[ipv6hackers] Fwd: RFC 6946 on Processing of IPv6 "Atomic" Fragments
Fernando Gont
fgont at si6networks.com
Fri May 17 15:45:49 CEST 2013
Hi, folks,
FYI.
-------- Original Message --------
Subject: RFC 6946 on Processing of IPv6 "Atomic" Fragments
Date: Tue, 14 May 2013 14:13:50 -0700 (PDT)
From: rfc-editor at rfc-editor.org
To: ietf-announce at ietf.org, rfc-dist at rfc-editor.org
CC: ipv6 at ietf.org, rfc-editor at rfc-editor.org
A new Request for Comments is now available in online RFC libraries.
RFC 6946
Title: Processing of IPv6 "Atomic" Fragments
Author: F. Gont
Status: Standards Track
Stream: IETF
Date: May 2013
Mailbox: fgont at si6networks.com
Pages: 9
Characters: 18843
Updates: RFC 2460, RFC 5722
I-D Tag: draft-ietf-6man-ipv6-atomic-fragments-04.txt
URL: http://www.rfc-editor.org/rfc/rfc6946.txt
The IPv6 specification allows packets to contain a Fragment Header
without the packet being actually fragmented into multiple pieces (we
refer to these packets as "atomic fragments"). Such packets are
typically sent by hosts that have received an ICMPv6 "Packet Too Big"
error message that advertises a Next-Hop MTU smaller than 1280 bytes,
and are currently processed by some implementations as normal
"fragmented traffic" (i.e., they are "reassembled" with any other
queued fragments that supposedly correspond to the same original
packet). Thus, an attacker can cause hosts to employ atomic
fragments by forging ICMPv6 "Packet Too Big" error messages, and then
launch any fragmentation-based attacks against such traffic. This
document discusses the generation of the aforementioned atomic
fragments and the corresponding security implications. Additionally,
this document formally updates RFC 2460 and RFC 5722, such that IPv6
atomic fragments are processed independently of any other fragments,
thus completely eliminating the aforementioned attack vector.
This document is a product of the IPv6 Maintenance Working Group of the
IETF.
This is now a Proposed Standard.
STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements. Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
http://www.ietf.org/mailman/listinfo/ietf-announce
http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the Ipv6hackers
mailing list