Dailydave mailing list archives
SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability
From: "Adam Behnke" <adam () infosecinstitute com>
Date: Mon, 4 Apr 2011 10:34:22 -0500
Hi Daily Davers. InfoSec Institute security researcher Alec Waters has just released a new article on SLAAC Attacks. The basic premise is to use the default network configuration found on all Windows 7 (as well as Server 2008, Vista) installations to intercept and hijack all network traffic without any user knowledge or interaction. The testing in our lab shows that this attack requires no interaction on the user's part, and is totally transparent. It is hard to detect even in enterprise computing environments with significant security gear in place. It works on wired and wireless networks. Even though we are exploiting the IPv6 to IPv4 translation process, it does not require an existing IPv6 network to be set up or functional. It only requires the operating system to have IPv6 enabled by default. Mac OS-X is also likely vulnerable, but we have not tested it yet. We detail the vulnerability, the effect, as well as provide scripts and some tools for setting up the attack here: http://resources.infosecinstitute.com/slaac-attack- <http://resources.infosecinstitute.com/slaac-attack---0day-windows-network-i nterception-configuration-vulnerability/> --0day-windows-network-interception-configuration-vulnerability/ We contacted Microsoft over the weekend, but, because this is a default installation configuration vulnerability, Microsoft is not able to release a patch and states "While you are correct that this may not be something that is easily/quickly corrected (at least with regards to just pushing out a patch to change the default configuration if needed) this would be something that we want to review and explore our options to mitigate against any potential attacks. " The fix right now is for Microsoft to default disable IPv6, but this cannot be done retroactively to production desktops and servers because customers may be using IPv6 for legitimate reasons. We believe the public needs to know about the possibility of this attack, because other bad guys could have figured it out before us and be exploiting unsuspecting companies right now.
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Adam Behnke (Apr 04)
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Nate Lawson (Apr 05)
- Message not available
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Adam Behnke (Apr 06)
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Dobbins, Roland (Apr 08)
- Re: SLAAC Attack - 0day Windows Network Interception Configuration Vulnerability Adam Behnke (Apr 06)