Microsoft, Juniper urged to patch dangerous IPv6 DoS hole
He adds: “While individual vendors may put in patches to cover up the fundamental problem, the fact is that conforming implementations of the spec are inevitably vulnerable to route contamination even if they hide the resource exhaustion problem. Until the IETF fixes the protocol, the best course of action is to only accept routes from routers that you trust by whitelisting legitimate route sources.”
If RA Guard is not available, another workaround within a Windows environments is to turn off Router Discovery, says Sam Bowne, a computer networking instructor at City College San Francisco who has also been pressuring Microsoft to fix the hole. Bowne has produced a video that shows how easy the exploit is to do. (See it yourself in a related blog post on Network World’s Microsoft Subnet.) Turning off Router Discovery “is a simple solution, requiring only one command, but it will prevent you from using Stateless Autoconfiguration. It’s probably appropriate for servers, but not as good for client machines,” Bowne says.
Bowne says another possibility is to set your firewall to block rogue Router Advertisements, while whitelisting them from authorized gateways. But both Bowne and Heuse say that this method is easily defeated. Heuse is even planning on demonstrating an attack that bypasses this fix later this month.
Horley also says that the attack isn’t limited to those connected to a wired LAN, either. “It does affect Windows 7 and Server 2008 machines on wireless networks too,” he said. “There is no fix for wireless networks as RA Guard is not a feasible option on wireless.”
On the other hand, Horley also admits that on the wireless side, “the greatest risk of being affected is when joining an open network. Assuming the machine is on a trusted, secure wireless network, unless it is ‘owned’ there is no reason someone would run this exploit unless they were being malicious.” He also notes: “There are likely far better exploits out there then a simple DOS attack if you have managed to connect to the secure wireless network.”
Meanwhile Bowne is continuing to push Microsoft to take three actions: issue a security warning telling people to disable router discovery on servers and adjust their firewall to block rogue Router Advertisements on clients; shut Router Discovery off by default in future products; and patch the network software so that it limits the amount of CPU that can be consumed by the Router Discovery and Stateless Autoconfiguration processes.
Comments are closed.