Project

General

Profile

Bug #2696

IPv6 Router Advertisment flood causing 100% CPU usage

Added by Adam Števko almost 8 years ago.

Status:
New
Priority:
High
Assignee:
-
Category:
-
Start date:
2012-05-07
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

Announcement: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt

Description: When some evil on-link host starts flooding ff02::1 with ICMPv6 Router Advertisments, Illumos is using 100% CPU. This is caused by IPv6 suffix address generation of every received Router Advertisment.

Hotfix:
Accept RAs only from gateway, turn off route discovery (will make SLAAC unusable), disable IPv6

Fix:
Other operating systems discard RAs if threshold is reached. The example fix will be posted later.

How to reproduce:

1) spam ff02::1 with IPv6 RAs


Files

ipv6_ra.cap (1.53 MB) ipv6_ra.cap snoop file Adam Števko, 2012-05-07 06:15 PM
dmesg.log (22.7 KB) dmesg.log dmesg output Adam Števko, 2012-05-07 06:15 PM

Also available in: Atom PDF