lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Wed, 25 Mar 2015 11:42:08 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	ljungmark@...io.se, spider@...eit.se
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH] ipv6: Don't reduce hop limit for an interface

From: "D. S. Ljungmark" <spider@...eit.se>
Date: Wed, 25 Mar 2015 09:29:01 +0100

> From 3ae93eb68a06ab2d9c984c6708dbc9e5f3bc8251 Mon Sep 17 00:00:00 2001
> From: "D.S. Ljungmark" <ljungmark@...io.se>
> Date: Wed, 25 Mar 2015 09:28:15 +0100
> Subject: [PATCH] ipv6: Don't reduce hop limit for an interface
> 
> A local route may have a lower hop_limit set than global routes do.
> 
> RFC 3756, Section 4.2.7, "Parameter Spoofing"
> 
>>   1.  The attacker includes a Current Hop Limit of one or another small
>>       number which the attacker knows will cause legitimate packets to
>>       be dropped before they reach their destination.
> 
>>   As an example, one possible approach to mitigate this threat is to
>>   ignore very small hop limits.  The nodes could implement a
>>   configurable minimum hop limit, and ignore attempts to set it below
>>   said limit.
> 
> Signed-off-by: D.S. Ljungmark <ljungmark@...io.se>

Applied and queued up for -stable.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists