[ipv6hackers] CVE-2016-1409: IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Marc Heuse mh at mh-sec.de
Sun Aug 14 22:58:49 CEST 2016


Am 14.08.2016 um 21:07 schrieb Fernando Gont:
> On 08/14/2016 08:38 PM, Enno Rey wrote:
>>> rather than by the intermmediate devices. If you wanted to enforce
>>> it on intermmediate devices, you'd need to perform DPI, then the
>>> attacker fires packets with EHs, and then we possibly end up with
>>> the usual "drop all EHs, plus what I really want to drop".
>>> My take is that the vuln is completely unrelated to NCE. since al
>>> end systems I know of *do* check the Hop Limit of received ND
>>> packets.
>> apparently not true for quite some high end C* and J* gear, as their
>> respective advisories state/show.
> I'll redo testing. I remember testing this, at the time, with a bunch of
> devices, but they were all dropping ND packets when HL != 255.

same here - this is part of my standard IPv6 implementation security
testing and so far I have not found a single device which accepts HL < 255.

Marc Heuse

PGP: AF3D 1D4C D810 F0BB 977D  3807 C7EE D0A0 6BE9 F573

More information about the Ipv6hackers mailing list