At 01:58 p.m. 07/07/2005, Bob Hinden wrote:
http://kerneltrap.org/node/5382
There is a thread on /. about this today as well. I think most of this is
old news. The new ICMPv6 update that is being worked on has a major
revision to the Security Considerations section that should cover these
issues. If I remember correctly, the work in V6OPS that the article
refers to was fed into the new ICMPv6 draft.
As far as I understand, PMTUD is mandatory for IPv6. The current
specifications make it quite trivial to attack it.
Think about an attacker exploiting these vulnerabilities to attack a BGP
router.
While these problems have been known, the existing specifications don't
recommend any validation checks on the received ICMP error messages.
Checking the TCP SEQ number does its job. However, it puts you in the same
position as for the "Slipping in the window" attacks raised last year. The
more complete PMTUD fix described in
http://www.gont.com.ar/draft/draft-gont-tcpm-icmp-attacks-03.txt protects
you from attack, regardless of whether the attacker is able to hit you "in
the window" or not.
The news with this work is not the vulnerabilities, but the fixes, and the
raise of awareness in the community.
Have a look at NISCC's and CERT/CC's vulnerability reports, and see the
large number of systems affected.
Kindest regards,
--
Fernando Gont
e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------