Date: Sun, 29 May 2011 23:13:04 GMT From: Sam Bowne <sbowne@ccsf.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: i386/157410: IPv6 Router Advertisements Cause Excessive CPU Use Message-ID: <201105292313.p4TND4EE082484@red.freebsd.org> Resent-Message-ID: <201105292320.p4TNKAWr064639@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 157410 >Category: i386 >Synopsis: IPv6 Router Advertisements Cause Excessive CPU Use >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun May 29 23:20:10 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Sam Bowne >Release: FreeBSD 8.2 >Organization: City College San Francisco >Environment: FreeBSD .localdomain 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: IPv6 Router Advertisement packets cause a denial of service by CPU consumption. This is a known vulnerability in Windows systems, and it works against FreeBSD too. Here is a screen captures of the attack in action, with a slow attack of 100 packets per second: http://samsclass.info/ipv6/proj/FreeBSD-100RAps.png Here is a detailed vulnerability report I wrote about the Windows version: http://samsclass.info/ipv6/proj/flood-router6a.htm Thanks to ty Justin Hohner for telling me about this. >How-To-Repeat: To reproduce it, use Linux and the thc-ipv6 tools from http://www.thc.org/thc-ipv6/ If you run ./flood_router6 eth0 on the attacker, a FreeBSD network on the same LAN will freeze. >Fix: Mac OS X and Ubuntu Linux are not vulnerable, because they ignore all RAs after the first ten or so. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105292313.p4TND4EE082484>