> On 26/02/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> wrote:
>> Van Hauser held a speach at the 22C3 about attacking IPv6.
>> He also said that even OpenBSD is affected by some of the attacks.
>>
>> A working stream can be found here:
>> mms://streaming.fem.tu-ilmenau.de/ccc/22c3/2005-12-29_-_22c3_-_Saal4_Attacking_the_IPv6_Protocol_Suite/22c3_saal4_2.wmv
>>
>> If the link wont work:
>> http://22c3.fem.tu-ilmenau.de/index.php?action=ondemand
>>
>> I just like to know if that stuff was fixed or if it will get fixed.
>
> There was nothing specific of OpenBSD in the talk.
>
> He briefly mentioned 'OpenBSD, FreeBSD, Linux' being used as
> firewalls, and said something like 'drop all not affecting IPv6'.
> For what I know, pf(4) "block all" rule does block both IPv4 and IPv6
> traffic, doesn't it? Moreover, in pf(4) the rules by default are
> applicable to both IPv4 and IPv6, unless 'af inet' / 'af inet6'
> modifiers are specifically and _intentionally_ used, or src/dst
> addresses imply the af modifier.
> So pf(4) on *BSD is not vulnerable to the described 'lack of
> attention' firewall vulnerability... OpenBSD seems to have been
> included in the list merely because it goes as a synonym for a
> firewall today. :-)
>
> What exactly do you want to have fixed?

In his talk he mentioned FreeBSD as one of the OS he tested and freeBSD
use, as far as I know, also KAME.

In his sliedes you may see (it`s at the movie after 40m19s) that he said
that all OS he tested answered ->

Fragmentation and followring RA
Responding to packets from multicast adresses
Responding to packets with multicast destination (FreeBSD/Linux, both use
KAME if I`m not wrong)


So I would like to know if this is just an OS-specific issue or maybe
related to the KAMPE IPv6-Implementation wich is also include in oBSD (if
I`m not wrong but I read it somewhere).

Because KAME stoped developing I ask myself if oBSD fixed these things or
if it`s also an Issue for oBSD.


Kind regards,
Sebastian

Reply via email to