IPv6 vulnerable to remote denial-of-service attacks

By Edmund X. DeJesus, Staff Writer 06 Feb 2004 | Security Wire Perspectives

Digg This!     StumbleUpon     Del.icio.us

The OpenBSD implementation of IPv6 has a security vulnerability that requires an upgrade to prevent a remote attacker from causing a denial of service.

IPv6 is the successor to IPv4 and is already being implemented by some enterprises, either alone or in parallel with IPv4. While one of the main attractions of IPv6 is its vastly larger address space, administrators are also anticipating security improvements, especially with authentication.

However, independent security researcher Georgi Guninski has identified an error in the handling of IPv6 traffic when the host is configured to receive ICMPv6 (Internet Control Message Protocol) and is listening on a TCP port. A remote attacker can take advantage of this by setting a small IPv6 MTU (Maximum Transmission Unit) and then connecting to an open TCP port. This will crash the target system, causing a denial of service

The problem occurs on OpenBSD 3.4. PivX Solutions recommends OpenBSD administrators acquire the revised code from CVS and recompile their kernels.

For more information on this vulnerability, visit Secunia's advisory here.

Tags: Network Protocols and Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Protocols and Security Security architects fear savvy botnet attacks, IPv6 security issues Twitter domain hijacking highlights DNS security weaknesses How do passwordless SSH keys represent an enterprise attack vector? How to keep networks secure when deploying an 802.11n upgrade Expert calls SSL protocol vulnerability a non issue How to prevent phishing attacks with social engineering tests How SSL-encrypted Web connections are intercepted DNSSEC deployment challenges can be overcome Microsoft issues SMB vulnerability advisory, patch pending Microsoft repairs Windows media, TCP/IP vulnerabilities

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 5 terms you need to know before you employ VoIP  (SearchSecurity.com) digest authentication  (SearchSecurity.com) IGP  (SearchSecurity.com) IP spoofing  (SearchSecurity.com) Secure Sockets Layer  (SearchSecurity.com) smurfing  (SearchSecurity.com) Transport Layer Security  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary