Fernando Gont
Fernando Gont is currently Staff Platform Security Engineer at Yalo.
Gont has over twenty years of industry experience in the fields of Internet engineering and information security, working for private and governmental organizations from around the world.
Before joining Yalo, he was a security consultant and researcher at SI6 Networks, Director of Information Security at EdgeUno, and consulted for organizations such as the UK National Infrastructure Security Co-ordination Centre (NISCC), the UK Centre for the Protection of National Infrastructure (CPNI), and Huawei Technologies Ltd..
Gont has been active in the Internet Engineering Task Force (IETF) for over 15 years, and has published over 36 IETF RFCs (Request For Comments) and more than a dozen IETF Internet-Drafts.
Gont has also been involved in a number of open source projects, including the SI6 Networks’ IPv6 Toolkit — a portable and comprehensive security asessment toolkit for the IPv6 protocol suite, and the SI6 Networks’ IoT-toolkit. He has also contributed to the OpenBSD and FreeBSD operating systems, and to the Linux kernel.
Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 2011, Hackito Ergo Sum 2012, Hack In Paris 2013, German IPv6 Kongress 2014, H2HC 2017, and Troopers 2018. Additionally, he is a regular attendee of the Internet Engineering Task Force (IETF) meetings.
Roles
| Role | Group | |
|---|---|---|
| Reviewer | General Area Review Team (Gen-ART) (genart) | fgont@si6networks.com |
RFCs (40)
| RFC | Date | Title | Cited by |
|---|---|---|---|
| RFC 5461 | Feb 2009 | TCP's Reaction to Soft Errors | 13 RFCs |
| RFC 5482 | Mar 2009 | TCP User Timeout Option | 5 RFCs |
| RFC 5927 | Jul 2010 | ICMP Attacks against TCP | 17 RFCs |
| RFC 6056 | Jan 2011 | Recommendations for Transport-Protocol Port Randomization | 50 RFCs |
| RFC 6093 | Jan 2011 | On the Implementation of the TCP Urgent Mechanism | 6 RFCs |
| RFC 6191 | Apr 2011 | Reducing the TIME-WAIT State Using TCP Timestamps | 6 RFCs |
| RFC 6274 | Jul 2011 | Security Assessment of the Internet Protocol Version 4 | 9 RFCs |
| RFC 6528 | Feb 2012 | Defending against Sequence Number Attacks | 10 RFCs |
| RFC 6633 | May 2012 | Deprecation of ICMP Source Quench Messages | 7 RFCs |
| RFC 6814 | Nov 2012 | Formally Deprecating Some IPv4 Options | 2 RFCs |
| RFC 6918 | Apr 2013 | Formally Deprecating Some ICMPv4 Message Types | 1 RFC |
| RFC 6946 | May 2013 | Processing of IPv6 "Atomic" Fragments | 7 RFCs |
| RFC 6980 | Aug 2013 | Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery | 8 RFCs |
| RFC 7112 | Jan 2014 | Implications of Oversized IPv6 Header Chains | 8 RFCs |
| RFC 7113 | Feb 2014 | Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard) | 9 RFCs |
| RFC 7123 | Feb 2014 | Security Implications of IPv6 on IPv4 Networks | 4 RFCs |
| RFC 7126 | Feb 2014 | Recommendations on Filtering of IPv4 Packets Containing IPv4 Options | 3 RFCs |
| RFC 7217 | Apr 2014 | A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC) | 29 RFCs |
| RFC 7359 | Aug 2014 | Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks | 2 RFCs |
| RFC 7421 | Jan 2015 | Analysis of the 64-bit Boundary in IPv6 Addressing | 8 RFCs |
| RFC 7430 | Jul 2015 | Analysis of Residual Threats and Possible Fixes for Multipath TCP (MPTCP) | 2 RFCs |
| RFC 7610 | Aug 2015 | DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers | 14 RFCs |
| RFC 7707 | Mar 2016 | Network Reconnaissance in IPv6 Networks | 12 RFCs |
