Cisco Aggregation Services Router 9000 Series IPv6 Fragment Header Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6
IPv6 design limitation highlights by Cisco on 2013 RSA conference. Since ICMP header is in 2nd fragment. Defense mechanism especially RA guard no cue where to find (see my cartoon picture). Perhaps stateful firewall can doing the defense. Meanwhile, this issue told the world there is no real secure Internet Protocol! But this vulnerability occurs on Cisco only causes Denial of Service (reboot). At least no privileges escalation or data leakage.
I read this article completely about the difference of latest and earlier technologies, it’s remarkable article.
Wonderful post but I was wondering if you could write a
litte more on this subject? I’d be very thankful if you could elaborate a little bit further.
Thank you!
That sure is one pretty site you have there. Can I ask you a very simple question? What kind of fertilizer do you use to make it grow so wonderfully?