[ipv6hackers] Windows ping6-of-death
Fernando Gont
fgont at si6networks.com
Wed Aug 14 10:04:45 CEST 2013
On 08/14/2013 03:12 AM, Marc Heuse wrote:
> hi guys,
>
> this months microsoft windows security patches include on that fixes a
> ping-of-death style ICMPv6 denial of service vulnerability.
> does anyone have more information how that attack/packet look like?
Try icmp6 (IPv6-Toolkit) with the "--pod-attack" option (pod == ping of
death).
I bet the vulnerability Windows has fixed works as follows:
1) Send a first fragment with a Fragment Offset=0, and a size of, say
60000 bytes.
2) Send a second fragment with a fragment offset of 60000 and a size of,
say, 60000 bytes.
A buggy implementation will try to reassemble the packet, resulting in
an IPv6 datagram larger than 65K. If they don't have large enough
buffers for that they might run into trouble. :-)
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list