| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20150325.114208.540509748559553203.davem@davemloft.net> Date: Wed, 25 Mar 2015 11:42:08 -0400 (EDT) From: David Miller <davem@...emloft.net> To: ljungmark@...io.se, spider@...eit.se Cc: netdev@...r.kernel.org Subject: Re: [PATCH] ipv6: Don't reduce hop limit for an interface From: "D. S. Ljungmark" <spider@...eit.se> Date: Wed, 25 Mar 2015 09:29:01 +0100 > From 3ae93eb68a06ab2d9c984c6708dbc9e5f3bc8251 Mon Sep 17 00:00:00 2001 > From: "D.S. Ljungmark" <ljungmark@...io.se> > Date: Wed, 25 Mar 2015 09:28:15 +0100 > Subject: [PATCH] ipv6: Don't reduce hop limit for an interface > > A local route may have a lower hop_limit set than global routes do. > > RFC 3756, Section 4.2.7, "Parameter Spoofing" > >> 1. The attacker includes a Current Hop Limit of one or another small >> number which the attacker knows will cause legitimate packets to >> be dropped before they reach their destination. > >> As an example, one possible approach to mitigate this threat is to >> ignore very small hop limits. The nodes could implement a >> configurable minimum hop limit, and ignore attempts to set it below >> said limit. > > Signed-off-by: D.S. Ljungmark <ljungmark@...io.se> Applied and queued up for -stable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists