[rfc-dist] RFC 6946 on Processing of IPv6 "Atomic" Fragments

rfc-editor at rfc-editor.org rfc-editor at rfc-editor.org
Tue May 14 14:13:50 PDT 2013


A new Request for Comments is now available in online RFC libraries.

        
        RFC 6946

        Title:      Processing of IPv6 "Atomic" Fragments 
        Author:     F. Gont
        Status:     Standards Track
        Stream:     IETF
        Date:       May 2013
        Mailbox:    fgont at si6networks.com
        Pages:      9
        Characters: 18843
        Updates:    RFC 2460, RFC 5722

        I-D Tag:    draft-ietf-6man-ipv6-atomic-fragments-04.txt

        URL:        http://www.rfc-editor.org/rfc/rfc6946.txt

The IPv6 specification allows packets to contain a Fragment Header
without the packet being actually fragmented into multiple pieces (we
refer to these packets as "atomic fragments").  Such packets are
typically sent by hosts that have received an ICMPv6 "Packet Too Big"
error message that advertises a Next-Hop MTU smaller than 1280 bytes,
and are currently processed by some implementations as normal
"fragmented traffic" (i.e., they are "reassembled" with any other
queued fragments that supposedly correspond to the same original
packet).  Thus, an attacker can cause hosts to employ atomic
fragments by forging ICMPv6 "Packet Too Big" error messages, and then
launch any fragmentation-based attacks against such traffic.  This
document discusses the generation of the aforementioned atomic
fragments and the corresponding security implications.  Additionally,
this document formally updates RFC 2460 and RFC 5722, such that IPv6
atomic fragments are processed independently of any other fragments,
thus completely eliminating the aforementioned attack vector.

This document is a product of the IPv6 Maintenance Working Group of the IETF.

This is now a Proposed Standard.

STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol.  Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


More information about the rfc-dist mailing list