[nsp-sec] New IPV6 NDP issue (via cert)
Jens Rosenboom
jens.rosenboom at freenet.ag
Thu Oct 9 12:10:07 EDT 2008
On Thu, Oct 09, 2008 at 01:56:03PM +0000, Chris Morrow wrote:
> On Thu, 9 Oct 2008, Gert Doering wrote:
>
> >Hi,
> >
> >On Thu, Oct 09, 2008 at 01:23:40PM +0000, Chris Morrow wrote:
> >>On Thu, 9 Oct 2008, Gert Doering wrote:
> >>
> >>>(I have not personally verified this, nor do I have a list of affected
> >>>OSes, but I have been told that this is the major difference to "plain
> >>>ARP spoofing").
> >>
> >>the cert notice had a list I believe...
> >
> >Which, at the time when I looked, mostly contained "we don't know yet"...
> >
> >Supposedly all BSD variants are affected. Which might or might not affect
> >Junipers (if the BSD kernel on the RE believes something, will it end up
> >being programmed in the hardware?). Haven't heard from the Linux camp.
>
> ah I thought I read juniper was marked as vulnerable...
>
> <http://www.kb.cert.org/vuls/id/472363>
>
> says juniper is vulnerable (not sure if that's on the management ether or
> production interfaces...)
At least M-Series is vulnerable, the wrong neighbor makes its way into
the FIB, so a directly connected host can attract traffic for any IP
it likes to announce.
Good news is that you can protect yourself with a properly written
RE ACL, maybe someone from Juniper might want to update their PSN
accordingly. I would on the other hand disagree on the risk level
being low, one nasty host connected to a peering LAN could do a
lot of harm ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20081009/3d79c416/attachment-0001.sig>
More information about the nsp-security
mailing list