How to use a known IPv6 hole to fast freeze a Windows Network

Security experts want Microsoft and Juniper to patch a dangerous DoS hole. With this video, see it for yourself.

By Microsoft Subnet on Tue, 05/03/11 - 4:20pm.

At last week's Rocky Mountain IPv6 Summit in Denver, Ed Horley began his talk about IPv6 in Windows networks by warning attendees about a dangerous DoS vulnerability that Microsoft has so far shown no interest in fixing. I had a longer conversation about it with Horley. He pointed me to the YouTube video below that shows the hole in action.

I've documented much more information about the hole and how users and security expert have been asking and asking Microsoft to fix it in this related story: Microsoft, Juniper urged to patch dangerous IPv6 DoS hole. Juniper, too, has been informed it has some products that are vulnerable and it doesn't want to patch the hole either -- it wants the IETF to fix the protocol.

In the meantime, anyone on a LAN with a Windows machine that has IPv6 running (turned on by default in Microsoft's most recent versions) is at risk. The hole has been publicly disclosed, too.

This video was produced by Sam Bowne, a computer networking instructor at City College San Francisco who has also been pressuring Microsoft to fix the hole.

If you are interesting in learning more, here are links to some of the resources that discuss the RA vulnerability.

http://www.howfunky.com/2011/04/my-presentation-from-rocky-mountain.html

http://samsclass.info/ipv6/proj/flood-router6a.htm

http://www.securityfocus.com/bid/45760/info

http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt

http://seclists.org/dailydave/2011/q2/25?utm_source=twitterfeed&utm_medi...

Tags

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

About The Microsoft Update

Julie Bort is the editor of Microsoft Subnet and Network World's Online Community Editor. She also writes the Open Source Subnet blog and is the editor responsible for the Cisco Subnet and Open Source Subnet web sites. If you have an idea for a blog, or a news tip on Microsoft, Cisco or Open Source technologies, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.

The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter.

Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited