Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IPv6, IPSEC and DoS

  • From: J. Oquendo
  • Date: Mon Jan 03 10:32:50 2005


Re: IPv6, IPSEC and DoS

On Mon, 3 Jan 2005, Mohacsi Janos wrote:

>
> To prevent ARP or ND spoofing attack you should have L2 switch support to
> it! Or you can use static ARP or ND entries, which is rather difficult to
> maintain.
>
> Regards,
>       Janos Mohacsi

Funny you should mention this I thought about this but figure the
following, regardless of VLAN/PVLAN/ settings, switches still need to
build an ARP table so I would think that one can still inject bogus ARP
information but it would likely but delegated to that particular segment
where the MAC's are being spoofed from.

There was an instance last year where I saw a student using some form of
LAN generator for him to be able to spoof a network in order to play some
XBOX game. Packeteers saw multiple MAC addresses coming from the ports in
his room. When we investigated the situation he told us what it was the
program was doing and we advised him to limit it via pseudo threat of
disconnecting his port.

So what happens when an ARP generating programs collides with the address
of your L2 switch or a database. VLAN/PVLAN even static ARP entries won't
help much. At least I don't think there is much that can be done when
someone is determined. I could be wrong I am almost 99.999% of the times.
Even an exhaustion attack could do some major damage.

http://www.infiltrated.net/cisco/vlan-insecurities.html
http://www.infiltrated.net/cisco/vlan-tagging-101.html
http://www.infiltrated.net/cisco/layer2-security.pdf

Aside from this, I've noticed there are quite a few OS' that still have
issues regarding IPv6

//
http://seclists.org/lists/fulldisclosure/2004/Mar/1412.html

III. Impact
It may be possible for a local attacker to read portions of kernel
memory, resulting in disclosure of sensitive information. A local
attacker can cause a system panic.
//

Not to single out this one instance, there was also an issue with OpenBSD,
I'm sure I could find others for Windows, NetBSD as well.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D

sil @ politrix . org    http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.