LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 02-06-2004, 04:47 PM   #1
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Rep: Reputation: 15
OpenBSD IP6 Vulnerability


OpenBSD IPV6 Vuln
http://www.guninski.com/obsdmtu.html

Whoa, OpenBSD vuln. This is quite the rare event!

Apparently if you send a IP6 packet, then connect to the server it will crash. The workaround is to recompile the kernel with the patch. Now, he does ping and then shh. Im assuming if you were to do a syn scan and then say telnet it would do the same. -_-
 
Old 02-06-2004, 04:50 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Ummm, SYN scan is TCP, not ICMP...

I just deleted the IPv6 address from my external NIC until I get a chance to recompile my kernel.
 
Old 02-06-2004, 05:25 PM   #3
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by chort
Ummm, SYN scan is TCP, not ICMP...
Your absolutely right chort, my mistake. I haven't even tried *BSD yet, but am looking forward to exploring OpenBSD once I feel comfortable maneuvering around Slackware. OpenBSD seems to be my first choice for security reasons, even if it is just a laptop..=]
 
Old 02-07-2004, 01:59 PM   #4
finegan
Guru
 
Registered: Aug 2001
Location: Dublin, Ireland
Distribution: Slackware
Posts: 5,700

Rep: Reputation: 57
Good catch leeach, this one is getting some status for the time being.

Cheers,

Finegan, off to see if it'll do the same on a sparc.
 
Old 02-07-2004, 04:44 PM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
By the way, to everyone upgrading from source and following -CURRENT, make sure to read the Upgrading Mini-FAQ again. There are some changes to machdep on i386 that require a rebuild of binutils. I don't think that's required for -STABLE.
 
Old 02-09-2004, 06:49 PM   #6
ryancoolest
Member
 
Registered: Jan 2004
Location: Pinas
Distribution: Mandrake
Posts: 152

Rep: Reputation: 30
Quote:
Originally posted by chort
Ummm, SYN scan is TCP, not ICMP...

I just deleted the IPv6 address from my external NIC until I get a chance to recompile my kernel.
Your right chort... I'll delete my IPv6 also ...
 
Old 02-10-2004, 12:11 AM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Well I rebuilt my system (kernel and userland) so now it's back on By the way, the early bulletin was a bit misleading--it takes a certain type code of ICMP packet to trigger the crash, so it's not nearly as likely to happen by accident as the security bulletin publisher would have you believe. It's almost like he has a grudge or something.
 
Old 02-10-2004, 06:43 PM   #8
ryancoolest
Member
 
Registered: Jan 2004
Location: Pinas
Distribution: Mandrake
Posts: 152

Rep: Reputation: 30
Guys,

Do you have any sample rule of your rc.conf and rc.firewall it seems mine is not working.... I add the "ipfw add deny ip any to any" but still a I can SSH to the box...

Or should i save it fisrt like on iptables but i don't know how...


Last edited by ryancoolest; 02-10-2004 at 06:56 PM.
 
Old 03-07-2004, 04:24 PM   #9
finegan
Guru
 
Registered: Aug 2001
Location: Dublin, Ireland
Distribution: Slackware
Posts: 5,700

Rep: Reputation: 57
That's about enough at the top...

Cheers,

Finegan
 
Old 03-18-2004, 12:03 AM   #10
ironwalker
Member
 
Registered: Feb 2003
Location: Jersey shore,north
Distribution: Siduction the only way to do Debian Sid!
Posts: 500

Rep: Reputation: 30
becareful with IPv6 now...set snort or the equivalent correctly.

Although designed to provide better security via IPSec, IPv6 also includes many enhancements, some of which can be exploited by attackers. For example, the address autoconfiguration feature be used by attackers to announce rogue routers. In addition, some of the transitioning mechanisms designed to allow for easier interaction between IPv6 and IPv4 networks can be misused by attackers. Transitioning tools create a way for IPv4 applications to connect to IPv6 services, and IPv6 apps to connect to v4 services.

Because of the standardized transitioning methods, such as 6to4, Simple Internet Transition (SIT) tunnels and IPv6 over UDP (such as Teredo and Shipworm), IPv6 traffic may be coming into networks without their administrators being aware of the fact (and thus, without them being aware that they are vulnerable to IPv6 exploits). For example, since many firewalls allow UDP traffic, IPv6 over UDP can get through those firewalls without administrators realizing what’s happening. Attackers can use 6 over 4 tunnels to evade Intrusion Detection software.


windows is more so vulnerable..........they dont have snort
 
Old 03-18-2004, 06:33 PM   #11
ryancoolest
Member
 
Registered: Jan 2004
Location: Pinas
Distribution: Mandrake
Posts: 152

Rep: Reputation: 30
hmmm.... thanks for the info ironwalker... there's no perfect secureity systems...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
net.inet6.ip6.v6only ? KlaymenDK *BSD 0 11-12-2005 08:32 AM
OpenBSD - Where can i get OpenBSD 3.7 ISO CD -- Please help me b:z Linux - Software 5 04-08-2005 07:09 AM
IP6 Fedora Core 2 odysseynetwork Linux - Networking 0 10-15-2004 11:29 AM
OpenBSD Vulnerability leeach *BSD 4 04-21-2004 02:01 AM
OOT: ip6 makes NAT to be history linuxJaver Slackware 0 09-08-2003 02:27 AM


All times are GMT -5. The time now is 11:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration