SecurityFocus have published article this on their news site:
It appears that the IETF have published two alternative “fixes” for the vulnerability in the IPv6 protocol that could be exploited to perform Denial of Service (DoS) attacks.
The flaw was exposed in April by Philippe Biondi and Arnaud Ebalardlies in their presentation to the CanSecWest confrerence entitled “Fun with IPv6 routing headers “. They highlighted the ability to exploit the Type 0 routing header (RH0) to tell IPv6 routers the routing path for a given packet. This allows the imact of a DoS attack to be multipled seriously by having victim devices ping-pong packets between themselves. Biondi and Ebalardiles suggest that support for RH0 headers could “allow attackers to amplify denial-of-service attacks on IPv6 infrastructure by a factor of at least 80″.
The response form the IETF has been to issue the following proposals for implementations of the default IPv6 protocol:
1) Get rid of the feature
2) Turn it off unless it’s really needed
The importance of this discovery is thatis not just a vulnerability in one vendor’s implementatoin of IPv6 in an isolated product, but rather a flaw in the design of the basic protocol. This is no doubt the first of many such flaws that will come to light as the roll out of IPv6 becomes more widespread in the near future. Watch this space…