×
Well done. You've clicked the tower. This would actually achieve something if you had logged in first. Use the key for that. The name takes you home. This is where all the applicables sit. And you can't apply any changes to my site unless you are logged in.

Our policy is best summarized as "we don't care about _you_, we care about _them_", no emails, so no forgetting your password. You have no rights. It's like you don't even exist. If you publish material, I reserve the right to remove it, or use it myself.

Don't impersonate. Don't name someone involuntarily. You can lose everything if you cross the line, and no, I won't cancel your automatic payments first, so you'll have to do it the hard way. See how serious this sounds? That's how serious you're meant to take these.

×
Register


Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.
  • Your password can’t be too similar to your other personal information.
  • Your password must contain at least 8 characters.
  • Your password can’t be a commonly used password.
  • Your password can’t be entirely numeric.
Enter the same password as before, for verification.
Login

Grow A Dic
Define A Word
Make Space
Set Task
Mark Post
Apply Votestyle
Create Votes
(From: saved spaces)
Exclude Votes
Apply Dic
Exclude Dic

A New Model for Testing IPv6 Fragment Handling. (arXiv:2309.03525v1 [cs.CR])

Click here to flash read.

Since the origins of the Internet, various vulnerabilities exploiting the IP
fragmentation process have plagued IPv4 protocol, many leading to a wide range
of attacks. IPv6 modified the handling of fragmentations and introduced a
specific extension header, not solving the related problems, as proved by
extensive literature. One of the primary sources of problems has been the
overlapping fragments, which result in unexpected or malicious packets when
reassembled. To overcome the problem related to fragmentation, the authors of
RFC 5722 decided that IPv6 hosts MUST silently drop overlapping fragments.


Since then, several studies have proposed methodologies to check if IPv6
hosts accept overlapping fragments and are still vulnerable to related attacks.
However, some of the above methodologies have not been proven complete or need
to be more accurate. In this paper we propose a novel model to check IPv6
fragmentation handling specifically suited for the reassembling strategies of
modern operating systems. Previous models, indeed, considered OS reassembly
policy as byte-based. However, nowadays, reassembly policies are
fragment-based, making previous models inadequate. Our model leverages the
commutative property of the checksum, simplifying the whole assessing process.
Starting with this new model, we were able to better evaluate the RFC-5722 and
RFC-9099 compliance of modern operating systems against fragmentation handling.
Our results suggest that IPv6 fragmentation can still be considered a threat
and that more effort is needed to solve related security issues.

Click here to read this post out
ID: 388626; Unique Viewers: 0
Unique Voters: 0
Total Votes: 0
Votes:
Latest Change: Sept. 10, 2023, 7:31 a.m. Changes:
/u/anonymous
Dictionaries:
Words:
Spaces:
Views: 9
CC:
No creative common's license
Comments: