[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: v6 security: covert channel through DstOptions

To: itojun@iijlab.net
Subject: Re: v6 security: covert channel through DstOptions
From: Pekka Savola <pekkas@netcore.fi>
Date: Tue, 15 Jul 2003 13:23:01 +0300 (EEST)
Cc: v6ops@ops.ietf.org
In-reply-to: <20030715101837.9C61413@coconut.itojun.org>

On Tue, 15 Jul 2003 itojun@iijlab.net wrote:
> >FYI, FWIW, I came across this:
> >
> >http://net.suug.ch/articles/2003/07/06/ip6msg.html
> >
> >.. where someone has hacked a system to pass data between the endpoints 
> >embedded in unrecognized IPv6 destination options.  Nothing new there, but 
> >now it has gone operational.
> >
> >However the attacks could be much more nastier too.
> 
> 	another URL (i don't have one with me now) noted that it is a
> 	covered channel.  i'm not sure if we can really *attack* other system
> 	with this.

Yes, indeed -- this is a method of covert channel creation only.

(Perhaps I should not have used the word "hacked [up]" to refer to coding
a mechanism from the RFC2460 specification.)

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: v6 security: covert channel through DstOptions
  - From: itojun@iijlab.net

Prev by Date: Re: v6 security: covert channel through DstOptions
Next by Date: security considerations comments on draft-ietf-v6ops-unmaneval-00.txt
Previous by thread: Re: v6 security: covert channel through DstOptions
Next by thread: security considerations comments on draft-ietf-v6ops-unmaneval-00.txt
Index(es):
- Date
- Thread