[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
0day Windows Network Interception Configuration Vulnerability
- Subject: 0day Windows Network Interception Configuration Vulnerability
- From: dwhite at olp.net (Dan White)
- Date: Mon, 4 Apr 2011 11:41:17 -0500
- In-reply-to: <10470.1301933696@localhost>
- References: <[email protected]> <10470.1301933696@localhost>
On 04/04/11?12:14?-0400, Valdis.Kletnieks at vt.edu wrote:
>On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said:
>> Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html
>
>*yawn* No news, move along, nothing to see. RFC4862, section 6:
>
> The use of stateless address autoconfiguration and Duplicate Address
> Detection opens up the possibility of several denial-of-service
> attacks. For example, any node can respond to Neighbor Solicitations
> for a tentative address, causing the other node to reject the address
> as a duplicate. A separate document [RFC3756] discusses details
> about these attacks, which can be addressed with the Secure Neighbor
> Discovery protocol [RFC3971]. It should also be noted that [RFC3756]
> points out that the use of IP security is not always feasible
> depending on network environments.
>
>Note that similar text was present in RFC2462, all the way back in Dec 1998.
>
>So somebody's 13 years late to the party.
For more information, see RFC 6104 for a comprehensive problem
statement (rogue routers), and RFC 6105 for a proposed solution.
--
Dan White