Alpine$sun posted this on a BBS I frequent and I thought it was worth sharing.
I presented at a security confrence last week and the speaker after me was taking about Vista and IPv6. Basically Vista is about as secure as a large mansion with no doors due to lots of IPv6 hacks and ‘man in the middle’ attacks!
Vista by default will use IPv6 over IPv4. Now IPv4 is what’s used in the internet and not IPv6 so a 6to4 conversion is needed. Microsoft in their stupid security vision have come up with a new system called Teredo. Teredo uses UDP 3544 and encapsulates IPv6 frames/packets into a IPv4 UDP tunnel that leaves your gateway and heads for one of four microsoft Teredo servers to do the 6to4 conversion, so in essence Microsoft are snooping all your traffic!!!!!!!!!!! Now it gets worse. People have been running Linux/Unix/Vista Teredo servers within ISP’s to attract the UDP traffic in. Now your asking that’s not possible, well let me tell you it is as all IPv6 host announce themselves on a special IPv6 link layer addressing system to let them communicate in ‘community’ IP domains. Once they announce themselves the hackers are then using posion reverse ARP’s to attact the traffic…Microsoft just made a man in the middle attack very very very simple!!!!
Fix: Block all out bound UDP 3544 traffic on your LAN’s!!!!!
Here are resource links he provided:
http://moonv6.sr.unh.edu/lists/Sep2006/0630.php
http://www.ipv6forum.com/dl/white/NAv6TF_Security_Report.pdf
http://www.windowsitpro.com/Article/ArticleID/94482/94482.html
http://seclists.org/fulldisclosure/2006/Aug/0630.html
http://whitepapers.silicon.com/0,39024759,60274361p-39000360q,00.htm
