<gandalf@digital.net> writes: > While this discussion pertains to IPv4, IPv6 also allows fragmentation and I > suspect IPv6 will also be affected by this attack. IPv6 does not have en-route fragmentation and, therefore, has no reassembly. IPv6 is not affected. Interesting attack. Various standards require behaviors that lead to unlimited memory usage. For example, my netkill attack shows how to cause a TCP stack to use all memory that is available to it. The Rose attack doesn't even use TCP to achieve a similar effect. A mitigating strategy would be to give the IPv4 reassembly code a certain amount of memory and, when that memory is filled, drop random packets that are being reassembled. The data structures used to hold fragments must allow to only hold those parts that have already arrived. This would still allow attacks on the reassembly facility itself (an attacker could keep the reassembly memory full and cause the majority of legitimate fragmented packets to be dropped by the receiver), but at least other parts of the stack and the OS would not suffer. -- Stanislav Shalunov http://www.internet2.edu/~shalunov/
