IPv6 Router Advertizement Attack

I heard the IPv6 router advertizement attack almost a year ago but did not jot it down in writing. Here it is. A single Windows 7 machine can make all Windows machines in a local area network not workable by flooding bogus RA messages with many bogus source addresses.  Only about 20 seconds of flooding is capable of doing great harm. The CPU usage of all machines are approaching 100 % and then hang up

Microsoft has indicated that no patches will be released to rectify this bug but Windows 8 will have this problem removed.  In other words, there is no cure from the OS side. Shame on Microsoft.

For those organisations that need to use IPv6 RA for address assignment, they should use an Ethernet switch with RA guard.

Good luck to those who allow RA in their internal network.

No comments: