IPv6 RA DoS Attacks Sam Bowne gogoNET Live 4 Nov 13, 2013.

Slides:



Advertisements
Similar presentations
GHOST glibc gethostbyname() Vulnerability CVE Johannes B. Ullrich, Ph.D. SANS Technology Institute
Advertisements

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
CMPE 151 Routing Marc Mosko. 2 Talk Outline Routing basics Why segment networks? IP address/subnet mask The gateway decision based on dest IP address.
1 쉽게 접근하자 DoS! Sookmyung Women’s Univ. 최서윤. 2 The DoS?! Sockstress DoS using LOIC Link Local DoS.
Networking Components
Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.
Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Asymmetric Extended Route Optimization (AERO)
Implementing Dynamic Host Configuration Protocol
The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.
TEW-812DRU Training. TEW-812DRU AC1750 Dual Band Wireless Router.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ARP Scenarios CIS 81 and CST 311 Rick Graziani Fall 2005.
© 2009 FP Mailing Solutions. All rights reserved. Customer Service Training Basic Computer Training.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.
1 How to Enable IPv6 in Your Subnet Quincy Wu March 10, 2004.
Networking Components Presented by Jaisson Mailloux LTEC 4550 Network Systems Administration.
Cisco Router Hacking Group 8 Vernon Guishard Kelvin Aguebor ECE 4112.
FIRST TC 2002 John Kristoff - DePaul University 1 Local Network Attacks John Kristoff DePaul University Chicago, IL
IPV6 TERM PROJECT - CONTIKI Speaker: Hui-Hsiung Chung 1.
Viruses According to Microsoft.com, viruses are “small software programs...that interfere with computer operation” Harm data, spread to others through.
Two Scary DoS Attacks AND Hacking American Express and Chase Manhattan Accounts HI-TEC July 24, 2013.
1/28/2010 Network Plus IP Addressing Review. IP Address Classes.
© Cengage Learning 2014 How IP Addresses Get Assigned A MAC address is embedded on a network adapter at a factory IP addresses are assigned manually or.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
Hands-On Ethical Hacking and Network Defense
Getting Connected CPSC 1010 August 21, Connecting to the SOC Servers Why would we need to connect Work with files Transfer files from your local.
Chapter 7 Part 2 Networks. Why would I ever consider a wired network connection over a wireless? – Wireless signals are more susceptible to interference.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 9: Dynamic Host Configuration Protocol (DHCP)
Security “Automatic Border Detection” is essential – For service discovery scope – For prefix assignment and routing – For security Default filters (ULAs?)
Protecting Multicast- Enabled Networks Matthew Davy Indiana University Matthew Davy Indiana University.
IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.
Per-MS Prefix Model for IPv6 in WiMAX by Frank Xia Behcet Sarikaya Raj Patil Presented by Jonne Soininen.
The Security Circus & DoS Attacks. Bio Summary The DoS Circus Layer 4 DDoS: Thousands of attackers bring down one site Layer 7 DoS: One attacker brings.
ADDRESS MAPPING ADDRESS MAPPING The delivery of a packet to a host or a router requires two levels of addressing: logical and physical. We need to be able.
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
ITMT Windows 7 Configuration Chapter 5 – Connecting to a Network ITMT 1371 – Windows 7 Configuration 1.
Chapter 5d.  Upon completion of this chapter, you should be able to:  Explain the need for IPv6 addressing.  Describe the representation of an IPv6.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Computer Networks CSC September 23,
Sheng Jiang (Speaker) Xu Chen Xuan Song Huawei Neighbor Cache Protection in Neighbor Discover Protocol draft-jiang-v6ops-nc-prtection-01 IETF 77 V6OPS.
Introduction to IPv6 Working Connections Winter Retreat Frisco, TX Sam Bowne City College San Francisco Web: samsclass.info Last modified.
g Silly Switching Hiding Behind a Mask Unreliable Exchange Port Wine.
Ad Hoc – Wireless connection between two devices Backbone – The hardware used in networking Bandwidth – The speed at which the network is capable of sending.
أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)
Chapter 05 Exam Review CCNA Discovery 01 – Computer and Network Fundamentals Presented by: Phillip Place Cisco Academy Instructor Lake Michigan College.
Instructor Materials Chapter 8: DHCP
MAC Address Tables on Connected Switches
CompTIA Network+ N Authorized Cert Guide
CIS 116 IPv6 Fundamentals 2 – Primer Rick Graziani Cabrillo College
or call for office visit,
IPv6 Hands-on pre-GDB IPv6 workshop 7th of June 2016 edoardo
Introduction to Networking
Patching firmware, computers, internet of things and more
Computer Networks 9/17/2018 Computer Networks.
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
DHCP, DNS, Client Connection, Assignment 1 1.3
Remote Access Services RAS Routing and Remote Access Services RRAS Remote Desktop Terminal Services Virtual Private Networking VPN.
Network hardening Chapter 14.
Troubleshooting ip Chapter 5e.
How To Configure Hotspot in Virtual Mikrotik on VMware
Presentation transcript:

