InfoSec Institute security researcher Alec Waters has just released a new article on SLAAC Attacks. The basic premise is to use the default network configuration found on all Windows 7 (as well as Server 2008, Vista) installations to intercept and hijack all network traffic without any user knowledge or interaction. The testing in our lab shows that this attack requires no interaction on the user’s part, and is totally transparent. It is hard to detect even in enterprise computing environments with significant security gear in place. It works on wired and wireless networks. Even though we are exploiting the IPv6 to IPv4 translation process, it does not require an existing IPv6 network to be set up or functional. It only requires the operating system to have IPv6 enabled by default. Mac OS-X is also likely vulnerable, but we have not tested it yet. We detail the vulnerability, the effect, as well as provide scripts and some tools for setting up the attack here: http://resources.infosecinstitute.com/slaac-attack/ We contacted Microsoft over the weekend, but, because this is a default installation configuration vulnerability, Microsoft is not able to release a patch and states “While you are correct that this may not be something that is easily/quickly corrected (at least with regards to just pushing out a patch to change the default configuration if needed) this would be something that we want to review and explore our options to mitigate against any potential attacks. ” The fix right now is for Microsoft to default disable IPv6, but this cannot be done retroactively to production desktops and servers because customers may be using IPv6 for legitimate reasons. We believe the public needs to know about the possibility of this attack, because other bad guys could have figured it out before us and be exploiting unsuspecting companies right now. *JACK KOZIOL* *INFOSEC INSTITUTE* 7310 W. North Ave. Suite 4D Elmwood Park, IL 60707 Toll-Free: (866) 471-0059 x6000 Direct: (708) 689-0131 x6000 Cell: (847) 275-1125 For the latest insider INFOSEC NEWS including tips, tricks and tools, visit: http://news.infosecinstitute.com/?j