Article ID: 11239, created on Apr 6, 2011, last review on May 9, 2014

  • Applies to:
  • Plesk for Linux/Unix
  • Plesk for Windows


Important facts:

1. This is not a 0day problem, and it is described in a separate RFC, “Rogue IPv6 Router Advertisement Problem Statement.” It seems to occur beginning with IPv6.
2. The author of the document "SLAAC Attack – 0day Windows Network Interception Configuration Vulnerability" contemplates a problem in which the network has only the IPv4 protocol, without any mentions of IPv6 and hacker activity regarding the IPv6 protocol.
3. It is a problem from the "Wrong network configuration" category.

Implementation of an MITM attack via broadcast Router Advertisement (RA) messages to hosts with IPv6 interfaces is described in the document "SLAAC Attack – 0day Windows Network Interception Configuration Vulnerability." The RA message is the service IPv6 message for the IPv6 interface configuration. For instance, it can be used for the setup of an IPv6 address, DNS, and gateway, i.e., to set up the interface so that the server of the hackers becomes the router for the current subnet.

ALL servers are vulnerable (not only Windows servers) where the IPv6 protocol is enabled and where the kernel is compiled with the "accept router advertisement" option. 
For Linux servers, IPv6 settings can be checked with the following command:
sysctl -a | grep ipv6
net.ipv6.conf.eth0.accept_ra = 1
net.ipv6.conf.eth0.accept_redirects = 1
net.ipv6.conf.eth0.autoconf = 1


Possible workarounds are described in the document "SLAAC Attack – 0day Windows Network Interception Configuration Vulnerability" and comments on the document:

1. Disable IPv6 on the host.
2. Filter RA messages for each port of the network equipment.
3. Perform an audit of the network for IPv6 security because there can be other problems in addition to those described.

a914db3fdc7a53ddcfd1b2db8f5a1b9c 85a92ca67f2200d36506862eaa6ed6b8 29d1e90fd304f01e6420fbe60f66f838 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF