0day Windows Network Interception Configuration Vulnerability

Jeroen van Ingen jeroen at utwente.nl
Mon Apr 4 16:46:03 UTC 2011

On Mon, 2011-04-04 at 12:14 -0400, Valdis.Kletnieks at vt.edu wrote:
> On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said:
> > Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html
> *yawn* No news, move along, nothing to see.  RFC4862, section 6:

I think the article is important: since a lot of systems and network
admins still bury their heads in the sand when it comes to IPv6, they
don't realize that it can be an attack vector in several ways... 

All recent operating systems have IPv6 enabled by default and prefer it
over IPv4; this article clearly shows how easy it is to set up a MITM
for IPv4 traffic when IPv6 hasn't been configured or properly secured on
a network yet. I believe this attack will work on most networks out
there, simply because IPv6 is enabled on hosts and rogue RA filtering
hasn't been implemented on most switches yet.


Jeroen van Ingen
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands

More information about the NANOG mailing list