Last week, RFC 8021, entitled "Generation of IPv6 Atomic Fragments Considered Harmful" was published. Essentially, this RFC suggests that the infamous IPv6 atomic fragments are a bad idea and should…
One thing that I enjoy a lot is capturing network traffic to subsequently try to figure out whether the captured traffic makes any sense -- you learn a lot that…
The IETF has published a new RFC by Fernando Gont: RFC7739.This RFC analyzes the security and privacy implications of predictable Fragment Identification (ID) values, and proposes a number of algorithms…
Fernando Gont will be teaching our renowned "Hacking IPv6 Networks v3.0" training course in Germany!Date: May 31 - June 2, 2016Place: Stuttgart, GermanyLearning Objectives:This course will provide the attendee with…
We have just published IETF RFC 7610, entitled "DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers". The abstract of the RFC is:This document specifies a mechanism for protecting hosts connected toa switched…
IntroductionMore than ten years ago, Ptacek and Newsham published a seminal paper on network instrusion evasion, entitled "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection", in which they…
IPv6 hosts typically configure their IPv6 addresses by means of a mechanism known as StateLess Address AutoConfiguration (SLAAC). In SLAAC, a local router announces an IPv6 prefix to be used…
Introduction IPv6 Router Advertisement Guard (RA-Guard) is a mitigation technique for attack vectors based on ICMPv6 Router Advertisement messages. RFC6104 describes the problem statement of “Rogue IPv6 Router Advertisements”, and RFC6105…