IETF moves against IPv6 threat

New Internert protocol contains old mistakes

Internet Engineering Task Force (IETF) engineers, reacting with unusual speed, have moved to address a serious security lapse in IPv6 before it becomes too widespread.

The bug, involving Type 0 Routing Headers, could allow attackers to greatly magnify the effectiveness of denial-of-service attacks, and was highlighted at a presentation at the CanSecWest security conference earlier this month. It is in fact the reappearance of an old problem that was eliminated from the current IPv4 system long ago.

The Type 0 RH bug is dangerous in itself, but according to security experts its real significance is what it portends for the internet as IPv6 becomes more widespread. It seems that IPv6 engineers have repeated many of the mistakes that existed in the old system, which are likely to take many users by surprise.

"The Type 0 RH mechanism is of no use, except for attackers, (and the) side effects against the whole infrastructure are terrible," said Philippe Biondi and Arnaud Ebalard, security researchers from EADS, at their CanSecWest presentation on the issue. "IPv6 designers did not learn from IPv4 on that point. (They) also forgot some IPv4 best practices."

Following the presentation a number of organizations issued security alerts on the issue, advising users to switch off Type 0 RH handling or block packets using the mechanism.

Engineers have now submitted two proposals to the IETF on how to address the problem, either by switching Type 0 RH handling off by default or removing it from IPv6 entirely. Because IPv6 is still not very widely deployed, industry analysts have said they expect the problem to be removed entirely within three years.

But the real problem is that other such issues are likely to pop up as IPv6 moves more toward the mainstream, since it appears that the technology has repeated many of the mistakes originally built into IPv4. While many of IPv4's bugs have been ironed out over time, those same issues will be encountered all over again as IPv6 is deployed, according to security experts.

The Type 0 RH mechanism allows a packet's sender to indicate how the packet should be routed, overriding the routing knowledge present in a network - roughly equivalent to the "source routing" option in IPv4, according to security experts.

The problem is that there is no mechanism for preventing IPv6 routing headers from being used to route packets over the same link or links many times, so that an attacker can use the mechanism to make denial-of-service attacks more than 80 times more effective. This same problem has led to the effective elimination of IPv4 source routing.

"An attacker can 'amplify' a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts," said FreeBSD developers in a security advisory.

In addition, FreeBSD said, "an attacker can use vulnerable hosts to 'concentrate' a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less."

Specific attack scenarios envisioned by Biondi and Ebalard include a "one packet crash" for IPv6-enabled Cisco routers, and the prospect of being able to "crash the IPv6 internet" or "plug off a country with a single packet".

IPv4's source routing feature allowed for similar attacks, but on a much smaller scale.

Other security implications, according to researchers, include performing remote network discovery, bypassing firewalls and getting around the Anycast system that has been put in place to protect the internet's core DNS servers from DoS attacks.

FreeBSD is advising users to put a solution in place that causes Type 0 routing headers to be ignored.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?