Slashdot Mirror

← Back to Stories (view on slashdot.org)

IPv6 Flaw Could Greatly Amplify DDoS Attacks

Posted by Zonk on from the please-avoid-the-obvious-holes dept.

tygerstripes writes "The Register has a story about the discovery of a flaw in part of the IPv6 specification which has experts scrambling to have the feature removed, or at least disabled by default. From the article: 'The specification, known as the Type 0 Routing Header (RH0), allows computers to tell IPv6 routers to send data by a specific route. Originally envisioned as a way to let mobile users to retain a single IP for their devices... RH0 support allows attackers to amplify denial-of-service attacks on IPv6 infrastructure by a factor of at least 80.' Paul Vixie, president of the Internet Systems Consortium, described the fault bluntly. 'It can be exploited by any greedy Estonian teenager with a $300 Linux machine.'"

6 of 258 comments (clear)

  1. Better idea by Watson+Ladd · · Score: 4, Interesting

    Don't route stuff stupidly. Instead of banning RH0, make sure it doesn't do redundant routes.

    --
    Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
  2. Re:A better idea. by Anonymous Coward · · Score: 3, Interesting

    The problem is that it's a mandatory part of the spec. BTW, Microsoft is not affected: The Windows IPv6 stack doesn't implement that feature. (It is the equivalent to source routing in IPv4, which is not allowed anywhere.)

  3. Nothing New by jjeffrey · · Score: 4, Interesting

    How is this different to source routing packets in IPv4? Surely people will just configure firewalls and hosts to drop these packets in exactly the same way as is done for IPv4 now.

  4. Re:Who gives a $%##? by Organic+Brain+Damage · · Score: 5, Interesting

    Nevermind the fact that the insanely ridiculous kludge...

    Check our DNA. We are, essentially, insanely ridiculous kludges. Nothing but organically accreted fixes to a long series of problems. Why should anyone be surprised that our technology mirrors this fundamental aspect of our selves?
  5. Estonian is like Finnish indeed - Not Russian by Siker · · Score: 3, Interesting

    My mother speaks Estonian and can with some level of adaptation understand and express herself in a way that is understood by the Finnish, which I know for certain as my father is Finnish. Unfortunately, as I grew up in Sweden and was too much of an ungrateful kid to actually learn the languages of my parents, I can't directly comment on the similarity of the languages.

    I second the opinion that the reference to an 'Estonian teenager' isn't very appropriate. It continues a strong, traditional and completely wrong tradition to separate 'us' and 'them'.

  6. Re:s anybody surprised that Paul Vixie by MROD · · Score: 4, Interesting

    Sendmail was the right tool for its time.

    This was a time when there were huge numbers of different network address formats which had to have mail routed to/from/between. That's why it's all about rewriting addresses and not about processing the message. It is also why it's so complex as it had to be flexible enough to handle IP, Usenet (i.e. bang paths), reversed domain-type addressing so you needed a complex language to deal with it.)

    Remember also, this was an age before the virus and when the most malicious thing was the war dialler or phone phreaker with his trusty 300baud accoustic coupler modem. Built in security and thinking about buffer overflows weren't really even in the background of the programmers minds back then.

    Times have changed, hence Sendmail just isn't an appropriate tool anymore, just like the stage coach. It doesn't mean that it's bad software.

    --

    Agrajag: "Oh no, not again!"