A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IPv6 Maintenance Working Group of the IETF.
Title : Processing of IPv6 "atomic" fragments
Author(s) : Fernando Gont
Filename : draft-ietf-6man-ipv6-atomic-fragments-02.txt
Pages : 13
Date : 2012-11-06
Abstract:
The IPv6 specification allows packets to contain a Fragment Header
without the packet being actually fragmented into multiple pieces.
Such packets typically result from hosts that have received an ICMPv6
"Packet Too Big" error message that advertises a "Next-Hop MTU"
smaller than 1280 bytes, and are currently processed by some
implementations as "fragmented traffic". Thus, by forging ICMPv6
"Packet Too Big" error messages an attacker can cause hosts to employ
"atomic fragments", and then launch any fragmentation-based attacks
against such traffic. This document discusses the generation of the
aforementioned "atomic fragments", the corresponding security
implications, and formally updates RFC 2460 and RFC 5722 such that
fragmentation-based attack vectors against traffic employing "atomic
fragments" are completely eliminated.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-atomic-fragments
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-6man-ipv6-atomic-fragments-02
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-atomic-fragments-02
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
