0day Windows Network Interception Configuration Vulnerability
dwhite at olp.net
Mon Apr 4 11:41:17 CDT 2011
On 04/04/11 12:14 -0400, Valdis.Kletnieks at vt.edu wrote:
>On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said:
>> Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html
>*yawn* No news, move along, nothing to see. RFC4862, section 6:
> The use of stateless address autoconfiguration and Duplicate Address
> Detection opens up the possibility of several denial-of-service
> attacks. For example, any node can respond to Neighbor Solicitations
> for a tentative address, causing the other node to reject the address
> as a duplicate. A separate document [RFC3756] discusses details
> about these attacks, which can be addressed with the Secure Neighbor
> Discovery protocol [RFC3971]. It should also be noted that [RFC3756]
> points out that the use of IP security is not always feasible
> depending on network environments.
>Note that similar text was present in RFC2462, all the way back in Dec 1998.
>So somebody's 13 years late to the party.
For more information, see RFC 6104 for a comprehensive problem
statement (rogue routers), and RFC 6105 for a proposed solution.
More information about the NANOG