[6bone] Headsup: Block messaging over IPv6 options

Todd T. Fries todd@fries.net
Tue, 15 Jul 2003 07:45:37 -0500


Even worse, the icmp data is uninspected.  And this bug effects both protocol
families!

What were people thinking when they wrote internet rfc's, that people might
actually try to transmit data?  Oh no!
-- 
Todd Fries .. todd@fries.net


Free Daemon Consulting, LLC                    Land: 405-748-4596
http://FreeDaemonConsulting.com              Mobile: 405-203-6124
"..in support of free software solutions."

Key fingerprint: 37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
            Key: http://todd.fries.net/pgp.txt

(last updated 2003/03/13 07:14:10)

Penned by Xavier Roche on Tue, Jul 15, 2003 at 02:24:25PM +0200, we have:
| On Tue, Jul 15, 2003 at 01:57:53PM +0200, Francis Dupont wrote:
| >    http://www.checkpoint.com/securitycenter/advisories/2003/cpai-2003-22.html
| > => Oh! If we need another bigger covert channel I can propose the
| > transport payload... Is the advisory a joke or someone announced
| > the IPv6 support when he was at the bottom of the learning curve?
| 
| There is also a great security threat in IPv4 regarding the TOS byte which can be used to transmit data. It is possible to use this header fragment "as a covert channel to pass data between peers, without being inspected". Spooky!
| 
| _______________________________________________
| 6bone mailing list
| 6bone@mailman.isi.edu
| http://mailman.isi.edu/mailman/listinfo/6bone