Overlapping fragments in IPv6 and firewalls

Suresh Krishnan <suresh.krishnan@ericsson.com> Mon, 14 July 2008 23:27 UTC

Return-Path: <ipv6-bounces@ietf.org>
X-Original-To: ipv6-archive@megatron.ietf.org
Delivered-To: ietfarch-ipv6-archive@core3.amsl.com
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id 4EED63A67D4; Mon, 14 Jul 2008 16:27:16 -0700 (PDT)
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 57E963A67A4 for <ipv6@core3.amsl.com>; Mon, 14 Jul 2008 16:27:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.562
X-Spam-Status: No, score=-6.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZRkIxHS-5T9W for <ipv6@core3.amsl.com>; Mon, 14 Jul 2008 16:27:14 -0700 (PDT)
Received: from imr2.ericy.com (imr2.ericy.com []) by core3.amsl.com (Postfix) with ESMTP id 286293A6B0B for <ipv6@ietf.org>; Mon, 14 Jul 2008 16:26:55 -0700 (PDT)
Received: from eusrcmw751.eamcs.ericsson.se (eusrcmw751.exu.ericsson.se []) by imr2.ericy.com (8.13.1/8.13.1) with ESMTP id m6ENRLe6013534 for <ipv6@ietf.org>; Mon, 14 Jul 2008 18:27:21 -0500
Received: from eusrcmw750.eamcs.ericsson.se ([]) by eusrcmw751.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 Jul 2008 18:27:21 -0500
Received: from [] ([]) by eusrcmw750.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 Jul 2008 18:27:21 -0500
Message-ID: <487BE16C.4030103@ericsson.com>
Date: Mon, 14 Jul 2008 19:29:48 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
User-Agent: Thunderbird (X11/20080505)
MIME-Version: 1.0
To: IETF IPv6 Mailing List <ipv6@ietf.org>
Subject: Overlapping fragments in IPv6 and firewalls
Content-Type: multipart/mixed; boundary="------------040302090609080508010804"
X-OriginalArrivalTime: 14 Jul 2008 23:27:21.0155 (UTC) FILETIME=[29DDB930:01C8E609]
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org

Hi Folks,
   This draft describes how to use overlapping fragments in IPv6 to 
bypass firewalling restrictions. It recommends disallowing overlapping 
fragments in IPv6.


-------- Original Message --------
Subject: I-D Action:draft-krishnan-6man-overlap-fragment-01.txt
Date: Mon, 14 Jul 2008 14:15:02 -0700 (PDT)
From: Internet-Drafts@ietf.org
Reply-To: internet-drafts@ietf.org
To: i-d-announce@ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts 

	Title           : Issues with overlapping IPv6 fragments
	Author(s)       : S. Krishnan
	Filename        : draft-krishnan-6man-overlap-fragment-01.txt
	Pages           : 7
	Date            : 2008-07-13

The fragmentation and reassembly algorithm specified in the base IPv6
specification allows fragments to overlap.  This document
demonstrates the security issues with allowing overlapping fragments
and updates the IPv6 specification to explicitly forbid overlapping

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the

IETF IPv6 working group mailing list
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6