{"draft":"draft-ietf-6man-nd-extension-headers-05","doc_id":"RFC6980","title":"Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery","authors":["F. Gont"],"format":["ASCII","HTML"],"page_count":"10","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IPv6 Maintenance","abstract":"This document analyzes the security implications of employing IPv6\r\nfragmentation with Neighbor Discovery (ND) messages.  It updates RFC\r\n4861 such that use of the IPv6 Fragmentation Header is forbidden in\r\nall Neighbor Discovery messages, thus allowing for simple and\r\neffective countermeasures for Neighbor Discovery attacks.  Finally,\r\nit discusses the security implications of using IPv6 fragmentation\r\nwith SEcure Neighbor Discovery (SEND) and formally updates RFC 3971\r\nto provide advice regarding how the aforementioned security\r\nimplications can be mitigated.","pub_date":"August 2013","keywords":["vulnerabilities","evasion","monitoring"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC3971","RFC4861"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6980","errata_url":null}