Information Security

Windows Security

Syndicate content
Pipes Output
Updated: 41 min 44 sec ago

DHCPv6 and DUID Confusion, (Wed, Apr 23rd)

Wed, 04/23/2014 - 18:50

In IPv6, DHCP is taking somewhat a back seat to router advertisements. Many smaller networks are unlikely to use DHCP. However, in particular for Enterprise/larger networks, DHCPv6 still offers a lot of advantages when it comes to managing hosts and accounting for IP addresses in use.

One of the big differences when it comes to DHCPv6 is that a host identifies itself with a DUID (DHCP Unique Identifier) which can be different from a MAC address. There are essentially three ways to come up with a DUID:

Link Layer + Time: In this case, the host will on first boot create a DUID using one interfaces link layer address (MAC address for Ethernet), as well as the timestamp (seconds since Epoch) to derive a DUID. This DUID will be saved to disk and remain constant even if the network card is swapped later.

Link Layer: Some hosts may not be able to retain a DUID between reboots in this case, the link layer address is used.

Vendor Assigned: You can also just assign an arbitrary DUID, maybe a host name, to identify the host.

Regardless which method you use, the sad part is that each operating system, and in some cases different software on the same operating system, chooses to display the DUID differently, making correlation hard.

Here are a few examples:

Linux seems to like a mix of octal and ASCII characters (if the value represents a printable character). For example:

\000\001\000\001\032\336\306\373\000\014)g\317\002

However, in Linux configuration files for DHCPv6 servers and clients, you may find a simpler hex format:

option dhcp6.client-id 0:1:0:1:1a:de:c6:fb:0:c:29:67:cf:2;

OS X on the other hand displays the time part in decimal, and the MAC address part in hexadecimal:

ipconfig getv6packet en0
CLIENTID (1) Length 14 DUID LLT HW 1 Time 389824106 Addr 40:6c:8f:11:d7:5c

Windows prefers to display the hexadecimal version as output for "ipconfig /all"

DHCPv6 Client DUID. . . : 00-01-00-01-13-0D-1E-A2-00-0C-29-A3-D3-30

To help myself a bit with this confusion, I started a little script that will convert DUIDs from different formats. It isn't quite done yet, but good enough to see if anybody finds it helpful and would like to test it. You can download the script from https://isc.sans.edu/diaryimages/duidconvert.pl

,

[To learn more about IPv6 Security, check out my class IPv6 Security Essentials]

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Vulnerability Pipes

Bugtraq: [security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)

Fri, 04/18/2014 - 13:30
[security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
Categories: Vulnerability Pipes