IPv6 Type 0 Routing Header issues
Gert Doering
gert at space.net
Tue Apr 24 15:26:52 CEST 2007
Hi,
On Tue, Apr 24, 2007 at 12:53:42AM +0100, Jeroen Massar wrote:
> Just in case folks are missing out on this, find below a rather nasty
> security issue.
Indeed, good reminder to
- deploy uRPF wherever possible
(Cisco speak: "ipv6 verify unicast reverse-path")
- keep your systems up-to-date (the Cisco advisory is from January)
and the BSDs need to do a bit of homework (should never forward packets if
ip6.forwarding is 0, and it's surprising that pf(4) can't filter on RH0s).
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 113403
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list