We are tracking this vulnerability as VU#930892. US-CERT strongly recommends that sites running Cisco IOS devices review the Cisco Advisory and upgrade as appropriate. This vulnerability can not be exploited one or more hops from the IOS device. The crafted packet must be sent from a local network segment to trigger the attack.
Crafted packets can not traverse a 6to4 tunnel and attack a box across the tunnel. US-CERT has not confirmed further technical details.Īccording to the Cisco Advisory, this vulnerability could be exploited by an attacker on the same IP subnet:Ĭrafted packets from the local segment received on logical interfaces (that is, tunnels including 6to4 tunnels) as well as physical interfaces can trigger this vulnerability. I'll take what little I can get.Cisco IOS contains a vulnerability in the way IPv6 packets are processed. So, more deployment and better performance. sub-optimal routing, but I'm nonetheless enjoying the irony. I'm sure much of this is due to Comcast's. It's now faster to use their IPv6 tunnel than native IPv4 to connect to Penn State. I have a free Hurricane Electric IPv6 tunnel at my house. Over the past few months, Internet2 and Hurricane Electric have added additional peering sites, first in Chicago, and most recently in New York City. As you can imagine, that made for sub-optimal performance. Last year, most of the IPv6 commodity traffic flowed through Palo Alto, California, where Internet2 peered with Hurricane Electric. Internet2 provides IPv6 transit for both commodity and research traffic. In total, 213 of 280 top-level domains have IPv6 glue.Īlso, two more Internet2 members have added IPv6 DNS: University of Louisville and Louisiana State University. pr (Puerto Rico) (note, Puerto Rico has IPv6 DNS last year, but lost it in November) So far this year, seven more domains have added IPv6-enabled their DNS servers: No update would be complete without my favorite pet topic: IPv6-reachable DNS servers. This release moves IPv6 support into the "free" IP-BASE version, and adds support for Layer 2 IPv6 security features as well. Last month, they released an update for the 3560/3750 series: IOS 12.2(50)SE. They've been rolling this policy out across their product lines. Late last year, Cisco announced a change in their IPv6 pricing policy: They no longer plan to charge extra for IPv6 features in IOS. They still have a lot left to do, but they've already got a few boxes reachable over IPv6. I look forward to the day I can stream movies to my Netflix set-top box over IPv6.ĭynDNS has announced an IPv6 plan.
It doesn't appear that they're offering any services over IPv6 yet, but this is a good first step.
Late last month, Netflix got an IPv6 allocation from ARIN, and they're advertising it in BGP. I wanted to post on a few interesting developments. Slowly, we're making progress mainstreaming IPv6.
0 kommentar(er)
