On 04/28/2012 05:28 PM, Joel M. Halpern wrote: > It seems to me that the proposed document is a partial fix to a marginal > problem. > Yes, I take it as given that if I followed the references I wind find > descriptions of the attacks. I do see how one could force fragmented > packets if one knew that A was talking to B at the current moment.
Just send an ICMPv6 PTB claiming an MTU smaller than 1280 bytes, and you're done. Now think about you favourite application running on two known systems. It just takes you one ICMPv6 PTB to trigger fragmentation, one ping6 to sample the Frag ID, and further (rather low-rate) fragments that will cause collisions, leading to DoS -- and it si very easy to maintaint that DoS state. Dumb/idle scans have also been well-known since the IPv4 era, and trivial to exploit (for instance, nmap implements this vector). We produced tools to test these things, and have been trying to help vendors. Most vendors cared (http://www.ietf.org/proceedings/83/slides/slides-83-6man-10.pdf), as they did at the time for IPv4 case. So IMO it would be weird for us to not be willing to do our part (maintain our specs), when others have done theirs (fix their implementations). Just my two cents. Best regards, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
