Router Advertisement DoS - [How to exploit] 04-02-2013, 06:25 PM
#1
Yes. This is more of a guide than a tutorial.
Introduction
So, yes, hello. I will be informing you on a very powerful DoS attack that effects many many systems, for example: <=Windows 7 are vulnerable, as well as many other OS on various devices. And, as far as I am aware, there has been no patch released for this quite old vulnerability.
The vulnerability
The vulnerability exists in the idea of, the pretty redundant, IPV6 (Internet Protocol Version 6), which practically all (most) devices use nowadays, instead of IPV4. Now, let's get down and dirty: when you are connected to your LAN (and assuming you are using IPV6), your router will force your PC to connect to it via Router Advertisement (self-explanatory name), the obvious and legitimate reason this exists is so your system knows what device is the router.
Exploiting
Now, you may be wondering: "Cool, but what does this have to do with hacking?", you probably aren't wondering that at all. Well, what you can do is, if you notice that I said "packets" earlier, now assuming you have basic knowledge on how computers transfer data, you would know they send this data in/as 'packets'. What you can do is send to all of the devices on your LAN packets with false hosts (so the devices receiving the packets will instantly connect to the IP specified in the packet).
But this would make the device try to connect to one IP, right? Well, if you send one packet, yes. But, imagine sending a couple thousand with different hosts to connect to - that would cause all of the vulnerable devices on that network to crash (as they would have too many devices to connect to).
Now, exploiting this vulnerability in your local: coffee shop, school, college, etc, a place with 1-100+ of devices connected to the network would be what I would call a successful attack. This is a very, very, good type of local DoS that I would recommend when attacking a local network, using IPV6.
Prevention
There are a few ways you can prevent this DoS:
For more details, visit: http://samsclass.info/ipv6/proj/RA_flood2.htm
Introduction
So, yes, hello. I will be informing you on a very powerful DoS attack that effects many many systems, for example: <=Windows 7 are vulnerable, as well as many other OS on various devices. And, as far as I am aware, there has been no patch released for this quite old vulnerability.
The vulnerability
The vulnerability exists in the idea of, the pretty redundant, IPV6 (Internet Protocol Version 6), which practically all (most) devices use nowadays, instead of IPV4. Now, let's get down and dirty: when you are connected to your LAN (and assuming you are using IPV6), your router will force your PC to connect to it via Router Advertisement (self-explanatory name), the obvious and legitimate reason this exists is so your system knows what device is the router.
Exploiting
Now, you may be wondering: "Cool, but what does this have to do with hacking?", you probably aren't wondering that at all. Well, what you can do is, if you notice that I said "packets" earlier, now assuming you have basic knowledge on how computers transfer data, you would know they send this data in/as 'packets'. What you can do is send to all of the devices on your LAN packets with false hosts (so the devices receiving the packets will instantly connect to the IP specified in the packet).
But this would make the device try to connect to one IP, right? Well, if you send one packet, yes. But, imagine sending a couple thousand with different hosts to connect to - that would cause all of the vulnerable devices on that network to crash (as they would have too many devices to connect to).
Now, exploiting this vulnerability in your local: coffee shop, school, college, etc, a place with 1-100+ of devices connected to the network would be what I would call a successful attack. This is a very, very, good type of local DoS that I would recommend when attacking a local network, using IPV6.
Prevention
There are a few ways you can prevent this DoS:
- Use a Linux distribution (not FreeBSD though, it is too vulnerable) or another OS that is not vulnerable to this.
- Use IPV4.
- Turn off Router Discovery.
- Set a firewall rule.
- Etc
For more details, visit: http://samsclass.info/ipv6/proj/RA_flood2.htm
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)