[ipv6hackers] IPv6 Security research

Fernando Gont fgont at si6networks.com
Mon Mar 26 18:01:04 CEST 2012

On 03/26/2012 02:39 PM, Marc Heuse wrote:

> here is how to bypass your recommended fixes:
> send the following 1st packet:
> ipv6 | fragmentationhdr | dsthdr (1200 bytes) | icmp6 echo request
> (fragmented)
> and then the 2nd packet:
> ipv6 | fragmentationhdr | dsthdr (8bytes) | icmp6 router advertisement
> where the frag id is the same and the offset of the 2nd packet points to
> byte 1992 of the dsthdr in the first pkt.

Ok, I see where you're going. But overlapping fragments are already
forbidden, and that behaviour is already implemented at least in current
versions of most operating systems.

For example, please check the table at:

>>> P.S. funny that you are doing your IPv6 talk after my keynote at hackito
>>> ergo sum in Paris in a few weeks. I have the feeling this is not a
>>> coincidence :-)
>> Not sure what you mean...
> those who can read the agenda are in advantage:
> http://2012.hackitoergosum.org/blog/schedule/schedule
> ;-)

Yep, but I didn't understand the comment you made about the order... Did
you imply that your presentation is going to be about IPv6 security?

Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list