Condition Remains GREEN
Researches have released a Proof of Concept (POC) which exploits a standard in IPv6's Stateless Address Auto Configuration (SLAAC) which allows host to find each other on a network. The POC demonstrates using an unauthorized access point within your network along with flaws in the implementation in various operating systems will result in routing traffic over the IPv6 network. This is due to the fact most operating systems will choose the newer protocol over the older. This creates a IPv6 network within your IPv4 network allowing an attacker to listen in over the wire.
We think that a rouge wireless access point or an adoc-hoc v host would be the most cost affective way to exploit this vulnerability.
To mitigate this type of attack we recommend the following:
- If you are not using IPv6 then make sure to turn it off in System Preferences>Network.
- Make sure that access to these controls are protected, do not allow users administrator rights.
- Sent you AirPort device to Local-Link Only.
- If you do use IPv6 make sure to turn on the firewall on your Airport Extreme.
- Disable IPv6 on another devices on your network if you do not use it.
- Block IPv6 at the boarder.
IPv6 is coming but we expect the shift to be very slow. For the foreseeable future we expect IPv4 and IPv6 to coexist. This will create a host of management failures resulting into these kinds of vulnerabilities.