhite at olp.net
Mon Apr 4 16:41:17 UTC 2011

On 04/04/11 12:14 -0400, Valdis.Kletnieks at vt.edu wrote:
>On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said:
>> Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html
>*yawn* No news, move along, nothing to see.  RFC4862, section 6:
>   The use of stateless address autoconfiguration and Duplicate Address
>   Detection opens up the possibility of several denial-of-service
>   attacks.  For example, any node can respond to Neighbor Solicitations
>   for a tentative address, causing the other node to reject the address
>   as a duplicate.  A separate document [RFC3756] discusses details
>   about these attacks, which can be addressed with the Secure Neighbor
>   Discovery protocol [RFC3971].  It should also be noted that [RFC3756]
>   points out that the use of IP security is not always feasible
>   depending on network environments.
>Note that similar text was present in RFC2462, all the way back in Dec 1998.
>So somebody's 13 years late to the party.

For more information, see RFC 6104 for a comprehensive problem
statement (rogue routers), and RFC 6105 for a proposed solution.

Dan White

More information about the NANOG mailing list