OpenBSD Journal

SI6 Networks: OpenBSD Well Ahead Of The Pack In IPv6 Fragment Handling Sanity (and RFC compliance)

Contributed by pitrh on from the they weren't supposed to exist dept.

In a blog post titled IPv6 NIDS evasion and improvements in IPv6 fragmentation/reassembly, security consultants SI6 Networks report on some experiments they conducted recently in order to test IPv6 fragment handling in various general-purpose operating systems.

While the authors did not say so in so many words, the conclusion is that OpenBSD is ahead of the pack in both RFC compliance as well as sane and secure handling of IPv6 fragments.

Read the full article over at the SI6 site: IPv6 NIDS evasion and improvements in IPv6 fragmentation/reassembly

(Comments are closed)


Comments
  1. By Alfredo Ortega (aortega) ortegaalfredo@gmail.com on

    I believe this has to be Fernando Gont's work.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]