Slashdot Mirror

← Back to Stories (view on slashdot.org)

IPv6 Flaw Could Greatly Amplify DDoS Attacks

Posted by Zonk on from the please-avoid-the-obvious-holes dept.

tygerstripes writes "The Register has a story about the discovery of a flaw in part of the IPv6 specification which has experts scrambling to have the feature removed, or at least disabled by default. From the article: 'The specification, known as the Type 0 Routing Header (RH0), allows computers to tell IPv6 routers to send data by a specific route. Originally envisioned as a way to let mobile users to retain a single IP for their devices... RH0 support allows attackers to amplify denial-of-service attacks on IPv6 infrastructure by a factor of at least 80.' Paul Vixie, president of the Internet Systems Consortium, described the fault bluntly. 'It can be exploited by any greedy Estonian teenager with a $300 Linux machine.'"

15 of 258 comments (clear)

  1. Greedy Estonian teenage overlords! by alienmole · · Score: 2, Funny

    n/t

    1. Re:Greedy Estonian teenage overlords! by HomelessInLaJolla · · Score: 4, Funny

      I for one welcome our greedy teenage northern European Baltic overlords!

      They make awesome glaag.

      --
      the NPG electrode was replaced with carbon blac
    2. Re:Greedy Estonian teenage overlords! by Torvaun · · Score: 1, Funny

      Or a Bratislavian.

      "A nickle! Now I'll start my own hotel chain!"

      --
      I see your informative link, and raise you a pithy comment.
  2. s anybody surprised that Paul Vixie by Anonymous Coward · · Score: 5, Funny

    was involved? If it weren't for those guys at sendmail, he'd be the number one source of Unix(tm) root exploits.

  3. $300 Linux box... as if by Ice+Wewe · · Score: 5, Funny

    Please, if he were really that smart, he'd use an OLPC!

  4. Estonia? by Anonymous Coward · · Score: 5, Funny

    Clearly the problem here lies with Estonia, not IPv6.

  5. NOT COOL. by game+kid · · Score: 5, Funny

    Paul Vixie, president of the Internet Systems Consortium, described the fault bluntly. 'It can be exploited by any greedy Estonian teenager with a $300 Linux machine.'

    That roughly translates to "It's so easy, an Estonian can do it".

    Someone is gonna be buying them roast duck (with the mango salsa) soon.

    --
    You can hold down the "B" button for continuous firing.
    1. Re:NOT COOL. by Professor_UNIX · · Score: 5, Funny

      Seriously though, estonia? Raise your hand if you know where that is.
      Maybe he meant to say Elbonia.
    2. Re:NOT COOL. by dch24 · · Score: 5, Funny

      I'm an American.

      I know where Estonia is. You insensitive clod.
      There. Fixed that for ya.
  6. A better idea. by mustafap · · Score: 4, Funny

    Leave it in, but advise people to disable it for network security.

    That already works for other problems, right?

    --
    Open Source Drum Kit, LPLC deve board - mjhdesigns.com
  7. Insensitive Clod by Anonymous Coward · · Score: 5, Funny

    Where can I get one of these $300 Estonian Linux machines? To heck with Dellbuntu.

  8. Re:Just what we need! by McGiraf · · Score: 3, Funny

    hey! It's not nice to call people nerds.

  9. Re:Who gives a $%##? by McGiraf · · Score: 2, Funny

    "constantly had to patch my cell phone software because of venerability's."

    When a piece of software is old enough to be called venerable, it's surely more than time to patch it!

  10. Re:The IETF screwed the pooch on this one by Anonymous Coward · · Score: 1, Funny

    I seriously doubt the IETF will ever be able to exercise these people from it's midst.
    Perhaps not, but they might get some good exercise if they start exorcising the PHBs. ;-)
  11. Re:Don't confuse Estonians with Russians by teh+kurisu · · Score: 3, Funny

    ...when Soviet Russia occupied their country (and probably still do, but now via cable legally).

    Now that's the way to occupy a country!