Actions
Feature #7761
openAdd a way to match on IPv6 proto=0 (hop-by-hop header extension)
Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
08/09/2017
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Description
https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-03#section-3.4.1
Since this EH is required to be processed by all intermediate-systems en route, it can be leveraged to perform Denial of Service attacks against the network infrastructure.
Actions