In the DefCon video "Three Generations of DoS Attacks (with Audience Participation, as Victims)", the speaker demonstrates how it is possible to crash a variety of devices by flooding them with IPV6 'Join Network' commands.
2 questions:
1- The speaker does a pretty good job of explaining what is happening. To sum up, a Linux machine on the same local network as a windows machine sends out thousands of "router advertisements" (RA). These advertisements are usually sent out by routing devices to tell other devices on the network what network prefix to use, and where to route external IPv6 requests. Every time a machine receives an RA, it refreshes its entries for that network prefix (they time out otherwise), or adds new addresses if the network prefix is different. The demo is showing a windows box adding a new IPv6 address for every RA it receives, causing it to spike the CPU load to 100%.
The speaker says he contacted Microsoft about the issue, and they said they had no plans to fix it. I think that the behaviour shown here is technically up to RFC 1256 [1] spec, which is why there is no plan for a fix. Granted, the OS could allow for the configuration of a maximum number of addresses to configure (Linux and BSD do allow this configuration).
Also, note that the windows machine CPU is pegged at 100%, but still somewhat responsive. The OS has not crashed, and I expect that if left for a few minutes (once the IPv6 addresses time out), it would return to normal CPU utilization. I wouldn't go as far as calling it a "kill every machine that receives the packets" attack (as the speaker in the video claims).
2- How to prevent this from happening to you? The most obvious answer is to turn off IPv6 in the network adapter settings. If you need IPv6, then the solution is to monitor who is on your local network. This attack won't work over the Internet (RA packets can't be routed across the Internet), so your adversary must be local. If you're on a network you don't control (e.g., Starbuck), I really doubt someone would be doing this attack. There are so many other attacks you can do when you're local that making someone's computer hit 100% CPU utilization is just silly.
