Hello, welcome to the Thursday, January 19th, 2017 edition of the Santernat Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Brussels, Belgium.

The US cert is reminding Windows administrators to disable Netbyes and SMB version 1.

Netbyes, of course, hasn't really been required since Windows XP.

And in Windows Vista with the introduction of SMPB version 2, Microsoft also faced out S&B version 1.

This does match guidance from Microsoft. Microsoft has published knowledge-based articles years ago regarding turning off net buys and SMB version 1. But apparently,

you assert, figured that they should remind users of this because some of the exploits released by Shadowbroker

recently take advantage of flaws in these protocols. And then we do have a new RFC 8021 that talks

about some of the issues with atomic fragments in IPV6.

Now atomic fragments isn't really a new problem, a lot of has been written about it,

but this RFC does summarize some of the security problems,

in particular with regards to denial of service with these fragments.

Just as a quick primer about IPV6 and fragmentation in IPV6 routers no longer fragment.

Instead, the router will just send an ICMP error message back to the source,

asking the source to fragment packets in case the packets are too

large to be forwarded to the next network segment. In addition, IPV6 does not allow any network

segments with an MTO of less than 1280 bytes. Now, what has happened in the past is that in particular, if you tunnel IPV6

over IPV4, that you may run into network segments that don't have an MTO of 120 bytes. So,

what can happen in this case is that a source receives an ICMP error message telling it to fragment a packet with an MTU of less than 120 bytes.

That's not going to happen.

What instead happens is that the source will send what's considered an atomic fragment.

An atomic fragment does have a fragmentation extension header,

...