Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Implications of Predictable Fragment Identification Values

Published by响爪 愈 Modified over 7 years ago

Similar presentations

Presentation on theme: "Security Implications of Predictable Fragment Identification Values"— Presentation transcript:

1 Security Implications of Predictable Fragment Identification Values
(draft-gont-6man-predictable-fragment-id) Fernando Gont SI6 Networks IETF 84 Vancouver, Canada. July 29-August 3, 2012

2 Generation of Fragment IDs
At any given time, the tuple (Src. Addr., Dst. Addr., Frag ID) must be unique Page 19 of RFC 2460 notes that: “it is assumed that the requirement can be met by maintaining the Identification value as a simple, 32-bit, "wrap-around" counter, incremented each time a packet must be fragmented. It is an implementation choice whether to maintain a single counter for the node or multiple counters, e.g., one for each of the node's possible source addresses, or one for each active (source address, destination address) combination”

3 Sec. Implications of Predictable Frag. IDs
Most of them known from the IPv4 world They allow an attacker to: perform a Denial of Service (DoS) attacks obtain information about the number of packets transmitted by a target node determine the packet rate perform stealth port scans to a third-party uncover the rules of a number of firewalls count the number of systems behind a middle-box etc.

4 What did real implementations do?
Operating System Fragment Identification FreeBSD 9.0 Randomized NetBSD 5.1 OpenBSD-current Randomized (based on SKIPJACK) Linux Predictable (GC init. to 0, incr. by +1) Linux-current Unpredictable (PDC init. to random value) Solaris 10 Predictable (PDC, init. to 0) Windows 7 Home Prem. Predictable (GC, init. to 0, incr. by +2) GC: Global Counter PDC: Per-Destination Counter

5 draft-gont-6man-predictable-fragment-id
Formally requires that the Frag ID is not easily guessable by off-path attackers Specifies a number of algorithms that could be employed to achieve that goal Pros and cons are discussed But it is up to the implementation which specific algorithm is employed

6 draft-gont-6man-predictable-fragment-id
Why bother? Because we do not want to repeat IPv4's history with the Frag ID Should I care? Yes If not convinced, try these tools (frag6, icmp6):

7 Moving forward Adopt this document as a 6man wg item?

8 Feedback? Fernando Gont

Download ppt "Security Implications of Predictable Fragment Identification Values"

Similar presentations

73rd IETF meeting, November 16-21, 2008

73rd IETF meeting, November 16-21, 2008
Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.

TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.
NAT Network Address Translation Presented by Snoopers Eduardo Segura Shenal Shroff Shinichi Nishiyama Suyou He Thu Nguyen.

NAT Network Address Translation Presented by Snoopers Eduardo Segura Shenal Shroff Shinichi Nishiyama Suyou He Thu Nguyen.
Mitigating Teredo Routing Loop Attacks (draft-gont-6man-teredo-loops-00 ) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, 2010. Beijing, China.

Mitigating Teredo Routing Loop Attacks (draft-gont-6man-teredo-loops-00 ) Fernando Gont on behalf of UK CPNI IETF 79 November 7-12, Beijing, China.
Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.

Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.
Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA.

Port randomization (draft-ietf-tsvwg-port-randomization) Michael Larsen & Fernando Gont 73rd IETF Meeting, November 16-21, 2008 Minneapolis, MN, USA.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.

Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker 2008-11-17.

IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Implementation of Flow Management in MIPv6 Environment draft-soliman-monami6-flow-binding-03.txt Umar Toseef University of Bremen.

Implementation of Flow Management in MIPv6 Environment draft-soliman-monami6-flow-binding-03.txt Umar Toseef University of Bremen.
IIT Indore © Neminath Hubballi

IIT Indore © Neminath Hubballi
Covert Communications Simple Nomad DC214 - 11Feb2004.

Covert Communications Simple Nomad DC Feb2004.
ICMP attacks against TCP draft-ietf-tcpm-icmp-attacks-01.txt Fernando Gont (UTN/FRH) 67 th IETF Meeting, San Diego, California, USA November 5-10, 2006.

ICMP attacks against TCP draft-ietf-tcpm-icmp-attacks-01.txt Fernando Gont (UTN/FRH) 67 th IETF Meeting, San Diego, California, USA November 5-10, 2006.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.

Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,

Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

Similar presentations

Ads by Google