This Internet-Draft is no longer active. Unofficial copies of old Internet-Drafts can be found here:
The IPv6 specification allows packets to contain a Fragment Header without
the packet being actually fragmented into multiple pieces (we refer to these packets as
"atomic fragments"). Such packets are typically sent by hosts that have received an ICMPv6
"Packet Too Big" error message that advertises a Next-Hop MTU smaller than 1280 bytes,
and are currently processed by some implementations as normal "fragmented traffic" (i.e., they are
"reassembled" with any other queued fragments that supposedly correspond to the same original packet).
Thus, an attacker can cause hosts to employ atomic fragments by forging ICMPv6 "Packet
Too Big" error messages, and then launch any fragmentation-based attacks against such traffic. This
document discusses the generation of the aforementioned atomic fragments and the corresponding security implications.
Additionally, this document formally updates RFC 2460 and RFC 5722, such that IPv6 atomic
fragments are processed independently of any other fragments, thus completely eliminating
the aforementioned attack vector.
Fernando Gont <email@example.com>
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)