0day Windows Network Interception Configuration Vulnerability
Mikael Abrahamsson
swmike at swm.pp.se
Mon Apr 4 17:46:32 UTC 2011
On Mon, 4 Apr 2011, Jeroen van Ingen wrote:
> a network yet. I believe this attack will work on most networks out
> there, simply because IPv6 is enabled on hosts and rogue RA filtering
> hasn't been implemented on most switches yet.
Any responsible ISP will block this kind of L2 "unknown" traffic between
customers.
We see this happening unwittingly in the wild as of several years ago with
Windows ICS announcing RA to both WAN and LAN because it (or thinks it)
has 6to4 connectivity and wants to share it.
Nothing new here, but the wider it's known the better.
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG
mailing list