Project

General

Profile

Actions

Feature #7761

open

Add a way to match on IPv6 proto=0 (hop-by-hop header extension)

Added by znerol znerol over 7 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
08/09/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

https://tools.ietf.org/html/draft-ietf-opsec-ipv6-eh-filtering-03#section-3.4.1

Since this EH is required to be processed by all intermediate-systems en route, it can be leveraged to perform Denial of Service attacks against the network infrastructure.

Actions

Also available in: Atom PDF