[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Routing loop attacks using IPv6 tunnels
On Tue, 18 Aug 2009 02:29:58 -0700 (PDT), Gabi Nakibly <gnakibly@yahoo.com>
wrote:
> Indeed, the vulnerability of attack 5 was noted and fixed in Miredo.
> However, I am not aware of any updates to the Teredo specification to
> mitigate it. This means that new implementations will always be
vulnerable
> as in the case of Windows Server 2008 R2. This vulnerability was reported
> to Microsoft a few months ago. They have reproduced it on their end. A
fix
> should be released in the next RC.
> I did not realize that the attack can be successful also on Linux. Thanks
> for the correction.
Well, it is as simple as not looping packet back to yourself, isn't it?
There could be a warning in the spec, but it's really an implementation
error, I think.
> Please let me know the results of your check on attack #4. If you wish, I
> can send you (off-list) the details of my setup for this attack. By the
> way, I encourage other people on the list to verify the attacks in
> different scenarios.
I managed to reproduce it. Single-homed NATs have absolutely no excuse in
forwarding a packet with their own IP address as the source. But yeah -
there is a problem.
--
Rémi Denis-Courmont