oss-sec mailing list archives
Re: IPv6 and Route of Death
From: Barry Greene <bgreene () senki org>
Date: Wed, 17 May 2023 10:43:50 -0400
My recommendation - check your “Exploitable Port Filter” rules and include IPv6. Test your gear to insure it ‘can’ filter exertion headers. Read through RFC 9098. This is an doc on how major ISPs deploy port filtering in their networks. Some are applying RFC 9098. https://www.senki.org/operators-security-toolkit/filtering-exploitable-ports-and-minimizing-risk-to-and-from-your-customers/ Sent from my iPhone
On May 17, 2023, at 10:23 AM, Jeffrey Walton <noloader () gmail com> wrote: Hi Everyone, This seems to have been dropped as a 0-day. I have not seen a CVE assigned to it. IPv6 and Route of Death: * https://www.reddit.com/r/linux/comments/13jfehf/linux_ipv6_route_of_death_0day_no_patch/ * https://news.ycombinator.com/item?id=35950379 I _think_ this is the original writeup: * https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death Jeff
Current thread:
- IPv6 and Route of Death Jeffrey Walton (May 17)
- Re: IPv6 and Route of Death Barry Greene (May 17)
- Re: IPv6 and Route of Death Solar Designer (May 17)
- Re: IPv6 and Route of Death Erik Auerswald (May 17)
- Re: IPv6 and Route of Death Andrew Worsley (May 18)
- Re: IPv6 and Route of Death Dominique Martinet (May 19)
- Re: IPv6 and Route of Death Erik Auerswald (May 17)