[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPv6 Fragment Overlap not Forbidden



While writing the recent draft on NAT-PT deprecation, I had occasion to
review RFC1838 and RFC3128 which relate to security threats with fragmented
IPv4 packets.  One of the problems was that the IPv4 specification allowed
for fragments to overlap.  It appears that the general assumption is that
IPv6 stacks would not allow fragments to overlap but looking at RFC2460 the
reconstruction algorithm specification does not forbid overlaps. If RFC2460
gets revved this point should be included.

Regards,
Elwyn 

----------------------------------------------------------------------------
------

Elwyn B Davies

        Routing and Addressing Strategy Prime & IPv6 Core Team Leader
        CTO Office, Portfolio Integration		Solutions Ready


        Nortel Networks plc			Email:
elwynd@nortelnetworks.com
        Harlow Laboratories     		ESN
6-742-5498
        London Road, Harlow,    		Direct Line
+44-1279-405498
        Essex, CM17 9NA, UK     		Fax
+44-1279-402047
        Registered Office: 			Maidenhead Office Park,
Westacott Way,
        Company No. 3937799			Maidenhead, Berkshire, SSL6
3QH
----------------------------------------------------------------------------
This message may contain information proprietary to Nortel Networks plc so
any
unauthorised disclosure, copying or distribution of its contents is strictly
prohibited.
----------------------------------------------------------------------------
"The Folly is mostly mine"
and the opinions are mine and not those of my employer.	a
============================================================================
======



--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------