I heard the IPv6 router advertizement attack
almost a year ago but did not jot it down in writing. Here it is. A single
Windows 7 machine can make all Windows machines in a local area network not
workable by flooding bogus RA messages with many bogus source addresses. Only about 20 seconds of flooding is capable
of doing great harm. The CPU usage of all machines are approaching 100 % and
then hang up
Microsoft has indicated that no patches
will be released to rectify this bug but Windows 8 will have this problem
removed. In other words, there is no
cure from the OS side. Shame on Microsoft.
For those organisations that need to use
IPv6 RA for address assignment, they should use an Ethernet switch with RA
guard.
Good luck to those who allow RA in their
internal network.
No comments:
Post a Comment