MITM Attack Exploits Windows IPv6 Protocols

Wednesday, April 06, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Researchers indicate that new features in the Microsoft Windows operating system which enable IPv6 network access can potentially be exploited by a man-in-the-middle (MITM) attack.

The proof of concept was detailed by security researcher Alec Waters of the Infosec Institute, and shows that default settings in the OS protocol allow attackers to redirect information unbeknownst to the user.

“All these Windows boxes will default connect to the evil router instead of the legitimate router when this parasitic overlay is running. If Microsoft didn't have that configuration by default, it would negate a lot of the effects of the attack," said Jack Koziol, program manager for the InfoSec Institute.

The exploit utilizes the Stateless Address Auto Configuration (SLAAC) standard to reroute data through networks controlled by the attackers, exposing potentially sensitive data.

Linux and FreeBSD are immune to the method, but the OS X for Macs may also be vulnerable to the attacks, though the theory has not been tested by researchers on that operating system yet.

While there are tools to prevent traffic redirection attacks using the Address Resolution Protocol, so far there is no reliable way to detect and defend against rerouting via SLAAC attacks.

The one saving grace thus far is that in order to carry out the exploit attackers would need to successfully install some hardware into the target network, but given the increasing number of incidents related to insider threats, the possibility of such an event is probable.

"Microsoft is aware of discussions in the security community concerning the possibility of using IPv6 network protocols to undertake a 'man in the middle' attack on a target network. The attack method described would require that a would-be attacker have physical access to the targeted network in order to install a tainted router - a situation that does not provide a security boundary," said the group manager in Microsoft's Trustworthy Computing group, Bruce Cowper.

Source:  http://www.theregister.co.uk/2011/04/04/slaac_attack_microsoft_windows/

Possibly Related Articles:
9522
Operating Systems
Microsoft MITM Windows Operating Systems Exploits Headlines Man-In-The-Middle Protocols IPv6 SLAAC
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.