[ipv6hackers] Windows 7/2008 R2 Improved Resilliency to IPv6 Floods

Fernando Gont fgont at si6networks.com
Mon Apr 1 22:39:09 CEST 2013

On 04/01/2013 02:27 AM, Enno Rey wrote:
> Hi,
> On Sun, Mar 31, 2013 at 09:55:17PM -0700, Doug Barton wrote:
>> On 03/31/2013 09:09 PM, Jim Small wrote:
>>> I have been testing some Windows 7 systems using Fernando and Marc's 
>>> tools.  With a system that's up to date in patches I haven't been able to 
>>> crash it.  The system is non-responsive during the attack, but when the 
>>> attack ends the system usually recovers fairly quickly.  Not always - 
>>> sometimes it takes a few minutes, but it still doesn't crash.
>>> I noticed from Sam Bowne that Microsoft released a new patch to improve 
>>> Windows 7/2008 R2 IPv6 stacks here:
>>> http://samsclass.info/ipv6/proj/RA_flood2.htm#2
>>> From reviewing the KB here:
>>> http://support.microsoft.com/kb/2750841
>>> Issue #2 addresses some of the vulnerabilities - If you use many IPv6 
>>> address and IPv6 routes, the kernel memory is exhausted, and CPU usage 
>>> reaches 100 percent.  This update limits the number of advertised prefixes 
>>> and routes that each interface can process to 100.
>> You might want to have a closer look at Issue #4 in that KB article, and 
>> the surrounding conversation about it. Namely if you have some sort of 
>> temporary interruption in your IPv6 connectivity at boot time you'll 
>> lose IPv6 for the lifetime of the session.
> to the best of my knowledge only a "positive" result of that query is cached (for 30 days) whereas a negative result leads to periodic re-trying. 

Not sure what type of "failure" you're referring to. But I recall
finding that, with many implementations (IIRC including FreeBSD), if DAD
fails for the link-local address, that's "game over" for v6 until you

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list