Experts scramble to quash IPv6 flaw

Experts scramble to quash IPv6 flaw
Robert Lemos, SecurityFocus 2007-05-09

A flawed feature that could amplify denial-of-service attacks on next-generation networks has vendors and engineers rushing to eliminate the potential security issue.

Expand all | Post comment

Experts scramble to quash IPv6 flaw 2007-05-10
Yes, serious (1 replies)

thats silly 2007-05-10
jesse

Experts scramble to quash IPv6 flaw 2007-05-10
Anonymouse (1 replies)

out of IP v4... 2007-05-18
Anonymous

Experts scramble to quash IPv6 flaw 2007-05-12
Anonymous (1 replies)

Re: Experts scramble to quash IPv6 flaw 2007-05-15
Anonymouse

Not so new, and not unexpected. 2007-05-16
support (at) securesoftware (dot) ca [email concealed]

Although this particular way to exploit the RH0 feature is new, the security issues related to the RH0 feature are not new and have been known almost from the first day this feature was added to the IPv6 specification.

One of the reasons this feature is in the IPv6 specifications is to enable Source Routing feature in IPv6 which is available in IPv4. However, today nobody (expect perhaps network administrators) is using Source Routing feature since it has very high abuse factor (favorite tool for initiating DDoS attacks).

Because of the already known security issus related to this feature (both in IPv4 and IPv6), this feature is presently disabled by default

in most IPv6 implementations.

The IETF is also currently working on limiting possible abuses of this feature by either deprecating it or instructing implementors how to implement this in a secure manner.

http://www1.ietf.org/mail-archive/web/ipv6/current/msg07277.html

http://www1.ietf.org/mail-archive/web/ipv6/current/msg07285.html

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11463/34569#34569