Reproducible denial of service of Netgear CPE running native IPv6
Before everyone overreacts to the term "denial of service", lets clearly define what that means: Any action that can cause an unexpected service interruption. I would not expect this to be something that anyone whout knowledge of a specific address pool to do and it's not something I consider to be a security issue, per se.
There are a host of other gotchas with the Netgear CPE, but the most egregious that I can find seems to be that I can functionally DoS the device nightly by doing regular IPv6 latency tests to all of my dual stacked hosts on IPv6. My guess is that the firmware has a memory leak in the state table because latency increses until the modem is rebooted when it runs native IPv6. I have been seeing this behavior since I got the native allocation - it never happened with a tunnel. However, when I enabled latency testing to the interior LAN devices for IPv6, it became very clear that it was a real issue. Attached is what I see nightly from an outside host.
The issue affects IPv4 as well, even from an internal test point to an internal address on the modem, which is what makes me thing it is a resource exhaustoin issue.
I've solved this as best as I can by just not testing latency to the internal hosts from outside, but realistically, this is a pretty serious problem if Comcast plans to truly support IPv6. As a data point, the Cisco just didn't work at all unless it was bridged - which defeats the act of having static addresses.
New problem solver
6 years ago
Sadly, I can report that I can in fact repeat this, and also prevent it. As of yesterday I started running my latency tests internally and reporting via an internal probe, disabling the external to internal tests. Attached is a graph of the same device (the modems inside IPv6 address facing my gear).
Clearly that is a major change. I don't have a huge amount of devices, less than 50, but all of them are dual stacked with the exception of 3 embedded devices.