|
View unanswered posts | View active topics
It is currently Fri Aug 15, 2025 10:20 am
|
Page 1 of 1
|
[ 5 posts ] |
|
Attack hijacks data using newer Windows features
| Author |
Message |
|
rustybucket
I haven't seen my friends in so long
Joined: Thu Jun 18, 2009 5:10 pm
Posts: 5837
|
  | | | | Quote: Mac OS X probably vulnerable too
Security researchers have outlined a way to hijack huge amounts of confidential network traffic by exploiting default behavior in Microsoft's Windows operating system.
The MITM, or man-in-the-middle, attacks described on Monday take advantage of features added to recent versions of Windows that make it easy for computers to connect to networks using the next generation IPv6 protocol. The attack will also work against Apple's OS X for Macs, although the proof-of-concept has not been tested on that platform, said Jack Koziol, a program manager at InfoSec Institute, an information security services company.
The attack exploits an industry standard known as SLAAC, or Stateless Address Auto Configuration for allowing clients and hosts to find each other on IPv6 networks. When the next-generation addressing scheme is turned on, as it is by default in OS X, Windows Vista, Windows 7 and Server 2008, SLAAC can be used to create an unauthorized IPv6 network that reroutes data through hardware controlled by the attackers.
...By default, Linux, FreeBSD and other operating systems aren't vulnerable, Koziol said....
| | | | |
_________________Jim
|
| Tue Apr 05, 2011 3:54 pm |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
simple fix : Switch off IPV6 if you're not actually using it. However the actual chance for this to be an issue to people outside the corporate world is quite small, since most home routing equipment (i.e. cable/ADSL modems) doesn't route IPv6. Therefore to be vulnerable to this, you already have to have a compromised machine inside your home LAN; either a piece of hardware or a PC running a 'nasty' IPV6 router. In short, if you're vulnerable to this at home you're probably already stuffed anyway.
Jon
|
| Tue Apr 05, 2011 4:19 pm |
|
|
|
JJW009
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:58 pm
Posts: 8767
Location: behind the sofa
|
Quite, as Microsoft said in their reply: If a bad guy is inside your house plugging stuff into your network, then you might say the security problem lays with your house rather than your computer. You could actually do something not entirely dissimilar with IPv4 by introducing a bogus DHCP server to a network. Most versions of Windows Server are set to back-off if they detect another DHCP server on the network, so you can issue your own IP as the default gateway and all WAN traffic from computers that pick up your address will go through you. _________________jonbwfc's law: "In any forum thread someone will, no matter what the subject, mention Firefly." When you're feeling too silly for x404, youRwired.net
|
| Tue Apr 05, 2011 6:14 pm |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
Not.. entirely true. It's very possible for a PC that has previously been compromised to act as the 'evil router'. There is already malware that will run a DHCP server on the machine it takes over, completely independently and invisibly to the user. They have to be able to get onto your network, but not necessarily physically access the wires. Physical security will stop lots of things but this can be done entirely remotely, IMO. However, the point still holds. If you're sat at home - maybe you have a couple of PC's and a games console or media server on your home network - and they've got hold of one of the machines to the point where they can install and run software on it, you're already buggered. if they can install an IPv6 router on the PC, they can instal pretty much anything they like - packet sniffers, key loggers etc. It's generally held to be a good idea to switch off any service or function on your PC you're not using anyway. This is just another reinforcement of that. Jon
|
| Tue Apr 05, 2011 8:30 pm |
|
|
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
| | | | rustybucket wrote: | | | | Quote: Mac OS X probably vulnerable too
Security researchers have outlined a way to hijack huge amounts of confidential network traffic by exploiting default behavior in Microsoft's Windows operating system.
The MITM, or man-in-the-middle, attacks described on Monday take advantage of features added to recent versions of Windows that make it easy for computers to connect to networks using the next generation IPv6 protocol. The attack will also work against Apple's OS X for Macs, although the proof-of-concept has not been tested on that platform, said Jack Koziol, a program manager at InfoSec Institute, an information security services company.
The attack exploits an industry standard known as SLAAC, or Stateless Address Auto Configuration for allowing clients and hosts to find each other on IPv6 networks. When the next-generation addressing scheme is turned on, as it is by default in OS X, Windows Vista, Windows 7 and Server 2008, SLAAC can be used to create an unauthorized IPv6 network that reroutes data through hardware controlled by the attackers.
...By default, Linux, FreeBSD and other operating systems aren't vulnerable, Koziol said....
| | | | |
| | | | |
It doesn't sound any different to DHCP under IPv4. It does the same thing, although it is usally quick to see, because half the network will configure over one DHCP server and the other half over the 2nd DHCP server and they won't be able to see each other... I've worked on several sites, where there have been problems with machines not seeing all network resources or not getting onto the internet. The problem was often intermittent and the cause was usually somebody putting in their own/department wireless router, without clearing it with the IT department, and leaving the default configuration of it being a DHCP server. If you know what you are doing, you could easily set up a DHCP server on the local network and get all the traffic coming over your machine. That affects ALL operating systems, where dynamic addresses are assigned at boot time.
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Wed Apr 06, 2011 4:18 am |
|
|
|
|
Page 1 of 1
|
[ 5 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 19 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
|
|
