{"draft":"draft-ietf-6man-ipv6-atomic-fragments-04","doc_id":"RFC6946","title":"Processing of IPv6 \"Atomic\" Fragments","authors":["F. Gont"],"format":["ASCII","HTML"],"page_count":"9","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IPv6 Maintenance","abstract":"The IPv6 specification allows packets to contain a Fragment Header\r\nwithout the packet being actually fragmented into multiple pieces (we\r\nrefer to these packets as \"atomic fragments\").  Such packets are\r\ntypically sent by hosts that have received an ICMPv6 \"Packet Too Big\"\r\nerror message that advertises a Next-Hop MTU smaller than 1280 bytes,\r\nand are currently processed by some implementations as normal\r\n\"fragmented traffic\" (i.e., they are \"reassembled\" with any other\r\nqueued fragments that supposedly correspond to the same original\r\npacket).  Thus, an attacker can cause hosts to employ atomic\r\nfragments by forging ICMPv6 \"Packet Too Big\" error messages, and then\r\nlaunch any fragmentation-based attacks against such traffic.  This\r\ndocument discusses the generation of the aforementioned atomic\r\nfragments and the corresponding security implications.  Additionally,\r\nthis document formally updates RFC 2460 and RFC 5722, such that IPv6\r\natomic fragments are processed independently of any other fragments,\r\nthus completely eliminating the aforementioned attack vector.","pub_date":"May 2013","keywords":["fragmentation","attacks","vulnerabilities","atomic fragments"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC2460","RFC5722"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6946","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc6946"}