[ipv6hackers] flood_router26 video

Marc Heuse mh at mh-sec.de
Mon Nov 12 06:17:51 CET 2012


Am 12.11.2012 00:16, schrieb Karl Auer:
> On Sun, 2012-11-11 at 17:40 +0100, Marc Heuse wrote:
>> All OS with the exception of Linux (and I have not tested Solaris or
>> OpenBSD but everything else) is vulnerable against this one to very
>> different degrees
> 
> I'm still unsure *why* Linux seems to resist this attack. I wonder if it
> is to do with the logic around the permitted number of addresses on an
> interface - 16 by default.

from the long list of affected OS, Windows is the only one which is
still vulnerable to the RA autoconfig flood. And this is an old attack.

The new attack is flooding with many route options. and to this Linux
could be vulnerable too, however it does not seem so. Here all OS
(excluding Windows, including Linux) have a maximum size for routing
entries (1024). Why *BSD etc. is then affected but not Linux I don't know.

(flood_router26 by default does both attacks at once, because the former
is more devasting for Windows)

Greets,
Marc

--
Marc Heuse
www.mh-sec.de

PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A



More information about the Ipv6hackers mailing list