{"draft":"draft-ietf-6man-predictable-fragment-id-10","doc_id":"RFC7739","title":"Security Implications of Predictable Fragment Identification Values","authors":["F. Gont"],"format":["ASCII","HTML"],"page_count":"20","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IPv6 Maintenance","abstract":"IPv6 specifies the Fragment Header, which is employed for the\r\nfragmentation and reassembly mechanisms.  The Fragment Header\r\ncontains an \"Identification\" field that, together with the IPv6\r\nSource Address and the IPv6 Destination Address of a packet,\r\nidentifies fragments that correspond to the same original datagram,\r\nsuch that they can be reassembled together by the receiving host.\r\nThe only requirement for setting the Identification field is that the\r\ncorresponding value must be different than that employed for any\r\nother fragmented datagram sent recently with the same Source Address\r\nand Destination Address.  Some implementations use a simple global\r\ncounter for setting the Identification field, thus leading to\r\npredictable Identification values.  This document analyzes the\r\nsecurity implications of predictable Identification values, and\r\nprovides implementation guidance for setting the Identification field\r\nof the Fragment Header, such that the aforementioned security\r\nimplications are mitigated.","pub_date":"February 2016","keywords":["attack","vulnerability","Denial of Service","protocol identifiers"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7739","errata_url":null}