[139342] in North American Network Operators' Group
Re: 0day Windows Network Interception Configuration Vulnerability
daemon@ATHENA.MIT.EDU (Dan White)
Mon Apr 4 12:41:58 2011
Date: Mon, 4 Apr 2011 11:41:17 -0500
From: Dan White <dwhite@olp.net>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <10470.1301933696@localhost>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 04/04/11 12:14 -0400, Valdis.Kletnieks@vt.edu wrote:
>On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said:
>> Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html
>
>*yawn* No news, move along, nothing to see. RFC4862, section 6:
>
> The use of stateless address autoconfiguration and Duplicate Address
> Detection opens up the possibility of several denial-of-service
> attacks. For example, any node can respond to Neighbor Solicitations
> for a tentative address, causing the other node to reject the address
> as a duplicate. A separate document [RFC3756] discusses details
> about these attacks, which can be addressed with the Secure Neighbor
> Discovery protocol [RFC3971]. It should also be noted that [RFC3756]
> points out that the use of IP security is not always feasible
> depending on network environments.
>
>Note that similar text was present in RFC2462, all the way back in Dec 1998.
>
>So somebody's 13 years late to the party.
For more information, see RFC 6104 for a comprehensive problem
statement (rogue routers), and RFC 6105 for a proposed solution.
--
Dan White
