Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question on Ipv6 Tunneling


  • Please log in to reply
3 replies to this topic

#1 smak451

smak451

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 11 September 2010 - 09:18 PM

Hey all -- I have reason to believe my recent security breach was achieved through this method, so I'm trying to figure out how to defend against it. Is it recommended to disable ipv6 (in both the adapter properties & the reg key -- running Win 7 64x) or is there some better way of going about this (don't know what the cons are in disabling this -- I'm not on a network and don't depend on Network Discovery).

Also, are there any good reference materials dealing with these attacks (there's one on the gov't cyber threat page in pdf but I don't understand half of it) and in configuring a firewall to manage ICPM's? Can I just block All ICPM in/out (I don't use P2P or anything like that). Seems to be a scarcity on the web of material dealing with this. Hope you're all enjoying the weekend! Thanks a lot, Cheers, -- S :thumbsup:

Edited by smak451, 11 September 2010 - 09:19 PM.


BC AdBot (Login to Remove)

 


#2 smak451

smak451
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 12 September 2010 - 12:13 AM

Update on this ipv6 tunneling method of attack. I've implemented the full Fixit solution found here: http://support.microsoft.com/kb/929852
(which completely disables ipv6 using the ffffffff entry in the registry as well as unchecking the ipv6 box in my adapter properties) and now cannot seem to access the internet (taskbar says unknown network, no internet access but my firewall still shows outbound connections).

Really could use some help here. How can you defend against this attack mode without cutting off the internet? I must be overlooking something if MS is offering this as a solution. If anyone has any answers I'd really appreciate it. The threat is described here under 'General Internet Security' in the pdf called "Malware Tunneling in ipv6," though much of it is foreign to me. http://www.us-cert.gov/reading_room/ Thanks a lot!

Edited by smak451, 12 September 2010 - 12:14 AM.


#3 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:48 PM

Posted 12 September 2010 - 08:09 AM

-Undo the disable IPv6 registry patch. (I do not know but I never used it so may be we should undo it.)

In adapter properties :
- Uncheck IPv6 in adapter properties (which you have already done)
- Check IPv4 in adapter properties (either configure ip manually or set ip to get automatically)

Open an elevated command prompt by typing cmd in start menu find field, right click on cmd.exe and choosing Run as administrator.
Type ipconfig /all and note down list of extra interfaces (you would find ISATAP and Teredo Tunneling)
Type the following commands in it pressing Enter after each line -
netsh interface teredo set state disabled
netsh interface isatap set state disabled


Check again using ipconfig/all if tunneling interface and isatap is disabled.

Note that this method (unchecking ipv6 in adapter properties) has to be repeated for each network adapter you have (most people have only one in their computers).

Edited by Romeo29, 12 September 2010 - 08:10 AM.


#4 smak451

smak451
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 12 September 2010 - 11:34 AM

Thanks a lot for taking the time Romeo, really appreciate it. Peace & Cheers, -- S :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users