[6bone] Headsup: Block messaging over IPv6 options

Xavier Roche rocheml@httrack.com
Tue, 15 Jul 2003 14:24:25 +0200


On Tue, Jul 15, 2003 at 01:57:53PM +0200, Francis Dupont wrote:
>    http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22.html
> => Oh! If we need another bigger covert channel I can propose the
> transport payload... Is the advisory a joke or someone announced
> the IPv6 support when he was at the bottom of the learning curve?

There is also a great security threat in IPv4 regarding the TOS byte which can be used to transmit data. It is possible to use this header fragment "as a covert channel to pass data between peers, without being inspected". Spooky!