[ipv6hackers] Windows 7/2008 R2 Improved Resilliency to IPv6 Floods

Doug Barton dougb at dougbarton.us
Mon Apr 1 06:55:17 CEST 2013


On 03/31/2013 09:09 PM, Jim Small wrote:
> I have been testing some Windows 7 systems using Fernando and Marc's tools.  With a system that's up to date in patches I haven't been able to crash it.  The system is non-responsive during the attack, but when the attack ends the system usually recovers fairly quickly.  Not always - sometimes it takes a few minutes, but it still doesn't crash.
>
> I noticed from Sam Bowne that Microsoft released a new patch to improve Windows 7/2008 R2 IPv6 stacks here:
> http://samsclass.info/ipv6/proj/RA_flood2.htm#2
>
>  From reviewing the KB here:
> http://support.microsoft.com/kb/2750841
> Issue #2 addresses some of the vulnerabilities - If you use many IPv6 address and IPv6 routes, the kernel memory is exhausted, and CPU usage reaches 100 percent.  This update limits the number of advertised prefixes and routes that each interface can process to 100.

You might want to have a closer look at Issue #4 in that KB article, and 
the surrounding conversation about it. Namely if you have some sort of 
temporary interruption in your IPv6 connectivity at boot time you'll 
lose IPv6 for the lifetime of the session.

Doug




More information about the Ipv6hackers mailing list