Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Douglas Otis (Senior Threat Researcher)

    SLAAC is a mnemonic for IPv6 StateLess Address AutoConfiguration, which follows attempts at obtaining router information that happens only after the interface has established an IPv6 address for the local link. IPv6 does not use Ethernet broadcasting, which imposes scaling limitations on the devices supported on a local link. Instead, IPv6 multicasting divides devices into 16.7 million isolated Solicited-Node groups based on the last 3 bytes of their IPv6 address.  Multicasting represents a significant departure from the way networks previously worked using the blunt method of broadcasting.

    IPv4 and MAC Address Relationship with Network Interface Unverified

    Under IPv4, IP addresses are determined using the ARP [RFC826] to request MAC addresses associated with a specific IPv4 address by using a broadcast (all one’s) destination for the MAC address recognized by switches and interfaces and replicated or flooded across all switch ports. ARP can also announce an address by setting both source and destination IPv4 addresses to the same value or to probe by setting the source to a null IP address.

    The inverse of ARP was BootP described in [RFC951] back in 1985. BootP requests an IP address for the MAC address by using a broadcast (all one’s) destination IP address.  BootP was superseded by DHCP. Those new to IPv6 are often surprised to find how multicasting rather than broadcasting changed the way networks, switches, and routers operate.

    Router Advertisements Define the Local Network with IPv6

    Customer premises equipment (CPE) shipped by Free, a subsidiary of Iliad and the second largest Internet service provider in France, provides DNS configuration in their router advertisements, which eliminates a need for DHCP for most environments.  This feature was a modification that included DNS configurations in router advertisements made by [RFC5006] back in 2007 that was replaced by [RFC6106] in 2010.  Having this feature removed the need to use DHCP, which was important because neither Windows XP or Mac OS X included a DHCP client able to talk over IPv6.

    Read the rest of this entry »


    Imagine playing a whack-a-mole game where the mole moves to a different hole in the amount of time it takes one to raise and lower a mallet. Instead of just six holes, however, there are millions.

    Few would want to play such a game. People would rightfully conclude that random attempts to hit the mole would improve their chances. With so many holes, the mole will proceed unabated, except in the rare cases that it does get hit. Stopping phishing attempts is similar to playing such a game.

    Normally, an email message is accepted after checks are made against the sources’ reputation. As in the whack-a-mole game, the amount of time given for one to react with a mallet is comparable to the amount of time allotted for reputations to accumulate then propagate. To help deal with this, Author Domain Signing Practices (ADSP), an extension of DomainKeys Identified Mail (DKIM), allows Author Domains to make assertions about whether they use DKIM to sign all of their outbound email messages or not.

    This is the introduction to a more in-depth article discussing email authentication, Author Domain Signing Practices (ADSP), and a proposed addition—third-party authorization labels, which makes email authentication a more complete solution.

    Posted in Mobile | Comments Off on Avoiding the Whack-a-Mole Anti-Phishing Tactic


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice