Windows 7 Networks Vulnerable to RA DoS Attack

This has to be seen to be believed. In this video, Sam Bowne, of the City College San Fransisco, shows how rogue IPv6 Router Advertisements can crash all Windows IPv6 enabled systems on your network.

Sam (and others) notified Microsoft of the problem, only to be told that it was a known issue and Microsoft has no plans on patching it! It can be found on the DHS US-CERT Vulnerability Database as CVE-2010-4669.

Sam has an excellent Executive Summary on his site explaining the problem, and several remedies including:

  • Disable IPv6. This is drastic, and will break services you may want, such as HomeGroups and DirectAccess. But it will protect you.
  • Turn off Router Discovery — this is a simple solution, requiring only one command, but it will prevent you from using Stateless Autoconfiguration. It’s probably appropriate for servers, but not as good for client machines.
  • Use a firewall to block rogue Router Advertisements, while still allowing them from your authorized gateway. This is the most precise solution, but it is easily defeated.
  • Get a switch with RA Guard — details here:

Check out Sam’s site for more information.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: