Indeed, the vulnerability of attack 5 was noted and fixed in Miredo. However, I
am not aware of any updates to the Teredo specification to mitigate it. This
means that new implementations will always be vulnerable as in the case of
Windows Server 2008 R2. This vulnerability was reported to
Indeed the ISATAP interface of the ISATAP router is meant to be an
enterprise-interior (note that it is still assumed that the associated IPv4
address is non-private). As we explicitly note in the paper, the first three
attacks will be mitigated if proper protocol-41 filtering is deployed on
On Tue, 18 Aug 2009 02:29:58 -0700 (PDT), Gabi Nakibly gnaki...@yahoo.com
wrote:
Indeed, the vulnerability of attack 5 was noted and fixed in Miredo.
However, I am not aware of any updates to the Teredo specification to
mitigate it. This means that new implementations will always be
vulnerable
Gabi,
From: Gabi Nakibly [mailto:gnaki...@yahoo.com]
Sent: Tuesday, August 18, 2009 3:29 AM
To: Templin, Fred L; v6ops
Cc: ipv6@ietf.org; sec...@ietf.org
Subject: Re: Routing loop attacks using IPv6 tunnels
Indeed the ISATAP interface of the ISATAP
Hi Gabi,
First, thanks to you and your colleagues for this research, and for
the clear presentation of its results.
In my understanding, your contribution is important for transition
solutions to be carefully selected, and where needed improved.
This mail is to complement the analysis with