Slashdot Mirror

← Back to Stories (view on slashdot.org)

IPv6 Flaw Could Greatly Amplify DDoS Attacks

Posted by Zonk on from the please-avoid-the-obvious-holes dept.

tygerstripes writes "The Register has a story about the discovery of a flaw in part of the IPv6 specification which has experts scrambling to have the feature removed, or at least disabled by default. From the article: 'The specification, known as the Type 0 Routing Header (RH0), allows computers to tell IPv6 routers to send data by a specific route. Originally envisioned as a way to let mobile users to retain a single IP for their devices... RH0 support allows attackers to amplify denial-of-service attacks on IPv6 infrastructure by a factor of at least 80.' Paul Vixie, president of the Internet Systems Consortium, described the fault bluntly. 'It can be exploited by any greedy Estonian teenager with a $300 Linux machine.'"

2 of 258 comments (clear)

  1. Early IPv6 drafts had limited the Type 0 route len by Jim+Logajan · · Score: 5, Informative

    Some history and information:

    The earlier drafts of the IPv6 RFCs had limited the Type 0 routing addresses to 23 per extension header. The current limit is theoretically 128, though maximum packet size through any one link will tend to get in the way.

    The number of times an IPv6 packet may ping-pong is limited by the Hop Limit field, which is an 8 but unsigned integer (i.e. 255 times).

    While it is true that a very permissive router or host may process a packet with more than one Type 0 routing header, RFC 2460 strongly recommends that a router or host only process one such extension header.

    One product that has been designed to locate implementation problems with IPv6 stacks (it can't do anything about design flaws!) is the Maxwell product from http://www.iwl.com/. Truth in advertising requires that I point out I helped create some of the test cases for that product (however, I am not an employee of IWL or own any equity or options on equity in the company).

  2. Re:NOT COOL. by ivothamdrup · · Score: 5, Informative

    He may have chosen Estonia in particular because there's recently (in the last week) been DDoS attacks targeting Estonia's government websites.

    Those attacks were (still are, actually) carried out not by local "greedy teenagers", but top-level Russian authorities. The large-scale attacks were traced to IP addresses in Moscow owned by the Russian presidential administration and government.