[ipv6hackers] thc-ipv6 v3.0, IPv6 complexity and evasions

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Sun Oct 18 06:55:23 CEST 2015 




----- Original Message -----
From: Enno Rey <erey at ernw.de>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Cc: Fernando Gont <fgont at si6networks.com>
Sent: Saturday, 17 October 2015, 23:44
Subject: Re: [ipv6hackers] thc-ipv6 v3.0, IPv6 complexity and evasions

Hi,

On Sat, Oct 17, 2015 at 02:05:40PM +0200, Gert Doering wrote:
> Hi,
> 
> On Sat, Oct 17, 2015 at 08:51:25AM +0200, Enno Rey wrote:
> > except for the IP version that kinda deprecates fragmentation, that is IPv6.
> 
> Uh, what?  IPv6 deprecates *router* fragmentation - but if you want to send
> a 2k UDP packet (like, a large DNS reply), fragmentation is all you have...

sure. in particular if it is delivered by Santa Claus.
as long as the probability of each of those attributes of a packet is roughly equivalent for $NETWORK it just makes sense to filter such packets, especially if those could otherwise cause significant harm. which Marc's additions to his tool prove, yet another time.

I will happily change my stance once I see an actual real-life ticket covering non-availability of a service based on filtering fragments which would have been needed for that service's functionality.


* You need to remember that absence of evidence is not evidence of absence.

* A single enterprise network in Germany not receiving fragments doesn't mean they aren't being sent, or aren't useful to any networks - your enterprise network will be a very controlled environment, with little variation of applications, routers, hosts and host OS revisions, will unlikely be providing content to the Internet and will have experts on call to do detailed analysis and rectification of problems that are caused by fragments being dropped. Very unrepresentative of the majority of networks attached to the Internet today - residential ones.






cheers

Enno







> 
> Gert Doering
>         -- NetMaster
> -- 
> have you enabled IPv6 on something today...?
> 
> SpaceNet AG                        Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444           USt-IdNr.: DE813185279
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator

=======================================================
_______________________________________________
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers

More information about the Ipv6hackers mailing list