SLAAC:IPv6:mitm:attack::Rogue:RAs

Recently we see more attention for the SLAAC (StateLess Adress AutoConfiguration) attack, through intentional use of rogue RAs (Router Advertisements). This is a general threat to IPv6 capable devices, although there are article telling that it is a flaw in specific operating systems like Microsoft Windows, MacOS etc.

It is known for quite a while that we have to prepare for unintentional and/or intentional RAs on networks where IPv6 capable devices are connected. These RAs can disrupt (renumber) or influence (active IPv6 usage which has often presidents over IPv4) connected devices, and become a threat to users or organizations.

A longer term solution is the use of SEND (SEcure Neighbor Discovery), but equipment support for this “heavy weight” mitigation is falling short. Alternative light weight solutions are available, but you have to pick and chose the one(s) that suite you the best. For now you will find yourself searching if your current (network) equipment supports the features to protect against rogue RAs. When buying new equipment, it should be a selection criteria.

You can read about the SLAAC man-in-the-middle-attack and the RFC 6104 outlining the options to prevent or monitor for SLAAC attacks, in these excellent documents.

Leave a Reply

Your email address will not be published. Required fields are marked *