On 26/02/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Van Hauser held a speach at the 22C3 about attacking IPv6. > He also said that even OpenBSD is affected by some of the attacks. > > A working stream can be found here: > mms://streaming.fem.tu-ilmenau.de/ccc/22c3/2005-12-29_-_22c3_-_Saal4_Attacking_the_IPv6_Protocol_Suite/22c3_saal4_2.wmv > > If the link wont work: > http://22c3.fem.tu-ilmenau.de/index.php?action=ondemand > > I just like to know if that stuff was fixed or if it will get fixed.
There was nothing specific of OpenBSD in the talk. He briefly mentioned 'OpenBSD, FreeBSD, Linux' being used as firewalls, and said something like 'drop all not affecting IPv6'. For what I know, pf(4) "block all" rule does block both IPv4 and IPv6 traffic, doesn't it? Moreover, in pf(4) the rules by default are applicable to both IPv4 and IPv6, unless 'af inet' / 'af inet6' modifiers are specifically and _intentionally_ used, or src/dst addresses imply the af modifier. So pf(4) on *BSD is not vulnerable to the described 'lack of attention' firewall vulnerability... OpenBSD seems to have been included in the list merely because it goes as a synonym for a firewall today. :-) What exactly do you want to have fixed? Cheers, Constantine.
