Vista Network Attack Surface Analysis And Teredo Security Implications presented at Blackhat USA 2007

by Jim Hoagland,

Tags: Security Analysis

Summary : This talk will present the results of a
broad analysis performed on the network-facing components of the release
(RTM) version of Microsoft Windows Vista, as well as the results of
study of the security implications of the related Teredo protocol.
Windows Vista features a rewritten network stack, which introduces a
number of core behavior changes. New protocols include IPv6 and related
protocols, LLTD, LLMNR, SMB2, PNRP, PNM, and WSD. One of the IPv4-IPv6
transition mechanisms provided by Vista is Teredo, which tunnels IPv6
through a NAT by using IPv4 UDP. This provides globally usable IPv6
addresses without the knowledge or cooperation of any part of local
network. The main security concerns raised by Teredo involves security
controls being bypassed, defense in depth reduced, and unsolicited
traffic being allowed by the protocol. Other security concerns with
Teredo include the capability of remote nodes to open the NAT for
themselves, worms, ways to deny Teredo service, the difficulty in
finding all Teredo traffic to inspect, and a new phishing mechanism.