[nsp-sec] New IPV6 NDP issue (via cert)
Chris Morrow
morrowc at ops-netman.net
Fri Oct 3 14:13:28 EDT 2008
On Fri, 3 Oct 2008, David Freedman wrote:
> Uh, isn't this just like ARP spoofing? is this really a new problem?
seems like it yes, and naptha wasn't new either... I'm gonna release a
paper on this at cansecwest (so I can see nico)... :)
Just hoping the other vendors might want to chime in, and I do think it's
a low threat, nothing we really need to get upset with so far. I do also
wonder if there are fib size limits for directly connected networks
though? (arp/ND entry limits).
-Chris
> ----------- nsp-security Confidential --------
>
>
> since one of my vendors sent out a note about this (hi greg, ask your
> alert folks to actually put the alert on the alert page eh?), another is
> listed.. what say you vendor folks?
>
> <http://www.kb.cert.org/vuls/id/472363>
>
> "IPv6 implementations insecurely update Forward Information Base"
>
> Looks like you can reply with "Yea, I'm that neighbor, send traffic over
> there ->"
>
> This looks like it's also discussed (according to cert) in: RFC 3756
> and... looks like a problem that can't be immediately solved without some
> changes to ND? Since it's a local LAN issue unless your local LAN is
> compromised/made-up-of-compromised-hosts things should be good, eh?
>
> (low threat... I guess)
>
> -Chris
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list