• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Serious unpatched IPv6 vulnerability on Windows Machines

Started by shader, March 26, 2011, 12:55:41 PM

Previous topic - Next topic

shader

QuoteWin 7 DoS by RA Packets

Executive Summary

This is extremely dangerous! A single device can instantly stop all the Windows machines on a Local Area Network. In my tests, my Windows 7 virtual machine freezes totally and the only way to revive it is shutting the power off--an abnormal shutdown.
Imagine the effect of a single attacker on a small business, Internet coffeehouse, or any other LAN. This works on all Windows machines with IPv6 enabled, which includes Vista, Win 7, Server 2008, and more. Suppose someone writes this into a malicious Web attack, so everyone who views a malicious Web page instantly kills all the machines on their LAN!

As far as I know, this attack will not traverse routers, so it "only" affects your local broadcast domain. But isn't that enough to deserve a security alert and a patch? Apparently not.

More at, http://samsclass.info/ipv6/proj/flood-router6a.htm

cconn

hard to patch something that is behaving "properly"...unless the "patch" they are asking for is that the device doesn't crash.  It is still going to configure umpteen prefixes for local use.  What would be more interesting instead of crashing boxes a-la winnuke of the old days is to trick a host into using a prefix locally and hijacking traffic, stealing info etc etc.