[nsp-sec] New IPV6 NDP issue (via cert)
Gert Doering
gert at greenie.muc.de
Thu Oct 9 03:28:23 EDT 2008
Hi,
On Fri, Oct 03, 2008 at 06:57:18PM +0100, David Freedman wrote:
> Uh, isn't this just like ARP spoofing? is this really a new problem?
It seems to be a bit more interesting, as some stacks don't verify that
the spoofed address is actually supposed to be on-link.
So you can spoof to be ipv6.google.com right away, no matter what the
actual on-link prefix on that link is.
(I have not personally verified this, nor do I have a list of affected
OSes, but I have been told that this is the major difference to "plain
ARP spoofing").
gert
--
Gert Doering
SpaceNet AG, AS 5539, gert at space.net. PGP-KeyID: 0x65514975
Also reachable via gert at greenie.muc.de and gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20081009/34b01be2/attachment-0001.sig>
More information about the nsp-security
mailing list