Hi Ron, On 05/13/2015 11:39 PM, Ronald Bonica wrote: > Kathleen, > > AFAIK, most IP stacks include code that detects fragmentation overlap > attacks. (Do I have that right?) > > So, reassembly attacks shouldn't be effective whether reassembly is performed > at the GRE egress or the ultimate destination. > > If reassembly is performed at the ultimate destination, the two endpoints > might be alerted. However, if reassembly is performed at the GRE ingress, the > endpoints might never be alerted. > > Should we add a paragraph about this in Section 5 (Security Considerations). > Or is this just another type of DoS attack, which we have already mentioned?
I think it might merit a separate mention since the draft is concerned with fragmentation. You can use RFC1858 as a reference for IPv4 and RFC5722 as a reference for IPv6 for handling of the overlapping fragment problem. Thanks Suresh _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area