IETF finally reacting to IPv6 flaw?

Contributed by deanna on 2007-05-12 from the meta errata dept.

Johan M:son Lindman writes:

Recently at the CanSecWest conference in Vancouver a fundamental design flaw in the IPv6 protocol was exposed. The problem lies in the routing header 0 of an IPv6 packet which lets the sending party control the path of a packet, which is potentially very dangerous (for further analyses of the problem see the paper from CanSecWest here).

Shortly afterwards Jun Ichiro Itojun Hagino of Kame and OpenBSD took action and it was disabled. After this some heated discussion took place on the IETF mailing lists and now it is looking like the IETF may actually react and do something about it, as reported by Securityfocus.

(Comments are closed)

Comments

By Krunch (213.219.186.239) on 2007-05-12 13:09

Am I missing something or is this just like IPv4 source routing that has been recognized a security risk and deactivated by default on most implementations long ago ?
Comments
1. By Anonymous Coward (216.62.11.163) on 2007-05-12 13:20
  
  > Am I missing something or is this just like IPv4 source routing that has been recognized a security risk and deactivated by default on most implementations long ago ?
  
  That's the joke of this whole mess. Everyone knew it was bad before it got put in the specs.
2. By henning (80.51.253.154) henning@ on 2007-05-12 14:52
  
  > Am I missing something or is this just like IPv4 source routing that has been recognized a security risk and deactivated by default on most implementations long ago ?
  
  yes, you are missing something - this is just like the v4 source routing mess, but 1000 times worse. as in, the consequences are/can be 1000 times worse.
By Dean (63.227.27.147) on 2007-05-12 14:51

I am simply amazed. Undeadly scooped the world it seems, in reporting the CANSEC issue and OpenBSD fix three weeks ago. Now the Register, Security Focus and even Slashdot make it hot news. It internet time this is ancient, I was worried for a moment that it was another NEW IPv6 vulnerability, but it was just the same old stuff.
Comments
1. By Anonymous Coward (212.251.125.47) on 2007-05-12 17:00
  
  > I am simply amazed. Undeadly scooped the world it seems, in reporting the CANSEC issue and OpenBSD fix three weeks ago. Now the Register, Security Focus and even Slashdot make it hot news. It internet time this is ancient, I was worried for a moment that it was another NEW IPv6 vulnerability, but it was just the same old stuff.
  >
  >
  
  i thought the same, but thank god its just old news
By Rod Whitworth (yendor) undead.w.wtw@xoxy.net on 2007-05-13 04:09

It might be worse....

At Ruxcon 2006 in Sydney the following presentation was given:

IPV6: Under the Hood - Mark Dowd

For years, Internet communications have relied upon the IPv4 protocol as an underlying transport facility to allow data exchange between distant nodes. Although it has enjoyed immense success, IPv4 fails to meet some requirements for modern communications due to changing needs and technological advancements. As such, a new IP protocol (IPv6) has been under development for quite some time to address some of the shortcomings of IPv4. Specifically, IPv6 boasts speed enhancements, security improvements, configuration improvements, and larger address spaces. However, these improvements don't come at no cost; they introduce a large amount of functionality that might be of interest to hackers wishing to subvert firewalls, create covert communication channels, and discover information about other hosts. Furthermore, most IPv4 stacks have undergone major scrutiny for security problems and are at a fairly mature stage in their life cycles. IPv6 stacks, conversely, are in their infancy and haven't stood the rigorous test of time. In this speech, I will outline some of the basics of IPv6 functionality and discuss some potential problem areas that abusing these features might cause. In addition, you will see some of the common types of implementation flaws that can be made when developing IPv6 protocol stacks and how these problems might be leveraged to attack unprotected hosts or firewalls.

A copy of the slides can be found at:
http://ruxcon.org.au/files/2006/dowd_ipv6.ppt
Comments
1. By SyNko (212.29.133.34) on 2007-05-14 11:18
  
  > It might be worse....
  >
  > At Ruxcon 2006 in Sydney the following presentation was given:
  >
  > IPV6: Under the Hood - Mark Dowd
  >
  > For years, Internet communications have relied upon the IPv4 protocol as an underlying transport facility to allow data exchange between distant nodes. Although it has enjoyed immense success, IPv4 fails to meet some requirements for modern communications due to changing needs and technological advancements. As such, a new IP protocol (IPv6) has been under development for quite some time to address some of the shortcomings of IPv4. Specifically, IPv6 boasts speed enhancements, security improvements, configuration improvements, and larger address spaces. However, these improvements don't come at no cost; they introduce a large amount of functionality that might be of interest to hackers wishing to subvert firewalls, create covert communication channels, and discover information about other hosts. Furthermore, most IPv4 stacks have undergone major scrutiny for security problems and are at a fairly mature stage in their life cycles. IPv6 stacks, conversely, are in their infancy and haven't stood the rigorous test of time. In this speech, I will outline some of the basics of IPv6 functionality and discuss some potential problem areas that abusing these features might cause. In addition, you will see some of the common types of implementation flaws that can be made when developing IPv6 protocol stacks and how these problems might be leveraged to attack unprotected hosts or firewalls.
  
  thats right!!! tnx u man

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (9)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]