While writing the recent draft on NAT-PT deprecation, I had occasion to review RFC1838 and RFC3128 which relate to security threats with fragmented IPv4 packets. One of the problems was that the IPv4 specification allowed for fragments to overlap. It appears that the general assumption is that IPv6 stacks would not allow fragments to overlap but looking at RFC2460 the reconstruction algorithm specification does not forbid overlaps. If RFC2460 gets revved this point should be included.
Regards,
Elwyn
----------------------------------------------------------------------------------
Elwyn B Davies
Routing and Addressing Strategy Prime & IPv6 Core Team Leader
CTO Office, Portfolio Integration Solutions Ready
Nortel Networks plc Email: elwynd@nortelnetworks.com
Harlow Laboratories ESN 6-742-5498
London Road, Harlow, Direct Line +44-1279-405498
Essex, CM17 9NA, UK Fax +44-1279-402047
Registered Office: Maidenhead Office Park, Westacott Way,
Company No. 3937799 Maidenhead, Berkshire, SSL6 3QH
----------------------------------------------------------------------------
This message may contain information proprietary to Nortel Networks plc so any
unauthorised disclosure, copying or distribution of its contents is strictly prohibited.
----------------------------------------------------------------------------
"The Folly is mostly mine"
and the opinions are mine and not those of my employer. a
==================================================================================