IPv6 RA DoS Attacks Sam Bowne gogoNET Live 4 Nov 13, 2013

IPv4 Exhaustion

One Year Left

IPv6 Exhaustion

Link-Local DoS IPv6 Router Advertisements

Old Attack (from 2011)

IPv4: DHCP PULL process Client requests an IP Router provides one Host Router I need an IP Use this IP

IPv6: Router Advertisements PUSH process Router announces its presence Every client on the LAN creates an address and joins the network Host Router JOIN MY NETWORK Yes, SIR

Router Advertisement Packet

RA Flood (from 2011) flood_router6

Effects of flood_router6 Drives Windows to 100% CPU Also affects FreeBSD No effect on Mac OS X or Ubuntu Linux

The New RA Flood

MORE IS BETTER Each RA now contains – 17 Route Information sections – 18 Prefix Information sections

Flood Does Not Work Alone Before the flood, you must send some normal RA packets This puts Windows into a vulnerable state

How to Perform this Attack For best results, use a gigabit Ethernet NIC on attacker and a gigabit switch Use thc-ipv6 2.3 on Kali Two Terminal windows: 1../fake_router6 eth1 a::/64 2../flood_router26 eth1 Windows dies within 30 seconds

Effects of New RA Flood Win 8 & Server 2012 die (BSOD) Microsoft Surface RT dies (BSOD) Mac OS X dies Win 7 & Server 2008 R2, with the "IPv6 Readiness Update" freeze during attack iPad 3 slows and sometimes crashes Android phone slows and sometimes crashes Ubuntu Linux suffers no harm

Videos and Details

Mitigation Disable IPv6 Turn off Router Discovery with netsh Use a firewall to block rogue RAs Get a switch with RA Guard Microsoft's "IPv6 Readiness Update" provides some protection for Win 7 & Server 2008 R2 – Released Nov. 13, 2012 – KB – But NOT for Win 8 or Server 2012!!

DEMO

More Info Slides, instructions for the attacks, and more at Samsclass.info

Speculations

Why are Devices so Vulnerable?

Microsoft, 2005

Microsoft, 2004

Patching

Microsoft Timeline Marc Hause informed them of the original RA flood vuln on July 10, 2010 In March, 2011, I also warned Microsoft

Microsoft IPv6 Readiness Update Released in Nov., 2012

Windows 7 Without the IPv6 Readiness Update

Windows 7 With the IPv6 Readiness Update

Limitations of the IPv6 Readiness Update Does not eliminate the DoS Windows 7 freezes during the attack, but recovers quickly when it stops Only available for Win 7 and Server 2008 R2 Windows Server 2012 and Windows 8 are vulnerable to flood_router26 when preceded by a few normal RAs

FreeBSD Timeline Feb 5, 2011: Marc Hause warned them of the original RA vulnerability I filed a bug report in May, 2011

Possibly Patched in 2013

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.