[ipv6hackers] CVE-2016-1409: IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
Marc Heuse
mh at mh-sec.de
Sun Aug 14 22:58:49 CEST 2016
Hi,
Am 14.08.2016 um 21:07 schrieb Fernando Gont:
> On 08/14/2016 08:38 PM, Enno Rey wrote:
>>> rather than by the intermmediate devices. If you wanted to enforce
>>> it on intermmediate devices, you'd need to perform DPI, then the
>>> attacker fires packets with EHs, and then we possibly end up with
>>> the usual "drop all EHs, plus what I really want to drop".
>>>
>>> My take is that the vuln is completely unrelated to NCE. since al
>>> end systems I know of *do* check the Hop Limit of received ND
>>> packets.
>>
>> apparently not true for quite some high end C* and J* gear, as their
>> respective advisories state/show.
>
> I'll redo testing. I remember testing this, at the time, with a bunch of
> devices, but they were all dropping ND packets when HL != 255.
same here - this is part of my standard IPv6 implementation security
testing and so far I have not found a single device which accepts HL < 255.
Greets,
Marc
--
Marc Heuse
www.mh-sec.de
PGP: AF3D 1D4C D810 F0BB 977D 3807 C7EE D0A0 6BE9 F573
More information about the Ipv6hackers
mailing list