[ipv6hackers] IPv6 Security research
mh at mh-sec.de
Mon Mar 26 18:58:42 CEST 2012
Am 26.03.2012 18:01, schrieb Fernando Gont:
> On 03/26/2012 02:39 PM, Marc Heuse wrote:
>> here is how to bypass your recommended fixes:
>> send the following 1st packet:
>> ipv6 | fragmentationhdr | dsthdr (1200 bytes) | icmp6 echo request
>> and then the 2nd packet:
>> ipv6 | fragmentationhdr | dsthdr (8bytes) | icmp6 router advertisement
>> where the frag id is the same and the offset of the 2nd packet points to
>> byte 1992 of the dsthdr in the first pkt.
> Ok, I see where you're going. But overlapping fragments are already
> forbidden, and that behaviour is already implemented at least in current
> versions of most operating systems.
yes, most operating systems in their most current version just
implemented it. But many systems will not have the protection for the
next year or longer. Think embedded Linux, systems which are not allowed
to be updated.
to quote what I initially wrote:
> The mitigation techniques must be
> implemented on the client side, like the "drop overlapping fragments"
> stuff, or not allowing extension headers for NDP/RA packets etc.
> Only then RA guard can work.
>>>> P.S. funny that you are doing your IPv6 talk after my keynote at hackito
>>>> ergo sum in Paris in a few weeks. I have the feeling this is not a
>>>> coincidence :-)
>>> Not sure what you mean...
>> those who can read the agenda are in advantage:
> Yep, but I didn't understand the comment you made about the order... Did
> you imply that your presentation is going to be about IPv6 security?
actually they do not know what my keynote topic is yet.
but I assume they placed you after me because we are the two IPv6 guys
... but my keynote will note be about IPv6.
But you choose your presention title funny - my original title without
the "in-" :-)
I'm looking forward to new stuff you found
PGP: FEDD 5B50 C087 F8DF 5CB9 876F 7FDD E533 BF4F 891A
More information about the Ipv6hackers