[LACNIC/Seguridad] Habemus unpredictable Frag IDs (Fwd: I-D Action: draft-ietf-6man-predictable-fragment-id-00.txt)

Fernando Gont fgont en si6networks.com
Vie Mar 22 14:23:33 BRT 2013


El 6man wg de la IETF adoptó el I-D que habia escrito sobre Frag IDs
predecibles. EL mismo se encuentra disponible en:

Personalmente creo que trabajar en este area va a evitar problemas en el

Mis agradecimientos para quienes participaron de la discusión.

Saludos cordiales,

-------- Original Message --------
From: internet-drafts en ietf.org
To: i-d-announce en ietf.org
Subject: I-D Action: draft-ietf-6man-predictable-fragment-id-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 4.43
Message-ID: <20130322082951.1298.24590.idtracker en ietfa.amsl.com>
Date: Fri, 22 Mar 2013 01:29:51 -0700
Cc: ipv6 en ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts
 This draft is a work item of the IPv6 Maintenance Working Group of the

	Title           : Security Implications of Predictable Fragment
Identification Values
	Author(s)       : Fernando Gont
	Filename        : draft-ietf-6man-predictable-fragment-id-00.txt
	Pages           : 22
	Date            : 2013-03-21

   IPv6 specifies the Fragment Header, which is employed for the
   fragmentation and reassembly mechanisms.  The Fragment Header
   contains an "Identification" field which, together with the IPv6
   Source Address and the IPv6 Destination Address of the packet,
   identifies fragments that correspond to the same original datagram,
   such that they can be reassembled together at the receiving host.
   The only requirement for setting the "Identification" value is that
   it must be different than that of any other fragmented packet sent
   recently with the same Source Address and Destination Address.  Some
   implementations simply use a global counter for setting the Fragment
   Identification field, thus leading to predictable values.  This
   document analyzes the security implications of predictable
   Identification values, and updates RFC 2460 specifying additional
   requirements for setting the Fragment Identification, such that the
   aforementioned security implications are mitigated.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

Internet-Drafts are also available by anonymous FTP at:

IETF IPv6 working group mailing list
ipv6 en ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6

Más información sobre la lista de distribución Seguridad