[ipv6hackers] thc-ipv6 v3.0, IPv6 complexity and evasions
Mark ZZZ Smith
markzzzsmith at yahoo.com.au
Sun Oct 18 06:55:23 CEST 2015
----- Original Message -----
From: Enno Rey <erey at ernw.de>
To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
Cc: Fernando Gont <fgont at si6networks.com>
Sent: Saturday, 17 October 2015, 23:44
Subject: Re: [ipv6hackers] thc-ipv6 v3.0, IPv6 complexity and evasions
On Sat, Oct 17, 2015 at 02:05:40PM +0200, Gert Doering wrote:
> On Sat, Oct 17, 2015 at 08:51:25AM +0200, Enno Rey wrote:
> > except for the IP version that kinda deprecates fragmentation, that is IPv6.
> Uh, what? IPv6 deprecates *router* fragmentation - but if you want to send
> a 2k UDP packet (like, a large DNS reply), fragmentation is all you have...
sure. in particular if it is delivered by Santa Claus.
as long as the probability of each of those attributes of a packet is roughly equivalent for $NETWORK it just makes sense to filter such packets, especially if those could otherwise cause significant harm. which Marc's additions to his tool prove, yet another time.
I will happily change my stance once I see an actual real-life ticket covering non-availability of a service based on filtering fragments which would have been needed for that service's functionality.
* You need to remember that absence of evidence is not evidence of absence.
* A single enterprise network in Germany not receiving fragments doesn't mean they aren't being sent, or aren't useful to any networks - your enterprise network will be a very controlled environment, with little variation of applications, routers, hosts and host OS revisions, will unlikely be providing content to the Internet and will have experts on call to do detailed analysis and rectification of problems that are caused by fragments being dropped. Very unrepresentative of the majority of networks attached to the Internet today - residential ones.
> Gert Doering
> -- NetMaster
> have you enabled IPv6 on something today...?
> SpaceNet AG Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902
Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey
Blog: www.insinuator.net || Conference: www.troopers.de
Ipv6hackers mailing list
Ipv6hackers at lists.si6networks.com
More information about the Ipv6hackers