> On 26/02/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> > wrote: >> Van Hauser held a speach at the 22C3 about attacking IPv6. >> He also said that even OpenBSD is affected by some of the attacks. >> >> A working stream can be found here: >> mms://streaming.fem.tu-ilmenau.de/ccc/22c3/2005-12-29_-_22c3_-_Saal4_Attacking_the_IPv6_Protocol_Suite/22c3_saal4_2.wmv >> >> If the link wont work: >> http://22c3.fem.tu-ilmenau.de/index.php?action=ondemand >> >> I just like to know if that stuff was fixed or if it will get fixed. > > There was nothing specific of OpenBSD in the talk. > > He briefly mentioned 'OpenBSD, FreeBSD, Linux' being used as > firewalls, and said something like 'drop all not affecting IPv6'. > For what I know, pf(4) "block all" rule does block both IPv4 and IPv6 > traffic, doesn't it? Moreover, in pf(4) the rules by default are > applicable to both IPv4 and IPv6, unless 'af inet' / 'af inet6' > modifiers are specifically and _intentionally_ used, or src/dst > addresses imply the af modifier. > So pf(4) on *BSD is not vulnerable to the described 'lack of > attention' firewall vulnerability... OpenBSD seems to have been > included in the list merely because it goes as a synonym for a > firewall today. :-) > > What exactly do you want to have fixed?
In his talk he mentioned FreeBSD as one of the OS he tested and freeBSD use, as far as I know, also KAME. In his sliedes you may see (it`s at the movie after 40m19s) that he said that all OS he tested answered -> Fragmentation and followring RA Responding to packets from multicast adresses Responding to packets with multicast destination (FreeBSD/Linux, both use KAME if I`m not wrong) So I would like to know if this is just an OS-specific issue or maybe related to the KAMPE IPv6-Implementation wich is also include in oBSD (if I`m not wrong but I read it somewhere). Because KAME stoped developing I ask myself if oBSD fixed these things or if it`s also an Issue for oBSD. Kind regards, Sebastian