Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPv6 RA DoS Attacks Sam Bowne gogoNET Live 4 Nov 13, 2013.

Published byLorraine Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "IPv6 RA DoS Attacks Sam Bowne gogoNET Live 4 Nov 13, 2013."— Presentation transcript:

1 IPv6 RA DoS Attacks Sam Bowne gogoNET Live 4 Nov 13, 2013

2

3 IPv4 Exhaustion

4

5 One Year Left

6 IPv6 Exhaustion

7 Link-Local DoS IPv6 Router Advertisements

8 Old Attack (from 2011)

9 IPv4: DHCP PULL process Client requests an IP Router provides one Host Router I need an IP Use this IP

10 IPv6: Router Advertisements PUSH process Router announces its presence Every client on the LAN creates an address and joins the network Host Router JOIN MY NETWORK Yes, SIR

11 Router Advertisement Packet

12 RA Flood (from 2011) flood_router6

13 Effects of flood_router6 Drives Windows to 100% CPU Also affects FreeBSD No effect on Mac OS X or Ubuntu Linux

14 The New RA Flood

15 MORE IS BETTER Each RA now contains – 17 Route Information sections – 18 Prefix Information sections

16

17 Flood Does Not Work Alone Before the flood, you must send some normal RA packets This puts Windows into a vulnerable state

18 How to Perform this Attack For best results, use a gigabit Ethernet NIC on attacker and a gigabit switch Use thc-ipv6 2.3 on Kali Two Terminal windows: 1../fake_router6 eth1 a::/64 2../flood_router26 eth1 Windows dies within 30 seconds

19 Effects of New RA Flood Win 8 & Server 2012 die (BSOD) Microsoft Surface RT dies (BSOD) Mac OS X dies Win 7 & Server 2008 R2, with the "IPv6 Readiness Update" freeze during attack iPad 3 slows and sometimes crashes Android phone slows and sometimes crashes Ubuntu Linux suffers no harm

20 Videos and Details

21 Mitigation Disable IPv6 Turn off Router Discovery with netsh Use a firewall to block rogue RAs Get a switch with RA Guard Microsoft's "IPv6 Readiness Update" provides some protection for Win 7 & Server 2008 R2 – Released Nov. 13, 2012 – KB 2750841 – But NOT for Win 8 or Server 2012!!

22 DEMO

23 More Info Slides, instructions for the attacks, and more at Samsclass.info

24 Speculations

25 Why are Devices so Vulnerable?

26

27 Microsoft, 2005

28 Microsoft, 2004

29 Patching

30 Microsoft Timeline Marc Hause informed them of the original RA flood vuln on July 10, 2010 In March, 2011, I also warned Microsoft

31 Microsoft IPv6 Readiness Update Released in Nov., 2012

32 Windows 7 Without the IPv6 Readiness Update

33 Windows 7 With the IPv6 Readiness Update

34 Limitations of the IPv6 Readiness Update Does not eliminate the DoS Windows 7 freezes during the attack, but recovers quickly when it stops Only available for Win 7 and Server 2008 R2 Windows Server 2012 and Windows 8 are vulnerable to flood_router26 when preceded by a few normal RAs

35 FreeBSD Timeline Feb 5, 2011: Marc Hause warned them of the original RA vulnerability I filed a bug report in May, 2011

36 Possibly Patched in 2013

Download ppt "IPv6 RA DoS Attacks Sam Bowne gogoNET Live 4 Nov 13, 2013."

Similar presentations

GHOST glibc gethostbyname() Vulnerability CVE-2015-0235 Johannes B. Ullrich, Ph.D. SANS Technology Institute https://isc.sans.edu.

GHOST glibc gethostbyname() Vulnerability CVE Johannes B. Ullrich, Ph.D. SANS Technology Institute
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.

Chapter 8b Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Describe the structure of an IPv4 address.  Describe.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.

SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
CMPE 151 Routing Marc Mosko. 2 Talk Outline Routing basics Why segment networks? IP address/subnet mask The gateway decision based on dest IP address.

CMPE 151 Routing Marc Mosko. 2 Talk Outline Routing basics Why segment networks? IP address/subnet mask The gateway decision based on dest IP address.
1 쉽게 접근하자 DoS! Sookmyung Women’s Univ. 최서윤. 2 The DoS?! Sockstress DoS using LOIC Link Local DoS.

1 쉽게 접근하자 DoS! Sookmyung Women’s Univ. 최서윤. 2 The DoS?! Sockstress DoS using LOIC Link Local DoS.
Networking Components

Networking Components
Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.

Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.
Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.

Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Asymmetric Extended Route Optimization (AERO)

Asymmetric Extended Route Optimization (AERO)
Implementing Dynamic Host Configuration Protocol

Implementing Dynamic Host Configuration Protocol
The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.

The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.
TEW-812DRU Training. TEW-812DRU AC1750 Dual Band Wireless Router.

TEW-812DRU Training. TEW-812DRU AC1750 Dual Band Wireless Router.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ARP Scenarios CIS 81 and CST 311 Rick Graziani Fall 2005.

ARP Scenarios CIS 81 and CST 311 Rick Graziani Fall 2005.

Similar presentations

Ads by Google