| RFC 7721 | Mar 2016 | Security and Privacy Considerations for IPv6 Address Generation Mechanisms | 25 RFCs |
| RFC 7739 | Feb 2016 | Security Implications of Predictable Fragment Identification Values | 9 RFCs |
| RFC 7872 | Jun 2016 | Observations on the Dropping of Packets with IPv6 Extension Headers in the Real World | 11 RFCs |
| RFC 7915 | Jun 2016 | IP/ICMP Translation Algorithm | 11 RFCs |
| RFC 7943 | Sep 2016 | A Method for Generating Semantically Opaque Interface Identifiers (IIDs) with the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | |
| RFC 8021 | Jan 2017 | Generation of IPv6 Atomic Fragments Considered Harmful | 5 RFCs |
| RFC 8064 | Feb 2017 | Recommendation on Stable IPv6 Interface Identifiers | 15 RFCs |
| RFC 8900 | Sep 2020 | IP Fragmentation Considered Fragile | 13 RFCs |
| RFC 8978 | Mar 2021 | Reaction of IPv6 Stateless Address Autoconfiguration (SLAAC) to Flash-Renumbering Events | 1 RFC |
| RFC 8981 | Feb 2021 | Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6 | 9 RFCs |
| RFC 9096 | Aug 2021 | Improving the Reaction of Customer Edge Routers to IPv6 Renumbering Events | 1 RFC |
| RFC 9098 | Sep 2021 | Operational Implications of IPv6 Packets with Extension Headers | 3 RFCs |
| RFC 9109 | Aug 2021 | Network Time Protocol Version 4: Port Randomization | 1 RFC |
| RFC 9288 | Aug 2022 | Recommendations on the Filtering of IPv6 Packets Containing IPv6 Extension Headers at Transit Routers | 3 RFCs |
| RFC 9414 | Jul 2023 | Unfortunate History of Transient Numeric Identifiers | |
| RFC 9415 | Jul 2023 | On the Generation of Transient Numeric Identifiers | 2 RFCs |
| RFC 9416 | Jul 2023 | Security Considerations for Transient Numeric Identifiers Employed in Network Protocols | 2 RFCs |
Active Internet-Drafts (1)
Expired Internet-Drafts (93)
- draft-gont-6man-lta
- draft-ietf-6man-slaac-renum
- draft-ietf-tcpm-tcp-security
- draft-gont-v6ops-ipv6-addressing-considerations
- draft-gont-diversity-analysis
- draft-ietf-opsec-ipv6-nd-security
- draft-gont-6man-ipv6-ula-scope
- draft-carpenter-gendispatch-rfc7221bis
- draft-smith-6man-in-flight-eh-insertion-harmful
- draft-gont-6man-address-usage-recommendations
- draft-gont-taps-address-usage-problem-statement
- draft-gont-tcpm-tcp-seq-validation
- draft-gont-6man-non-stable-iids
- draft-gont-taps-sockets-api-limitations
- draft-gont-taps-address-analysis
- draft-gont-opsec-icmp-ingress-filtering
- draft-gont-v6ops-host-configuration
- draft-gont-opsec-ipv6-firewall-reqs
- draft-gont-opsawg-firewalls-analysis
- draft-gont-6man-ipv6-universal-extension-header
- draft-gont-6man-rfc6564bis
- draft-gont-6man-ipv6-opt-transmit
- draft-gont-intarea-obsolete-eid-option
- draft-ietf-6man-nd-opt-validation
- draft-gont-6man-slaac-dns-config-issues
- draft-gont-6man-lla-opt-validation
- draft-liu-opsec-ds-lite-security
- draft-gont-6man-deprecate-eui64-based-addresses
- draft-ietf-opsec-icmp-filtering
- draft-gont-6man-ipv6-smurf-amplifier
- draft-gont-v6ops-slaac-issues-with-duplicate-macs
- draft-gont-opsec-ipv6-nd-shield
- draft-gont-tcpm-tcp-mirrored-endpoints
- draft-gont-tcpm-tcp-seccomp-prec
- draft-gont-6man-flowlabel-security
- draft-gont-teredo-loops
- draft-gont-6man-managing-slaac-policy
- draft-gont-6man-managing-privacy-extensions
- draft-gont-6man-teredo-loops
- draft-gont-6man-obsolete-eid-option
- draft-gont-timestamps-generation
- draft-kristoff-opsec-port-filtering
- draft-gont-behave-nat-security
- draft-gont-tcpm-connection-delays
- draft-gont-icmp-payload