[ipv6hackers] Windows 7/2008 R2 Improved Resilliency to IPv6 Floods
Jim Small
jim.small at cdw.com
Mon Apr 1 06:09:57 CEST 2013
I have been testing some Windows 7 systems using Fernando and Marc's tools. With a system that's up to date in patches I haven't been able to crash it. The system is non-responsive during the attack, but when the attack ends the system usually recovers fairly quickly. Not always - sometimes it takes a few minutes, but it still doesn't crash.
I noticed from Sam Bowne that Microsoft released a new patch to improve Windows 7/2008 R2 IPv6 stacks here:
http://samsclass.info/ipv6/proj/RA_flood2.htm#2
>From reviewing the KB here:
http://support.microsoft.com/kb/2750841
Issue #2 addresses some of the vulnerabilities - If you use many IPv6 address and IPv6 routes, the kernel memory is exhausted, and CPU usage reaches 100 percent. This update limits the number of advertised prefixes and routes that each interface can process to 100.
I can confirm when I use Marc's flood_router26 that Windows gets about 100 random IPv6 addresses. (OK, I didn't count them...) So as Sam notes, it's still not as good as Linux but a huge improvement. Hopefully this makes it to 8/2012 also.
Can anyone else confirm this or have you seen different results?
--Jim
More information about the Ipv6hackers
mailing list