[LACNIC/Seguridad] Fwd: RFC 6946 on Processing of IPv6 "Atomic" Fragments

Fernando Gont fgont en si6networks.com
Mie Mayo 15 00:45:27 BRT 2013


FYI

-------- Original Message --------
Subject: RFC 6946 on Processing of IPv6 "Atomic" Fragments
Date: Tue, 14 May 2013 14:13:50 -0700 (PDT)
From: rfc-editor en rfc-editor.org
To: ietf-announce en ietf.org, rfc-dist en rfc-editor.org
CC: ipv6 en ietf.org, rfc-editor en rfc-editor.org

A new Request for Comments is now available in online RFC libraries.


        RFC 6946

        Title:      Processing of IPv6 "Atomic" Fragments
        Author:     F. Gont
        Status:     Standards Track
        Stream:     IETF
        Date:       May 2013
        Mailbox:    fgont en si6networks.com
        Pages:      9
        Characters: 18843
        Updates:    RFC 2460, RFC 5722

        I-D Tag:    draft-ietf-6man-ipv6-atomic-fragments-04.txt

        URL:        http://www.rfc-editor.org/rfc/rfc6946.txt

The IPv6 specification allows packets to contain a Fragment Header
without the packet being actually fragmented into multiple pieces (we
refer to these packets as "atomic fragments").  Such packets are
typically sent by hosts that have received an ICMPv6 "Packet Too Big"
error message that advertises a Next-Hop MTU smaller than 1280 bytes,
and are currently processed by some implementations as normal
"fragmented traffic" (i.e., they are "reassembled" with any other
queued fragments that supposedly correspond to the same original
packet).  Thus, an attacker can cause hosts to employ atomic
fragments by forging ICMPv6 "Packet Too Big" error messages, and then
launch any fragmentation-based attacks against such traffic.  This
document discusses the generation of the aforementioned atomic
fragments and the corresponding security implications.  Additionally,
this document formally updates RFC 2460 and RFC 5722, such that IPv6
atomic fragments are processed independently of any other fragments,
thus completely eliminating the aforementioned attack vector.

This document is a product of the IPv6 Maintenance Working Group of the
IETF.

This is now a Proposed Standard.

STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol.  Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor en rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


-- 
Fernando Gont
e-mail: fernando en gont.com.ar || fgont en si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1








Más información sobre la lista de distribución Seguridad