Fragmentation (overlapping) attacks in IPv6. Have we learned our lesson, yet?

This is a guest post from Antonios Atlasis

It has been a year since fragmentation attacks in IPv6 were last examined publicly (in Black Hat Europe 2012). Issues well known from the IPv4 era appeared again in IPv6. Surprisingly enough, some of the most popular Operating Systems (OS), included ones considered “secure”, were proven to be vulnerable to such attacks, although fragmentation overlapping is strictly forbidden in IPv6 since 2009 (RFC5722). Some other OS, although in a better shape, still appeared to have some issues in specific cases.

But a year has already passed since then and the vendors should have fixed these issues now; or not? Definitely, a significant progress (in some cases) has been made but, is this enough? In the IPv6 Security Summit that will take place during Troopers13, in the “Fragmentation Overlapping Attacks Against IPv6: One Year Later” presentation, various fragmentation overlapping scenarios will be tested to examine if such attacks can still be successful or not. Detailed results of extensive tests will be presented and any non-compliant behaviors will be further discussed regarding the potential security implications.

However, fragmentation overlapping attacks are not the only attacks that can be launched against IPv6 using fragmentation. Tiny fragments, atomic fragments, predicted fragment identification values and many more (attacker’s imagination is the limit) are some other issues related with fragmentation that, under specific circumstances, can lead to serious security flaws. Some of these cases will also be examined and potential security implications will be discussed.

All the aforementioned issues and the related discussion raise the initial question again: Have we learned our lesson, at least now? Are the so called “IPv6-ready” products (including OS and security devices) strictly following the corresponding RFCs and are they tested thoroughly before claiming readiness? How easy is it for someone with some knowledge of the RFCs and small scripting skills to crash kernels, to DoS popular OS or to evade famous IDS systems?

The answer to these questions will be given during the IPv6 Security Summit in Troopers. Armed with the acquired knowledge, we shall be able to mitigate the risk of such attacks either by using quick and “dirty” solutions or by proposing proper implementation methods. Doing so, we will take one small step forward to make the (IPv6) world a safer place.

Leave a Reply

Your email address will not be published. Required fields are marked *