Project

General

Profile

Feature #7761

Add a way to match on IPv6 proto=0 (hop-by-hop header extension)

Added by Lorenz Schori almost 3 years ago. Updated 11 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
08/09/2017
Due date:
% Done:

0%

Estimated time:

Description

https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-03#section-3.4.1

Since this EH is required to be processed by all intermediate-systems en route, it can be leveraged to perform Denial of Service attacks against the network infrastructure.

History

#1 Updated by Jim Pingle 11 months ago

  • Category set to Rules / NAT

Also available in: Atom PDF