Re: IPv6, IPSEC and DoS On Mon, 3 Jan 2005, Mohacsi Janos wrote:
To prevent ARP or ND spoofing attack you should have L2 switch support to it! Or you can use static ARP or ND entries, which is rather difficult to maintain.
Regards, Janos Mohacsi
Funny you should mention this I thought about this but figure the following, regardless of VLAN/PVLAN/ settings, switches still need to build an ARP table so I would think that one can still inject bogus ARP information but it would likely but delegated to that particular segment where the MAC's are being spoofed from. There was an instance last year where I saw a student using some form of LAN generator for him to be able to spoof a network in order to play some XBOX game. Packeteers saw multiple MAC addresses coming from the ports in his room. When we investigated the situation he told us what it was the program was doing and we advised him to limit it via pseudo threat of disconnecting his port. So what happens when an ARP generating programs collides with the address of your L2 switch or a database. VLAN/PVLAN even static ARP entries won't help much. At least I don't think there is much that can be done when someone is determined. I could be wrong I am almost 99.999% of the times. Even an exhaustion attack could do some major damage. http://www.infiltrated.net/cisco/vlan-insecurities.html http://www.infiltrated.net/cisco/vlan-tagging-101.html http://www.infiltrated.net/cisco/layer2-security.pdf Aside from this, I've noticed there are quite a few OS' that still have issues regarding IPv6 // http://seclists.org/lists/fulldisclosure/2004/Mar/1412.html III. Impact It may be possible for a local attacker to read portions of kernel memory, resulting in disclosure of sensitive information. A local attacker can cause a system panic. // Not to single out this one instance, there was also an issue with OpenBSD, I'm sure I could find others for Windows, NetBSD as well. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey