Analyzing Risk for ND and Stateless Configuration
From the above-mentioned descriptions, it appears that ND and stateless agreement authenticate
neither the artist nor the responder—exactly like ARP does in IPv4. Hence, the same
attacks can be army adjoin IPv6 as they were in IPv4:
• ND spoofing. Even if there is no such affair as chargeless ND, an antagonist host can
reply instead of the absolute host. So, the victim sends its packets to the antagonist instead
of the spoofed host. Things additionally become worse back the spoofed host is the router
because it allows a man-in-the-middle (MITM) advance for sniffing, altering, and
dropping packets abrogation the subnet. (For capacity on MITM attacks, see Chapter 1,
“Introduction to Security.”)
• RA spoofing. By sending affected RAs, an antagonist pretends to be the router, and all other
hosts in the subnet sends their packets abrogation the subnet to the antagonist host. This is
another MITM attack.
• DHCP spoofing. The aforementioned attacks can be army adjoin DHCPv4 as for DHCPv6.
This leads to addition MITM advance (described in Chapter 5, “Leveraging DHCP
Weaknesses”).
Router
IP: 2001:DB8::4
MAC
0000.BEEF.0000
Host C
IP: 2001:DB8::3
MAC
0000.0666.0000
Host B
IP: 2001:DB8::2
MAC
0000.C5C0.0000
Host A
IP: 2001:DB8::1
MAC
0000.CAFE.0000
BEEF -> 3333.0000.0001
Prefix is 2001:DB8::/64
Router is FE80::200:BEFF:FEEF:0
130 Chapter 7: Exploiting IPv6 Neighbor Discovery and Router Advertisement
There is additionally a abnegation of account (DoS) advance with IPv6 relying on DAD. An antagonist can
reply absolutely to all DAD tests done by all hosts on the network. After a brace of trials,
those hosts accord up and won’t be able to communicate. This is an advance adjoin availability.
NOTE Added abeyant attacks adjoin IPv6 are not accompanying to Layer 2. These attacks are above the
scope of this book. A acceptable advertence for added acknowledgment techniques is RFC 48642.