New “Flood_Router26” IPv6 attack takes down Mac OS X and Server 2012

Sam Bowne, Ethical Hacking instructor at City College San Francisco has released a crazy video showing two of the latest IPv6 Router Advertisement attacks from the THC-IPv6 attack toolkit. And from what it looks like, these attacks work against both Mac and Microsoft systems.

In the second part of the video, the “Flood_Router26” RA attack first takes down a Mac OS X’s network interface and then throws the Mac into a spinning “Circle of Death”. A Windows XP system hooked to the network went to 100% resource usage and when the 2012 Server is checked, it actually rebooted!

More information about this attack, screenshots, packet captures and instructions can be found here.

WARNING! Do not attempt this on a live network!

Crazy! Hopefully Apple and Microsoft addresses this issue quick!

Advertisements

Defending against Advanced Threats and IPv6 attacks

I was listening to a Cyber Intelligence briefing this morning and several things caught my attention. First of all, advanced threats, like Stuxnet are really scary.

What will Cyber Defense systems look like in the near future when threats can self replicate, self heal, avoid detection, are encrypted, use encrypted communication channels, contain several intelligent payloads and can cross from open computer systems to closed secured systems?

Also IPv6 was mentioned several times. The speaker mentioned that the US government wants IPv6 because it encapsulates network packets into a hardened shell so they can’t be read. And that other nations, nations that are not friendly to the US, already have adopted IPv6 and are using this as an attacking platform. While the US lags behind in rolling out IPv6.

According to the speaker, an IPv4 defender is at a disadvantage when being attacked by an IPv6 network. He said that they may not be able to track back the attacker, because IPv6 is more secure.

I don’t think these statements are completely accurate. Granted, I am not a IPv6 guru, but from what I have heard, many of the IP vulnerabilities in IPv4 remain in IPv6. And IPv6 has some of its own issues. Toolkits like the thc-ipv6 Toolkit exist that only attack IPv6. Sniffing, rogue devices, denial of service, man-in-the-middle attacks are all still possible in IPv6.

The NSA has already stated that they are now looking at security from the stand point that the system has already been compromised. This would mean that the attention changes to analyzing internal data flow and network security monitoring.

How much monitoring is needed, and how far will it go? The TSA has already over reacted to terrorist threats by installing invasive full body scanners in airports. Will this mentality be carried over to the electronic world and everything that is done online be recorded, and analyzed for keyword data?

Will this include government monitoring of e-mails, social media, and even cloud computing?  Rumors abound, and overreaction is not the answer.

So what will Cyber Defense look like in the future? I believe the answer will be a mix of high-speed hardware with offensive capabilities (like RSignia’s products), network security monitoring & analysis and a united front from the government, private sector and our allies.

New “Live Hacking v1.2” Linux Security Distro Released

Dr. Ali Jahangiri has released a new version of his Live Linux security CD. The original version was a collection of tools that could be used to  test the security of your network.

The new version has added the ever popular Metasploit Framework and also, several IPv6 tools (from website):

The metasploit framework, one of the new tools included with this release, can be used to test your network using the frameworks internal database of known weaknesses and exploits.

Also included in this new release of the Live Hacking CD is the THC-IPV6 tool, a set of tools to attack the inherent protocol weaknesses of IPv6 and ICMP6.

The original “Live Hacking” cd was interesting, kind of like a scaled down version of Backtrack. The added tools will add a lot more capabilities to this distribution. Check it out when you get a chance!