[ipv6hackers] Some stats on IPv6 fragments and EH filtering on the Internet
mh at mh-sec.de
Tue Nov 5 08:57:51 CET 2013
>>> On 11/04/2013 04:10 PM, Marc Blanchet wrote:
>>>> Fernando, clarification question (since I was not at IEPG):
>>>> define "failure" in your slides?
>>> Probe packets do not get to the intended destination.
>> ok. your presentation says that you used a single vantage point. Do
>> you know where the filtering happened?
> Not exactly
you can find this out easily by using a traceroute which can add
(patch it in or use trace6 from my thc-ipv6 package. trace6 -F eth0
<target> and trace6 eth0 <target> - and then you know which hop is
I am not sure if I am happy or unhappy with the results.
I find it troubling that fragmented packets are being filtered.
but filtering hop-by-hop, destination header and routing headers is
perfectly fine if you decide that in your network there is no business case.
most surprising for me was that the "most accepted" extension header was
the routing header!
Mobil: +49 177 9611560
Fax: +49 30 37309726
Marc Heuse - IT-Security Consulting
PGP: AF3D 1D4C D810 F0BB 977D 3807 C7EE D0A0 6BE9 F573
More information about the Ipv6hackers