Survey of implementations (Re: I-D Action: draft-ietf-6man-predictable-fragment-id-04.txt)

Fernando Gont <fernando@gont.com.ar> Tue, 10 March 2015 01:18 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FFDE1ACEEE for <ipv6@ietfa.amsl.com>; Mon, 9 Mar 2015 18:18:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQVAL2w_G-uT for <ipv6@ietfa.amsl.com>; Mon, 9 Mar 2015 18:18:28 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94C8B1ACEAC for <ipv6@ietf.org>; Mon, 9 Mar 2015 18:18:28 -0700 (PDT)
Received: from cl-1071.udi-01.br.sixxs.net ([2001:1291:200:42e::2]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <fernando@gont.com.ar>) id 1YV8oU-00011C-Qm; Tue, 10 Mar 2015 02:18:27 +0100
Message-ID: <54FE465C.4010409@gont.com.ar>
Date: Tue, 10 Mar 2015 02:18:20 +0100
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: "6man-chairs@tools.ietf.org" <6man-chairs@tools.ietf.org>
Subject: Survey of implementations (Re: I-D Action: draft-ietf-6man-predictable-fragment-id-04.txt)
References: <20150309235956.29342.98542.idtracker@ietfa.amsl.com>
In-Reply-To: <20150309235956.29342.98542.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/rlWHtyM59gXJPO7hGQvJzj_cM18>
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 01:18:30 -0000

Folks,

FWIW, this latest rev adds more implementations to the survey, and shows
that there still are current OS implementations vulnerable to these issues.

Thanks,
Fernando




On 03/10/2015 12:59 AM, internet-drafts@ietf.org wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>  This draft is a work item of the IPv6 Maintenance Working Group of the IETF.
> 
>         Title           : Security Implications of Predictable Fragment Identification Values
>         Author          : Fernando Gont
> 	Filename        : draft-ietf-6man-predictable-fragment-id-04.txt
> 	Pages           : 16
> 	Date            : 2015-03-09
> 
> Abstract:
>    IPv6 specifies the Fragment Header, which is employed for the
>    fragmentation and reassembly mechanisms.  The Fragment Header
>    contains an "Identification" field which, together with the IPv6
>    Source Address and the IPv6 Destination Address of a packet,
>    identifies fragments that correspond to the same original datagram,
>    such that they can be reassembled together at the receiving host.
>    The only requirement for setting the "Identification" value is that
>    it must be different than that employed for any other fragmented
>    packet sent recently with the same Source Address and Destination
>    Address.  Some implementations use a simple global counter for
>    setting the Identification field, thus leading to predictable values.
>    This document analyzes the security implications of predictable
>    Identification values, and provides implementation guidance for
>    selecting the Identification field of the Fragment Header, such that
>    the aforementioned security implications are mitigated.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-6man-predictable-fragment-id/
> 
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-6man-predictable-fragment-id-04
> 
> A diff from the previous version is available at:
> http://www.ietf.org/rfcdiff?url2=draft-ietf-6man-predictable-fragment-id-04
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 


-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1