Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-170: KAME Project IPv6 IPComp Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-170: KAME Project IPv6 IPComp Vulnerability
# 1  
Old 02-11-2008
S-170: KAME Project IPv6 IPComp Vulnerability
The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. The risk is LOW. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Assigning ipv6 to bonding interface - getting old as well as changed ipv6 in ifconfig output

Hi, I have created a bonding bond1 interface with 6 Eth , mode=4. Recently i have changed my old ipv6 to new one and tried to restart as well as reload network service. Post which i can see old as well as changed ipv6 in ifconfig command output. Below are few files and command output for your... (1 Reply)
Discussion started by: omkar.jadhav
1 Replies

2. AIX

creo 44p-170 trendsetter aix 4.3.3.0

Hello Gentlemen, I have a 44p-170 CREO computer that conects to Trendsetter 800 quamtum ans one printer console, I have Problem with cable connections, someone knows how to interconnect whith them, thanks. Please understand that, to ensure a common convening platform, is English only. I have... (0 Replies)
Discussion started by: allanlikan
0 Replies

3. AIX

IBM 44p-170 boot problems

I am trying to install AIX 4.3 on a 44P-170 and am having problems. I have the 44P connected to a laptop through the serial port and am trying to boot from the IBM AIX 4.3 CD and I can only get as far as the SMS (I believe) screen. The current Processor Firmware is sh040616 and the system... (3 Replies)
Discussion started by: SeanU
3 Replies

4. UNIX for Dummies Questions & Answers

IBM 44p-170 boot problems

Post moved to more adequate group: AIX https://www.unix.com/aix/84704-ibm-44p-170-boot-problems.html (2 Replies)
Discussion started by: vbe
2 Replies

5. AIX

connecting to service processor on 44P 170

I dont have an ascii terminal to hook upto this thing, trying to use my laptop but it doesnt seem to want to communicate, is there a special cable i should be using for this? (1 Reply)
Discussion started by: BG_JrAdmin
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

ndisc6

NDISC6(8)						      System Manager's Manual							 NDISC6(8)

NAME

       ndisc6 - ICMPv6 Neighbor Discovery tool

SYNOPSIS

       ndisc6 [-1mnqv] [-r attempts] [-w wait_ms] < IPv6 address> <iface>

DESCRIPTON

       NDisc6  is  an  Unix  program which implements the ICMPv6 Neighbor Discovery in userland (it is normally done by the kernel). It is used to
       lookup the link-layer address (layer 2 address, MAC in the case of Ethernet) of any on-link IPv6 node.

       The IPv6 address of the node must be specified, as well as the networking interface on which to perform the lookup.

OPTIONS

       -1 or --single
	      Exit as soon as the first advertisement is received (default).

       -h or --help
	      Display some help and exit.

       -m or --multiple
	      Wait for possible duplicate advertisements and print all of them.

       -n or --numeric
	      If the first parameter is not a valid IPv6 address, do not try to resolve it as a DNS hostname.

       -q or --quiet
	      Only display link-layer address. Display nothing in case of failure.  That is mostly useful when calling the program  from  a  shell
	      script.

       -r attempts or --retry attempts
	      Send  ICMPv6  Neighbor  Discovery  that  many  times until a reply is received, or abort. By default, ndisc6 will try 3 times before
	      aborting (MAX_MULTICAST_SOLICIT and MAX_UNICAST_SOLICIT from RFC2461).

       -V or --version
	      Display program version and license and exit.

       -v or --verbose
	      Display verbose information. That is the default.

       -w wait_ms or --wait wait_ms
	      Wait wait_ms milliseconds for a response before retrying.  By default, ndisc6 waits 1 second between  each  attempts  (RETRANS_TIMER
	      from RFC2461).

DIAGNOSTICS

       If  you	get no response while you know the remote host is up, it is most likely that it is not on-link, that is to say, you must cross one
       or more routers to reach it. By design, IPv6 nodes ignore ICMPv6 Neighbor Discovery packets received from nodes not on the same link  (i.e.
       Ethernet segment), for the sake of security. Technically, that is done by ensuring that the Hop limit (TTL) is 255.

       Note that you cannot use ndisc6 to lookup the local host's link-layer address.

SECURITY

       ndisc6  should  be setuid root to allow use by non privileged users. It will drop its root privileges before any attempt is made to send or
       receive data from the network to reduce the possible impact of a security vulnerability.

SEE ALSO

       ping6(8), rdisc6(8), ipv6(7)

AUTHOR

       Remi Denis-Courmont <remi at remlab dot net>

       $Id: ndisc6.8 658 2010-10-31 20:56:30Z remi $

       http://www.remlab.net/ndisc6/

ndisc6					      $Date: 2010-10-31 22:56:30 +0200 (dim. 31 oct. 2010) $					 NDISC6(8)