Overlapping fragments in IPv6 and firewalls

To: IETF IPv6 Mailing List <ipv6 at ietf.org>
Subject: Overlapping fragments in IPv6 and firewalls
From: Suresh Krishnan <suresh.krishnan at ericsson.com>
Date: Mon, 14 Jul 2008 19:29:48 -0400
Delivered-to: ietfarch-ipv6-web-archive at core3.amsl.com
Delivered-to: ipv6 at core3.amsl.com
List-archive: <https://www.ietf.org/mailman/private/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
Sender: ipv6-bounces at ietf.org
User-agent: Thunderbird 2.0.0.14 (X11/20080505)

Hi Folks,

This draft describes how to use overlapping fragments in IPv6 tobypass firewalling restrictions. It recommends disallowing overlappingfragments in IPv6.


Thanks
Suresh


-------- Original Message --------
Subject: I-D Action:draft-krishnan-6man-overlap-fragment-01.txt
Date: Mon, 14 Jul 2008 14:15:02 -0700 (PDT)
From: Internet-Drafts at ietf.org
Reply-To: internet-drafts at ietf.org
To: i-d-announce at ietf.org

A New Internet-Draft is available from the on-line Internet-Draftsdirectories.


	Title           : Issues with overlapping IPv6 fragments
	Author(s)       : S. Krishnan
	Filename        : draft-krishnan-6man-overlap-fragment-01.txt
	Pages           : 7
	Date            : 2008-07-13

The fragmentation and reassembly algorithm specified in the base IPv6
specification allows fragments to overlap.  This document
demonstrates the security issues with allowing overlapping fragments
and updates the IPv6 specification to explicitly forbid overlapping
fragments.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-krishnan-6man-overlap-fragment-01.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

<<< Message/External-body; name="draft-krishnan-6man-overlap-fragment-01.txt": Unrecognized >>>

_______________________________________________
I-D-Announce mailing list
I-D-Announce at ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Follow-Ups:
- Re: {Blocked Content} Overlapping fragments in IPv6 and firewalls
  - From: Doug Montgomery

Prev by Date: [Fwd: I-D Action:draft-krishnan-ipv6-exthdr-03.txt]
Next by Date: I-D Action:draft-ietf-6man-reserved-iids-01.txt
Previous by thread: [Fwd: I-D Action:draft-krishnan-ipv6-exthdr-03.txt]
Next by thread: Re: {Blocked Content} Overlapping fragments in IPv6 and firewalls
Index(es):
- Date
- Thread

Overlapping fragments in IPv6 and firewalls

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.