Survey of implementations (Re: I-D Action: draft-ietf-6man-predictable-fragment-id-04.txt)
Fernando Gont <fernando@gont.com.ar> Tue, 10 March 2015 01:18 UTC
Return-Path: <fernando@gont.com.ar>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FFDE1ACEEE for <ipv6@ietfa.amsl.com>; Mon, 9 Mar 2015 18:18:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQVAL2w_G-uT for <ipv6@ietfa.amsl.com>; Mon, 9 Mar 2015 18:18:28 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:8240:6:a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94C8B1ACEAC for <ipv6@ietf.org>; Mon, 9 Mar 2015 18:18:28 -0700 (PDT)
Received: from cl-1071.udi-01.br.sixxs.net ([2001:1291:200:42e::2]) by web01.jbserver.net with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <fernando@gont.com.ar>) id 1YV8oU-00011C-Qm; Tue, 10 Mar 2015 02:18:27 +0100
Message-ID: <54FE465C.4010409@gont.com.ar>
Date: Tue, 10 Mar 2015 02:18:20 +0100
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: "6man-chairs@tools.ietf.org" <6man-chairs@tools.ietf.org>
Subject: Survey of implementations (Re: I-D Action: draft-ietf-6man-predictable-fragment-id-04.txt)
References: <20150309235956.29342.98542.idtracker@ietfa.amsl.com>
In-Reply-To: <20150309235956.29342.98542.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/rlWHtyM59gXJPO7hGQvJzj_cM18>
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 01:18:30 -0000
Folks, FWIW, this latest rev adds more implementations to the survey, and shows that there still are current OS implementations vulnerable to these issues. Thanks, Fernando On 03/10/2015 12:59 AM, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the IPv6 Maintenance Working Group of the IETF. > > Title : Security Implications of Predictable Fragment Identification Values > Author : Fernando Gont > Filename : draft-ietf-6man-predictable-fragment-id-04.txt > Pages : 16 > Date : 2015-03-09 > > Abstract: > IPv6 specifies the Fragment Header, which is employed for the > fragmentation and reassembly mechanisms. The Fragment Header > contains an "Identification" field which, together with the IPv6 > Source Address and the IPv6 Destination Address of a packet, > identifies fragments that correspond to the same original datagram, > such that they can be reassembled together at the receiving host. > The only requirement for setting the "Identification" value is that > it must be different than that employed for any other fragmented > packet sent recently with the same Source Address and Destination > Address. Some implementations use a simple global counter for > setting the Identification field, thus leading to predictable values. > This document analyzes the security implications of predictable > Identification values, and provides implementation guidance for > selecting the Identification field of the Fragment Header, such that > the aforementioned security implications are mitigated. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-6man-predictable-fragment-id/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-6man-predictable-fragment-id-04 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-6man-predictable-fragment-id-04 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
- I-D Action: draft-ietf-6man-predictable-fragment-… internet-drafts
- Survey of implementations (Re: I-D Action: draft-… Fernando Gont