RFC7739: Security Implications of Predictable Fragment Identification Values

The IETF has published a new RFC by Fernando Gont: RFC7739.This RFC analyzes the security and privacy implications of predictable Fragment Identification (ID) values, and proposes a number of algorithms…

Continue Reading RFC7739: Security Implications of Predictable Fragment Identification Values

IPv6 NIDS evasion and improvements in IPv6 fragmentation/reassembly

IntroductionMore than ten years ago, Ptacek and Newsham published a seminal paper on network instrusion evasion, entitled "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection", in which they…

Continue Reading IPv6 NIDS evasion and improvements in IPv6 fragmentation/reassembly