LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   *BSD (http://www.linuxquestions.org/questions/%2Absd-17/)
-   -   OpenBSD IP6 Vulnerability (http://www.linuxquestions.org/questions/%2Absd-17/openbsd-ip6-vulnerability-143106/)

leeach 02-06-2004 05:47 PM

OpenBSD IP6 Vulnerability
 
OpenBSD IPV6 Vuln
http://www.guninski.com/obsdmtu.html

Whoa, OpenBSD vuln. This is quite the rare event!

Apparently if you send a IP6 packet, then connect to the server it will crash. The workaround is to recompile the kernel with the patch. Now, he does ping and then shh. Im assuming if you were to do a syn scan and then say telnet it would do the same. -_-

chort 02-06-2004 05:50 PM

Ummm, SYN scan is TCP, not ICMP...

I just deleted the IPv6 address from my external NIC until I get a chance to recompile my kernel.

leeach 02-06-2004 06:25 PM

Quote:

Originally posted by chort
Ummm, SYN scan is TCP, not ICMP...
Your absolutely right chort, my mistake. I haven't even tried *BSD yet, but am looking forward to exploring OpenBSD once I feel comfortable maneuvering around Slackware. OpenBSD seems to be my first choice for security reasons, even if it is just a laptop..=]

finegan 02-07-2004 02:59 PM

Good catch leeach, this one is getting some status for the time being.

Cheers,

Finegan, off to see if it'll do the same on a sparc.

chort 02-07-2004 05:44 PM

By the way, to everyone upgrading from source and following -CURRENT, make sure to read the Upgrading Mini-FAQ again. There are some changes to machdep on i386 that require a rebuild of binutils. I don't think that's required for -STABLE.

ryancoolest 02-09-2004 07:49 PM

Quote:

Originally posted by chort
Ummm, SYN scan is TCP, not ICMP...

I just deleted the IPv6 address from my external NIC until I get a chance to recompile my kernel.

Your right chort... I'll delete my IPv6 also ...

chort 02-10-2004 01:11 AM

Well I rebuilt my system (kernel and userland) so now it's back on :) By the way, the early bulletin was a bit misleading--it takes a certain type code of ICMP packet to trigger the crash, so it's not nearly as likely to happen by accident as the security bulletin publisher would have you believe. It's almost like he has a grudge or something.

ryancoolest 02-10-2004 07:43 PM

Guys,

Do you have any sample rule of your rc.conf and rc.firewall it seems mine is not working.... I add the "ipfw add deny ip any to any" but still a I can SSH to the box...

Or should i save it fisrt like on iptables but i don't know how...


finegan 03-07-2004 05:24 PM

That's about enough at the top...

Cheers,

Finegan

ironwalker 03-18-2004 01:03 AM

becareful with IPv6 now...set snort or the equivalent correctly.

Although designed to provide better security via IPSec, IPv6 also includes many enhancements, some of which can be exploited by attackers. For example, the address autoconfiguration feature be used by attackers to announce rogue routers. In addition, some of the transitioning mechanisms designed to allow for easier interaction between IPv6 and IPv4 networks can be misused by attackers. Transitioning tools create a way for IPv4 applications to connect to IPv6 services, and IPv6 apps to connect to v4 services.

Because of the standardized transitioning methods, such as 6to4, Simple Internet Transition (SIT) tunnels and IPv6 over UDP (such as Teredo and Shipworm), IPv6 traffic may be coming into networks without their administrators being aware of the fact (and thus, without them being aware that they are vulnerable to IPv6 exploits). For example, since many firewalls allow UDP traffic, IPv6 over UDP can get through those firewalls without administrators realizing what’s happening. Attackers can use 6 over 4 tunnels to evade Intrusion Detection software.


windows is more so vulnerable..........they dont have snort:)

ryancoolest 03-18-2004 07:33 PM

hmmm.... thanks for the info ironwalker... there's no perfect secureity systems...:D :D :D


All times are GMT -5. The time now is 10:35 AM.