I write this as an issue, but it could be a feature / improvement.
During a couple of penetration tests I observed that most Windows clients have ipv6 enabled but they do not have an ipv6 address assigned. In addition it seems that windows OS gives highest priority to the next received lease, does not matter if it's ipv4 or ipv6.
The result: ipv6 dhcp takes over already assigned ipv4 address.
Just presenting yourself as ipv6 dhcp server and serving ipv6 dhcp client requests is a very simple way to poisoning windows clients in the local network both dns and ip and get your "wpad" offered easily, as well as any other exploit.
I write this as an issue, but it could be a feature / improvement.
During a couple of penetration tests I observed that most Windows clients have ipv6 enabled but they do not have an ipv6 address assigned. In addition it seems that windows OS gives highest priority to the next received lease, does not matter if it's ipv4 or ipv6.
The result: ipv6 dhcp takes over already assigned ipv4 address.
Just presenting yourself as ipv6 dhcp server and serving ipv6 dhcp client requests is a very simple way to poisoning windows clients in the local network both dns and ip and get your "wpad" offered easily, as well as any other exploit.