Post AkjMJADgApH53M29wW by pete_wright@nlogic.systems
 (DIR) More posts by pete_wright@nlogic.systems
 (DIR) Post #AkjMJADgApH53M29wW by pete_wright@nlogic.systems
       2024-08-07T17:27:23.030884Z
       
       0 likes, 1 repeats
       
       howdy - any #freebsd or networking folks smarter about #pf than me willing to help dumb down the real impact of this advisory from today:https://www.freebsd.org/security/advisories/FreeBSD-SA-24:05.pf.ascif i'm reading section III correctly it seems like a host could bypass pf to successfully ping6 a system when it shouldn't.  could that easily be pivoted to something larger, or would it mostly be an information type leak?
       
 (DIR) Post #AkjMJAzBKDGvQgG5z6 by feld@bikeshed.party
       2024-08-07T17:31:19.536116Z
       
       0 likes, 0 repeats
       
       @pete_wright It's kind of a nothingburger IMOSo, they're abusing a bug in the firewall state tracking for ICMPv6.How?First, send a Neighbor Discovery packet. Those aren't routed across the internet, so the attacker needs to be on the same broadcast domain. They're either on your internal network (with pf protecting individual servers) or talking directly to your firewall (internal, or on your ISP/upstream side)After sending the ND packet, they can follow it up immediately with a ping and possibly get a response.I mean, it's not great that this is possible but they basically need to know what they're probing otherwise they're still going to be defeated by the vastness of the IPv6 address space