Skip Links

How to use a known IPv6 hole to fast freeze a Windows Network

Security experts want Microsoft and Juniper to patch a dangerous DoS hole. With this video, see it for yourself.

By Microsoft Subnet on Tue, 05/03/11 - 4:20pm.

At last week's Rocky Mountain IPv6 Summit in Denver, Ed Horley began his talk about IPv6 in Windows networks by warning attendees about a dangerous DoS vulnerability that Microsoft has so far shown no interest in fixing. I had a longer conversation about it with Horley. He pointed me to the YouTube video below that shows the hole in action.

I've documented much more information about the hole and how users and security expert have been asking and asking Microsoft to fix it in this related story: Microsoft, Juniper urged to patch dangerous IPv6 DoS hole. Juniper, too, has been informed it has some products that are vulnerable and it doesn't want to patch the hole either -- it wants the IETF to fix the protocol.

In the meantime, anyone on a LAN with a Windows machine that has IPv6 running (turned on by default in Microsoft's most recent versions) is at risk. The hole has been publicly disclosed, too.

This video was produced by Sam Bowne, a computer networking instructor at City College San Francisco who has also been pressuring Microsoft to fix the hole.

 

If you are interesting in learning more, here are links to some of the resources that discuss the RA vulnerability.

http://www.howfunky.com/2011/04/my-presentation-from-rocky-mountain.html

http://samsclass.info/ipv6/proj/flood-router6a.htm

http://www.securityfocus.com/bid/45760/info

http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt

http://seclists.org/dailydave/2011/q2/25?utm_source=twitterfeed&utm_medi...

Blog Roll
Microsoft Subnet Home Page
http://www.networkworld.com/subnets/microsoft/
All Microsoft Subnet bloggers
http://www.networkworld.com/community/blogs/microsoft/feed
ActiveWin
http://www.activewin.com
Blake Handler The Road to Know Where
http://bhandler.spaces.live.com/
Dmitry's PowerBlog
http://dmitrysotnikov.wordpress.com/
Doug Brown,DABCC
http://www.dabcc.com
Ed Bott's Windows Expertise
http://www.edbott.com/weblog/
Joseph Tartakoff Microsoft Blog
http://blog.seattlepi.nwsource.com/microsoft/
Long Zheng istartedsomething
http://www.istartedsomething.com/
Mini-Microsoft
http://minimsft.blogspot.com/
Paul Thurrott's Supersite for Windows
http://www.winsupersite.com
Robert McLaws WindowsNow
http://www.windows-now.com
Scobleizer
http://scobleizer.com/
Techmeme
http://www.techmeme.com/
Todd Bishop's Microsoft Blog
http://www.techflash.com/Microsoft