Le 2014-07-27 17:45, Ted Lemon a écrit :
On Jul 25, 2014, at 9:05 PM, Dan Wing <[email protected]> wrote:
Specifically, the network has to allow an arbitrary host to send an IPv6 RA.
Doesn't that open the network to a pile of attacks, including an
attacker-controlled IPv6 DNS server (RFC6106) and attacker-controlled IPv6
default route?
It does, but if the network provides DHCP service and the attacker either fails
to answer faster, or is prevented from acting as a DHCP server, then happy
eyeballs will take care of the broken IPv6 service.
Dan didn't say "broken", he said "attacker-controlled", possibly (my
guess) thinking of the infamous "SLAAC attack" [*]. Happy eyeballs is
useless here.
The new vulnerability introduced by No-IPv4 over RA is the "drive by"
nature of the attack: contrary to the SLAAC attack, the attacker doesn't
need to remain on the network. It can shut off the victim's IPv4 access
quickly then drive away.
Simon
[*] http://resources.infosecinstitute.com/slaac-attack/
_______________________________________________
sunset4 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sunset4
