[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

0day Windows Network Interception Configuration Vulnerability

Subject: 0day Windows Network Interception Configuration Vulnerability
From: swmike at swm.pp.se (Mikael Abrahamsson)
Date: Mon, 4 Apr 2011 19:46:32 +0200 (CEST)
In-reply-to: <1301935563.8859.179.camel@icts-sp-039>
References: <[email protected]> <10470.1301933696@localhost> <1301935563.8859.179.camel@icts-sp-039>

On Mon, 4 Apr 2011, Jeroen van Ingen wrote:

> a network yet. I believe this attack will work on most networks out 
> there, simply because IPv6 is enabled on hosts and rogue RA filtering 
> hasn't been implemented on most switches yet.

Any responsible ISP will block this kind of L2 "unknown" traffic between 
customers.

We see this happening unwittingly in the wild as of several years ago with 
Windows ICS announcing RA to both WAN and LAN because it (or thinks it) 
has 6to4 connectivity and wants to share it.

Nothing new here, but the wider it's known the better.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

Follow-Ups:
- 0day Windows Network Interception Configuration Vulnerability
  - From: jeroen at utwente.nl (Jeroen van Ingen)

References:
- 0day Windows Network Interception Configuration Vulnerability
  - From: andrew.wallace at rocketmail.com (andrew.wallace)
- 0day Windows Network Interception Configuration Vulnerability
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- 0day Windows Network Interception Configuration Vulnerability
  - From: jeroen at utwente.nl (Jeroen van Ingen)

Prev by Date: Re: recommendation on vendor for 8 Cisco 7201 routers?
Next by Date: 0day Windows Network Interception Configuration Vulnerability
Previous by thread: 0day Windows Network Interception Configuration Vulnerability
Next by thread: 0day Windows Network Interception Configuration Vulnerability
Index(es):
- Date
- Thread