Overlapping IPv6 Fragments

Antonios Atlasis is an independed IT security analyst who just recently joined the Centre for Strategic Cyberspace + Security Science non-profit organization. This year he released a paper called “Attacking IPv6 Implementation Using Fragmentation“. If you are interested in the security issues that arise from IP packets fragmentation then you should read it. It describes how it can be used by attackers to elude intrusion detection systems. It also includes PoC produced with Scapy tool. Eventually, one of the results of this research is the fresh CVE-2012-4444.

Worth to note is that IETF released a standard RFC number 5722 about this topic back in December 2009. On this RFC, Suresh Krishnan from the IPv6 working group, clearly states that IPv6 specification should prevent overlapping fragments. We should clearly see adoption of this RFC by the security industry in the future.

Attacks via IP packet fragmentation are not new and they were very well documented in January 1998 by Thomas Ptacek and Timothy Newsham on the landmark paper on this topic called “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection”. Based on this paper Dug Song released a tool called fragrouter and later fragroute which implemented the techniques described in that paper. But that’s a different story and It’s my intention to write more about this topic in a near future because it’s still being discussed today.

Advertisements
Tagged , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

gb_master's /dev/null

... and I said, "Hello, Satan. I believe it's time to go."

Source Code Auditing, Reversing, Web Security

Finding Hidden codes in the software

BruteForce Lab

security, programming, devops, visualization, the cloud

Count Upon Security

Increase security awareness. Promote, reinforce and learn security skills.

Naked Security

Computer Security News, Advice and Research

Didier Stevens

(blog \'DidierStevens)

malwology

Adventures in double-clicking malware / by Anuj Soni

Rational Survivability

Hoff's Ramblings about Information Survivability, Information Centricity, Risk Management and Disruptive Innovation.

SANS Internet Storm Center, InfoCON: green

Increase security awareness. Promote, reinforce and learn security skills.

TaoSecurity

Increase security awareness. Promote, reinforce and learn security skills.

Schneier on Security

Increase security awareness. Promote, reinforce and learn security skills.

Technicalinfo.net Blog

Increase security awareness. Promote, reinforce and learn security skills.

Lenny Zeltser

Increase security awareness. Promote, reinforce and learn security skills.

Krebs on Security

In-depth security news and investigation

%d bloggers like this: