Re: 0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread Jeroen van Ingen
On Mon, 2011-04-04 at 19:46 +0200, Mikael Abrahamsson wrote: > > I believe this attack will work on most networks out > > there, simply because IPv6 is enabled on hosts and rogue RA filtering > > hasn't been implemented on most switches yet. > > Any responsible ISP will block this kind of L2 "un

Re: 0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread Johnny Eriksson
Nick Hilliard wrote: > The fix right now is for Microsoft to disable IPv4 by default. Yes, please. That would put a serious dent in most botnets... > Nick --Johnny

Re: 0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread Nick Hilliard
On 04/04/2011 16:46, andrew.wallace wrote: Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html There's a serious vulnerability in the default ipv4 configuration too: Windows will accept a reply from any DHCP server which replie

Re: 0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread Mikael Abrahamsson
On Mon, 4 Apr 2011, Jeroen van Ingen wrote: a network yet. I believe this attack will work on most networks out there, simply because IPv6 is enabled on hosts and rogue RA filtering hasn't been implemented on most switches yet. Any responsible ISP will block this kind of L2 "unknown" traffic

Re: 0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread Jeroen van Ingen
On Mon, 2011-04-04 at 12:14 -0400, valdis.kletni...@vt.edu wrote: > On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said: > > Someone has recently post to a mailing list: > > http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html > > *yawn* No news, move along, nothing to se

Re: 0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread Dan White
On 04/04/11 12:14 -0400, valdis.kletni...@vt.edu wrote: On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said: Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html *yawn* No news, move along, nothing to see. RFC4862, section

Re: 0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread Valdis . Kletnieks
On Mon, 04 Apr 2011 08:46:22 PDT, "andrew.wallace" said: > Someone has recently post to a mailing list: > http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html *yawn* No news, move along, nothing to see. RFC4862, section 6: The use of stateless address autoconfiguration a

Re: 0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread Andrew Kirch
On 4/4/11 11:46 AM, andrew.wallace wrote: > Someone has recently post to a mailing list: > http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html > > Andrew > And users of that list certainly have it. Why is it being reposted here? request for admin action

0day Windows Network Interception Configuration Vulnerability

2011-04-04 Thread andrew.wallace
Someone has recently post to a mailing list: http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html Andrew