In essence by sending out bad IPv6 router advertisements, the MS stack can get confused and take 100% of the processor until it gets so bad you need to hard reboot the machine. Definitely sounds very bad right?
But I asked myself, why would users be allowed to send router advertisements? I mean, they aren’t routers so why would we allow that any more than we would allow DHCP servers on user ports?
Luckily, since we use Enterasys policy on S-Series, we simply don’t allow these to get out on the network. Curious how to do that? Contact me. It takes less than 5 minutes to protect yourself from this attack with policy….