[ipv6hackers] Windows 7/2008 R2 Improved Resilliency to IPv6 Floods
erey at ernw.de
Mon Apr 1 07:27:08 CEST 2013
On Sun, Mar 31, 2013 at 09:55:17PM -0700, Doug Barton wrote:
> On 03/31/2013 09:09 PM, Jim Small wrote:
> >I have been testing some Windows 7 systems using Fernando and Marc's
> >tools. With a system that's up to date in patches I haven't been able to
> >crash it. The system is non-responsive during the attack, but when the
> >attack ends the system usually recovers fairly quickly. Not always -
> >sometimes it takes a few minutes, but it still doesn't crash.
> >I noticed from Sam Bowne that Microsoft released a new patch to improve
> >Windows 7/2008 R2 IPv6 stacks here:
> > From reviewing the KB here:
> >Issue #2 addresses some of the vulnerabilities - If you use many IPv6
> >address and IPv6 routes, the kernel memory is exhausted, and CPU usage
> >reaches 100 percent. This update limits the number of advertised prefixes
> >and routes that each interface can process to 100.
> You might want to have a closer look at Issue #4 in that KB article, and
> the surrounding conversation about it. Namely if you have some sort of
> temporary interruption in your IPv6 connectivity at boot time you'll
> lose IPv6 for the lifetime of the session.
to the best of my knowledge only a "positive" result of that query is cached (for 30 days) whereas a negative result leads to periodic re-trying.
not sure if they try only once at system startup/stack initialization which you seem to imply.
btw, @Jim: given that the "Issue 4" related modification originally "derives" from Windows8 (see http://blogs.msdn.com/b/b8/archive/2012/06/05/connecting-with-ipv6-in-windows-8.aspx) I assume that Windows 8/2012 default behavior is like the one you observced. will test that shortly.
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474
PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1
Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey
Blog: www.insinuator.net || Conference: www.troopers.de
More information about the Ipv6hackers