ipv6 DOS attacks via routing loops
Kam Leo
kam.leo at gmail.com
Sat May 12 21:10:06 UTC 2007
On 5/12/07, Wolfgang S. Rupprecht
<wolfgang.rupprecht+gnus200705 at gmail.com> wrote:
>
> With the recent flurry of activity around IPv6 and the routing
> headers, I think its important to point out that explicit source
> routing isn't the only way some attacker could amplify their DOS
> attack. A very common problem with IPv6 is that folks forget to set a
> reject route to absorb their unused networks. Without someting in the
> ipv6 routing table to tell the gateway machine that these addresses
> are "mine" but unused, the packets will get sent back up the default
> route to the upstream gateway. That gateway will notice that the
> packet is meant for your net and will send it right back. Some
> attacker that notices this misconfiguration can then proceed to send
> packets with a very long TTL and proceed to have the packet bounce up
> and down the link approximately 250 times. The fix is to set up a
> reject route for your assigned /48 (or whatever your upstream gives
> you).
>
> My notes from just setting up an ipv6 tunnel under FC6 (fedora):
>
> http://www.wsrcc.com/wolfgang/fedora/ipv6-tunnel.html
>
> Comments/corrections welcome.
>
> -wolfgang
> --
> Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
Interesting FUD. Most of us common folks don't have IPV6 enabled. By
the time IPV6 truly becomes common the vulnerabilities that you
reference with be replaced with new ones.
More information about the users
mailing list