Discussion:
[ipv6hackers] Torrents being sabotaged by IPv6
Matej Gregr
2015-06-22 08:29:28 UTC
Permalink
FYI:
http://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/

M.
Joe Klein
2015-06-22 11:13:38 UTC
Permalink
In the name of comerce and copyright protection, a specific company is
dosing a bunch of consumers. International law violation? Criminal law
violation?
Post by Matej Gregr
http://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/
M.
_______________________________________________
Ipv6hackers mailing list
http://lists.si6networks.com/listinfo/ipv6hackers
Mark ZZZ Smith
2015-06-23 01:11:39 UTC
Permalink
From: Matej Gregr <***@fit.vutbr.cz>
To: ***@lists.si6networks.com
Sent: Monday, 22 June 2015, 18:29
Subject: [ipv6hackers] Torrents being sabotaged by IPv6

FYI:
http://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/


/ When I read about this a few days ago, I thought it was pretty smart to use IPv6 in this way. However,  I don't think it is an IPv6 specific attack, I think they could have done the same thing with IPv4 RFC1918 and 100.64/10 addresses, which I think would actually probably be more effective because it would also work against IPv4 only hosts.



M.
_______________________________________________
Ipv6hackers mailing list
***@lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers
Marc Heuse
2015-06-23 05:34:56 UTC
Permalink
The attack could not be done via IPv4 as most providers filter traffic from private addresses.

The IPv6 addresses used in the torrent attack are totally random which would be trivially to filter - but then an attacker would switch to the unassigned part of the 2000::/3 address space.

But the issue is actually a protocol (or an implementation) which does not seem to have flooding protection.

Greets Marc
Post by Mark ZZZ Smith
Sent: Monday, 22 June 2015, 18:29
Subject: [ipv6hackers] Torrents being sabotaged by IPv6
http://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/
/ When I read about this a few days ago, I thought it was pretty smart to use IPv6 in this way. However, I don't think it is an IPv6 specific attack, I think they could have done the same thing with IPv4 RFC1918 and 100.64/10 addresses, which I think would actually probably be more effective because it would also work against IPv4 only hosts.
M.
_______________________________________________
Ipv6hackers mailing list
http://lists.si6networks.com/listinfo/ipv6hackers
_______________________________________________
Ipv6hackers mailing list
http://lists.si6networks.com/listinfo/ipv6hackers
Mark ZZZ Smith
2015-06-23 08:50:11 UTC
Permalink
From: Marc Heuse <***@mh-sec.de>
To: IPv6 Hackers Mailing List <***@lists.si6networks.com>
Sent: Tuesday, 23 June 2015, 15:34
Subject: Re: [ipv6hackers] Torrents being sabotaged by IPv6

The attack could not be done via IPv4 as most providers filter traffic from private addresses.

/ So I think one of the things that this attack is taking advantage of is the lack of any response to TCP SYNs, and the persistent attempts of TCP to establish a connection (IIRC from Stevens, up to 9 minutes). The sort of source address filters that ISPs put in place to drop RFC1918, 100.64/10, will drop the traffic silently (because responding with ICMP Destination Unreachable, Administratively Prohibited can consume excess control plane resources), so there will no responses to the TCP SYNs, meaning the attack could be triggered for attack for RFC1918s, 100.64/10s too.

The IPv6 addresses used in the torrent attack are totally random which would be trivially to filter - but then an attacker would switch to the unassigned part of the 2000::/3 address space.
/ In theory, packets towards any unknown destinations should fall through the Internet default free route table and also then generate ICMPv6 Destination Unreachable, No Route To Destination back to the source, preventing this attack.

But the issue is actually a protocol (or an implementation) which does not seem to have flooding protection.

/ Agree. 

Greets Marc
Post by Mark ZZZ Smith
Sent: Monday, 22 June 2015, 18:29
Subject: [ipv6hackers] Torrents being sabotaged by IPv6
http://torrentfreak.com/popular-torrents-being-sabotaged-by-ipv6-peer-flood-150619/
/ When I read about this a few days ago, I thought it was pretty smart to use IPv6 in this way. However,  I don't think it is an IPv6 specific attack, I think they could have done the same thing with IPv4 RFC1918 and 100.64/10 addresses, which I think would actually probably be more effective because it would also work against IPv4 only hosts.
M.
_______________________________________________
Ipv6hackers mailing list
http://lists.si6networks.com/listinfo/ipv6hackers
_______________________________________________
Ipv6hackers mailing list
http://lists.si6networks.com/listinfo/ipv6hackers
_______________________________________________
Ipv6hackers mailing list
***@lists.si6networks.com
http://lists.si6networks.com/listinfo/ipv6hackers

Loading...