You are here

T-596: 0-Day Windows Network Interception Configuration Vulnerability

April 6, 2011 - 5:48am

Addthis

PROBLEM:

0-Day exploit of IPv4 and IPv6 mechanics and how it applies to Microsoft Windows Operating systems.

PLATFORM:

Microsoft Operating Systems (OS) Windows Vista, Windows 7, and Windows 2008 Server

ABSTRACT:

The links below describe a parasitic IPv6 layered over a native IPv4 network. This attack can be used to stage potential man-in-the-middle (MITM) attacks on IPv4 traffic. Please see the "Other Links" section below, as it provides an external URL reference.

reference LINKS:

InfoSec Institute - SLAAC Attack
Cisco Threat Comparison and Best-Practice White Paper

IMPACT ASSESSMENT:

High

Discussion:

This DOE-CIRC technical bulletin provides information about the 0-Day exploit found for Microsoft Windows OS (Windows 7, Vista, and Windows 2008 Server). The URL listed in the "Other Links" section provides insight as to how SLAAC is used to exploit vulnerabilities found in native IPv4 using IPv6 Internet Protocol. The posted external link provides examples of the technologies used in this 0-Day exploit. This technical bulletin also includes a link to a published Cisco White Paper with a full "Threat Analysis" and "Overview of IPv6 Topology and Best-Practice Security Rules".

Solution:

Cisco has published an "IPv6 and IPv4 Threat Comparison and Best-Practice Evaluation (v1.0)." This article also explains an overview of IPv4 Topology and Best-Practice Security Rules. Cisco White Paper

Addthis