On Saturday, July 11, 2015, Christian Huitema
<huitema(_at_)microsoft(_dot_)com> wrote:
On Saturday, July 11, 2015 8:50 AM, joel jaeggli wrote
...
[5] Section 5:
Fake
DHCP servers / fake RAs are currently a security concern - this
doesn't make them any better or worse.
Please cite a reference for this, preferably with operational
recommendations on limiting these problems (e.g., ensure that DHCP and
RA traffic cannot be injected from outside/beyond the network that is
relevant to the portal).
There is definitely an attack vector there. Suppose an attacker can
monitor the traffic, say on an unencrypted Wi-Fi hot spot. The attacker can
see a DHCP request or INFORM, and race in a fake response with an URL of
their own choosing. The mark's computer automatically connects there, and
download some zero-day attack. Bingo!
An attacker with this level of access can already do this. They fake a DHCP
response with themselves as the gateway and insert a 302 into any http
connection. Or, more likely they simply inject malicious code into some
connection.
Connecting to unknown/ unencrypted networks is inherently dangerous...
W
-- Christian Huitema
--
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
---maf