1 min read

Denial of Service Attack through IPv6 Router Advertisement Vulnerability

Liviu ARSENE

November 12, 2012

Denial of Service Attack through IPv6 Router Advertisement Vulnerability

Local area networks sporting the IPv6 protocol were deemed vulnerable through a recent Router Advertisement vulnerability that crashes everything from Windows operating systems, to Macs, various Linux distributions, PS3`s and Xbox consoles.

The new attack from Marc Heuse works by sending Router Advertisement packets and forcing operating systems to create IPv6 addresses in response to every packet it receives. By flooding the network with enough RA`s, Windows machines will consumes more CPU time as the Stateless Auto Configuration process tries to configure the addresses.

Denial of Service Attack through IPv6 Router Advertisement Vulnerability

“Suppose someone writes this into a malicious Web attack, so everyone who views a malicious Web page instantly kills all the machines on their LAN,” writes Sam Bowne, Ethical Hacking instructor at City College San Francisco.

Although this type of attack has been previously demonstrated by using RA packets with ICMPv6 options like MTU (maximum transmission unit), prefix information, and source link-layer address, the new attack adds 18 prefix information sections and 17 route information sections.

“This is extremely dangerous! A single device can instantly stop all the Windows machines on a Local Area Network,” said Bowne. “In my tests, my Windows 7 virtual machine freezes totally and the only way to revive it is shutting the power off–an abnormal shutdown.”

Solutions such as disabling IPv6, turning off router discovery or using a firewall to turn off Router Advertisements could be implemented by end-users until a fix is released.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read