oss-security - Re: IPv6 and Route of Death

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 17 May 2023 10:43:50 -0400
From: Barry Greene <bgreene@...ki.org>
To: oss-security@...ts.openwall.com
Subject: Re: IPv6 and Route of Death


My recommendation - check your “Exploitable Port Filter” rules and include IPv6. Test your gear to insure it ‘can’ filter exertion headers.

Read through RFC 9098.

This is an doc on how major ISPs deploy port filtering in their networks. Some are applying RFC 9098.

https://www.senki.org/operators-security-toolkit/filtering-exploitable-ports-and-minimizing-risk-to-and-from-your-customers/


Sent from my iPhone

> On May 17, 2023, at 10:23 AM, Jeffrey Walton <noloader@...il.com> wrote:
> Hi Everyone,
> 
> This seems to have been dropped as a 0-day. I have not seen a CVE
> assigned to it.
> 
> IPv6 and Route of Death:
> 
>  * https://www.reddit.com/r/linux/comments/13jfehf/linux_ipv6_route_of_death_0day_no_patch/
>  * https://news.ycombinator.com/item?id=35950379
> 
> I _think_ this is the original writeup:
> 
>  * https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death
> 
> Jeff

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.