Skip to content
ndb217's profile

New problem solver

 • 

41 Messages

Fri, Mar 17, 2017 8:00 AM

Reproducible denial of service of Netgear CPE running native IPv6

Before everyone overreacts to the term "denial of service", lets clearly define what that means: Any action that can cause an unexpected service interruption. I would not expect this to be something that anyone whout knowledge of a specific address pool to do and it's not something I consider to be a security issue, per se. 

 

There are a host of other gotchas with the Netgear CPE, but the most egregious that I can find seems to be that I can functionally DoS the device nightly by doing regular IPv6 latency tests to all of my dual stacked hosts on IPv6. My guess is that the firmware has a memory leak in the state table because latency increses until the modem is rebooted when it runs native IPv6. I have been seeing this behavior since I got the native allocation - it never happened with a tunnel. However, when I enabled latency testing to the interior LAN devices for IPv6, it became very clear that it was a real issue. Attached is what I see nightly from an outside host. Screen Shot 2017-03-17 at 9.59.38 AM.png

The issue affects IPv4 as well, even from an internal test point to an internal address on the modem, which is what makes me thing it is a resource exhaustoin issue. 

I've solved this as best as I can by just not testing latency to the internal hosts from outside, but realistically, this is a pretty serious problem if Comcast plans to truly support IPv6. As a data point, the Cisco just didn't work at all unless it was bridged - which defeats the act of having static addresses. 

 

Responses

New problem solver

 • 

41 Messages

4 years ago

Sadly, I can report that I can in fact repeat this, and also prevent it. As of yesterday I started running my latency tests internally and reporting via an internal probe, disabling the external to internal tests. Attached is a graph of the same device (the modems inside IPv6 address facing my gear). Screen Shot 2017-03-18 at 9.26.46 AM.png

Clearly that is a major change. I don't have a huge amount of devices, less than 50, but all of them are dual stacked with the exception of 3 embedded devices.